I worked on a code base which touched a bunch of Secret Sauce stuff but was somehow also open-sourced. One day, a patch went out to the public side which had a bunch of internal codenames and other stuff you normally wouldn't share with the outside world. So, the people working on the project went into SVN and manually chopped it out.
I started wondering what else might have been in there and went grepping for things which resembled our fairly distinctive host naming scheme. A simple regex did the trick, and while I didn't find any evidence of "prod secrets" leaking into the world, I did find something very strange in the argv parser which happened to match.
There was a comparison of argv to a string which looked like base64 to me. I decoded it and it turned out to be "--WHAT" (I think, it's been a few years). Actually running "the_tool --WHAT" made it print an enormous ASCII pimp on the screen with some kind of saying underneath. The pimp itself was also base64-encoded, I think, but it was just one giant line in the source, so it didn't stand out too much. If you didn't notice the horizontal scroll bar you might not have ever seen it on a typical 80x25 display.
It was something like this:
if (argv == "BaSe64StRiNg==") ... (long line to decode and display it here )
... only imagine it going on for hundreds of characters on that same line.
This had been added to the depot a year or two before (long before I was on the project) and had lurked there the whole time. I don't think anyone else had any idea it was there, especially when the instigators moved on to something else.
There's something to be said for reviewing existing code once in a while.
That is some ingenuity in sneaking the easter egg in, under the watchful eyes of so many others. I always thought, easter eggs were a mutually agreed upon things with a company and never occurred to me that they may involve having to go great lengths.
Now I can't help but wonder, how many of the recipes on the site have easters inside them.
> Note: This was at a time when we didn’t have version controls like git and people didn’t commit for every small feature. Change list sometimes varied between 10 lines to 25 files during a refactor.
Does this mean you weren't using version control at all or you weren't using a distributed version control system? The former would surprise me since CVS, SVN, and similar tools have been around for years and are a lot easier than emailing patches back and forth.
The way this code looks, it opened up a backdoor into the app to load any code embedded in the image, and execute it with the app's credentials - including access to app's in memory data. Major security hole for an enterprise app given that this could be used to override assembly signing. Just change the image, and the app would load and run any code embedded in that background image!
I was sad the day I read that Microsoft effectively banned Easter Eggs.
I mean I understand their reasoning, but still, a sad day indeed when there weren't web-sites where you could type in any software product name and get a list of fun toys.
I like the Doom-like game in Excel (97?). But there were tons of really fun Easter Eggs in Microsoft's kit back in the 90s.
This makes me wonder what the process would be in a large company (Google?) when it comes to introducing changes like this. I'd assume it'd either be agreed upon in company policy, or a lot of really smart engineers just keep trying to outdo each other.
The feeling of seeing your easter egg in the wild more than overcomes this fear ;) My only tip: if possible make sure it's a CLIENT SIDE easter egg. I know someone who pulled server side files as part of the show. The easter egg went semi-viral and topped the company's logs as most requested resource!
My HN reader app failed me. I meant to post this as a reply to another comment.
That is the sequence I found in the code that was embedded in the image file. I don't know in what software it is used.
I started wondering what else might have been in there and went grepping for things which resembled our fairly distinctive host naming scheme. A simple regex did the trick, and while I didn't find any evidence of "prod secrets" leaking into the world, I did find something very strange in the argv parser which happened to match.
There was a comparison of argv to a string which looked like base64 to me. I decoded it and it turned out to be "--WHAT" (I think, it's been a few years). Actually running "the_tool --WHAT" made it print an enormous ASCII pimp on the screen with some kind of saying underneath. The pimp itself was also base64-encoded, I think, but it was just one giant line in the source, so it didn't stand out too much. If you didn't notice the horizontal scroll bar you might not have ever seen it on a typical 80x25 display.
It was something like this:
... only imagine it going on for hundreds of characters on that same line.This had been added to the depot a year or two before (long before I was on the project) and had lurked there the whole time. I don't think anyone else had any idea it was there, especially when the instigators moved on to something else.
There's something to be said for reviewing existing code once in a while.