On 08/04/07, Oron Peled <[EMAIL PROTECTED]> wrote:
Eastern Eggs -- do you know any big proprietary application without ones? Care to explain how these filter into the code in a "tightly controlled" environment? Don't make us laugh. Geoff, maybe development process was tightly controlled in 60's but it surely ain't even close to this now. In the crazy race for "time-to-market" almost no one care about real bugs (as long as they are not show stoppers). For most managers security related bugs look even more vague and hypothetical problem that only paranoids are worried about unless it is already on CNN.
I must share with you another story - just last week I talked to a guy who programmed the real-time code in SHDSL cards many years ago. They had very tight CPU and memory constraints but they HAD to put in some easter egg. One of the requirements or limitations in the corporate he worked for (a very large and well known corporate) was that it won't download porn so they embedded ascii porn on the card (since it's embedded it's not "downloaded"). If you get into the debug interface and type "69" in some command there you'll get screen fulls of ascii porn. The card is sold and installed by the thousands every day today but nobody found about this egg so far (and the guy who wrote it says that there is no chance of it being found since it can only be accessed through the debug interface and the ascii images are encrypted so a simple memory hex dump won't reveal anything obvious about them). BTW - this guy got around to talk to a support engineer who supports this card after a few years and the engineer told him there are still zero bugs filed against this product (as a developer, I consider this to be the ultimate measure that a programmer knows what he's doing). Talk about proprietary software.... --Amos
