TE
TechEcho
Home24h TopNewestBestAskShowJobs
GitHubTwitter
Home

TechEcho

A tech news platform built with Next.js, providing global tech news and discussions.

GitHubTwitter

Home

HomeNewestBestAskShowJobs

Resources

HackerNews APIOriginal HackerNewsNext.js

© 2025 TechEcho. All rights reserved.

The Easter Egg Song

87 pointsby Cherianabout 12 years ago

14 comments

rachelbythebayabout 12 years ago
I worked on a code base which touched a bunch of Secret Sauce stuff but was somehow also open-sourced. One day, a patch went out to the public side which had a bunch of internal codenames and other stuff you normally wouldn't share with the outside world. So, the people working on the project went into SVN and manually chopped it out.<p>I started wondering what else might have been in there and went grepping for things which resembled our fairly distinctive host naming scheme. A simple regex did the trick, and while I didn't find any evidence of "prod secrets" leaking into the world, I did find something very strange in the argv parser which happened to match.<p>There was a comparison of argv to a string which looked like base64 to me. I decoded it and it turned out to be "--WHAT" (I think, it's been a few years). Actually running "the_tool --WHAT" made it print an enormous ASCII pimp on the screen with some kind of saying underneath. The pimp itself was also base64-encoded, I think, but it was just one giant line in the source, so it didn't stand out too much. If you didn't notice the horizontal scroll bar you might not have ever seen it on a typical 80x25 display.<p>It was something like this:<p><pre><code> if (argv == "BaSe64StRiNg==") ... (long line to decode and display it here ) </code></pre> ... only imagine it going on for hundreds of characters on that same line.<p>This had been added to the depot a year or two before (long before I was on the project) and had lurked there the whole time. I don't think anyone else had any idea it was there, especially when the instigators moved on to something else.<p>There's something to be said for reviewing existing code once in a while.
kalyan02about 12 years ago
That is some ingenuity in sneaking the easter egg in, under the watchful eyes of so many others. I always thought, easter eggs were a mutually agreed upon things with a company and never occurred to me that they may involve having to go great lengths. Now I can't help but wonder, how many of the recipes on the site have easters inside them.
huhtenbergabout 12 years ago
&#62; <i>20 second music clip file from a popular song</i><p>Rick Astley song, no doubt.
评论 #5423435 未加载
thabout 12 years ago
&#62; Note: This was at a time when we didn’t have version controls like git and people didn’t commit for every small feature. Change list sometimes varied between 10 lines to 25 files during a refactor.<p>Does this mean you weren't using version control at all or you weren't using a distributed version control system? The former would surprise me since CVS, SVN, and similar tools have been around for years and are a lot easier than emailing patches back and forth.
manas2004about 12 years ago
The way this code looks, it opened up a backdoor into the app to load any code embedded in the image, and execute it with the app's credentials - including access to app's in memory data. Major security hole for an enterprise app given that this could be used to override assembly signing. Just change the image, and the app would load and run any code embedded in that background image!
评论 #5423905 未加载
UnoriginalGuyabout 12 years ago
I was sad the day I read that Microsoft effectively banned Easter Eggs.<p>I mean I understand their reasoning, but still, a sad day indeed when there weren't web-sites where you could type in any software product name and get a list of fun toys.<p>I like the Doom-like game in Excel (97?). But there were tons of really fun Easter Eggs in Microsoft's kit back in the 90s.
评论 #5424179 未加载
Vlaixabout 12 years ago
My worry is that even though it's an Easter egg there, it could very well be used to introduce malicious code inside the production code.
egbabout 12 years ago
Not sure what's going on with this page, but Avira Antivirus is reporting DR/FakePic.Gen on there...
评论 #5423247 未加载
评论 #5424063 未加载
Shankabout 12 years ago
This makes me wonder what the process would be in a large company (Google?) when it comes to introducing changes like this. I'd assume it'd either be agreed upon in company policy, or a lot of really smart engineers just keep trying to outdo each other.
manas2004about 12 years ago
Such stuff is a challenge for code reviewers. Reminds me, just to bug my code reviewers, I'd put in things like:<p>// TODO Remove this comment
JoachimSchipperabout 12 years ago
If you liked this, you may also like <a href="http://underhanded.xcott.com/" rel="nofollow">http://underhanded.xcott.com/</a>
jobigoudabout 12 years ago
I would be so afraid of introducing a bug…
评论 #5423339 未加载
prawksabout 12 years ago
This makes me really want to introduce some Easter Eggs into our codebase...
leddtabout 12 years ago
Also, the key code to play the song is: K-E-Y-C-O-D-E-(enter)
评论 #5423944 未加载
评论 #5426707 未加载