[V]andemar.org

The encrypted hard drive project I was working on last quarter for my ECE 347 class is continuing into this quarter, as the other group member and I ran into some last minute issues with the hard drive (turned out to be a loose SATA cable) which prevented us from finishing the code. We were running into a huge number of bugs with my groupmate’s code, and when the hard drive disappeared from the system we called it a night. The other group member, who shall remain nameless, left Northwestern this quarter (no, it wasn’t Kurt ;)), and so I’m continuing the project on my own. As such, it was necessary for me to start modifying his portion of the code written for the project.

It is far and away the worse code I have ever seen. Every couple of lines, I find what seems to be a snippet of code specifically designed to win the “daily wtf of the year award.” After reading through the first page or two of some of his code, I decided to rewrite everything from scratch. I’m usually the type to try to keep as much code as possible, so I’m valiantly trying to incorporate as much of his code as possible, but there’s not anything salvageable in this mess.

The guy who wrote the code I’m rewriting was an interesting fellow. He certainly seemed bright. My suspicion that he wasn’t the sharpest knife in the drawer began after I pointed him towards a couple of papers to read for a (unrelated to the hard drive encryption project) mixed-mode placement algorithm we were working on. After a couple of days, he approached me and said he had spent “hours reading them” and that he knew enough to be comfortable starting to develop an algorithm. At this point, I was very impressed. I had read the papers quite a few times, and still didn’t quite know which methods I wanted to incorporate into our algorithm. I started into a technical discussion of my initial ideas, and he seemed to listen to and understand what I was saying. I was hoping that he would be able to provide some feedback on my ideas, indicate any obvious errors I was making, and maybe put forward some of his ideas. No such luck. His responses to my questions for feedback were limited to “That sounds good…”, “Should be fine…”, and “Yeah, just do that…” No problem, I thought, he’s just a bit timid, and doesn’t want to completely smash my silly ideas. I decided to get him to be a little more forthcoming by asking him to give me a quick rundown of what impressions he got from the different papers.

Utter. Disaster.

Although he had “read the papers for hours”, not only did he not understand the content of the papers, he did not understand the mixed-mode placement problem itself. As we had been working on this project for weeks, I was more than slightly dismayed. How could he have felt okay working on the project without understanding the problem we were trying to solve? Eventually, I ended up sitting down with him and developing an algorithm (a quite decent one too, I might add). At each step, I explained what I was doing, and asked for any feedback, criticism, or other ideas. All I got was blank stares. I did the writeup on the final algorithm, and sent it to him with an explanation of areas I’d like expanded on, in a last ditch effort to get him to contribute something. He replaced a few instances of the phrase “high quality solution” with “rather good answer”, added a diagram (an incorrect one), and sent it in. Although he sent in what was essentially a partially incorrect version of my first draft (without consulting me), we received an A on the project, which was a pleasant surprise. Despite the good grade, his complete lack of participation (in fact, his harmful participation) caused me to worry about his performance on his part of the encrypted hard drive project, with good reason as it turned out.

I wish I could post all of the code from the project here, but it would be an absolute chore to read. He seems to have an uncanny knack for introducing complexity where an obvious, concise solution exists. One of the simpler examples (there are much, much worse examples, but they are far too long to post here) of this is in his function to check whether the usb key is inserted or not.

He wrote the following:
checkusbkeyin = "sh usbtest.sh"
line1 = int(0)
while line1 != int(1):
# wait one second before trying again
# don't even think of taking this out to gain speed; benchmarking it without makes it up to 1 second faster but adds constant requests
time.sleep(1)
if line1 != int(1):
# Puts "1" in the file /mnt/usbkeyin if usbkey inserted and "0" if not
os.system(checkusbkeyin)
f = open("/mnt/usbkeyin")
line1 = int(f.readline())
f.close()


Which calls this shell script to generate the file queried by the python script:
if ! mount /mnt/usbdisk 2>/dev/null; then
echo "0" > /mnt/usbkeyin
else
echo "1" > /mnt/usbkeyin
fi


Here was my replacement:
mountkey = "mount /mnt/usbdisk"
# Now wait for key insertion
keyin = False
while keyin != True:
# Check for key
if os.system(mountkey) == 0:
keyin = True
# Don't want constant mount requests
time.sleep(0.1)


One of the first frightening sections I came across was his “unique” method of generating text output. Using Python like this should be a criminal offense. This guy really, really likes copy and paste coding:

Pregenerated output (Why? Who knows? There were 30 lines of this):
password00char = "/bin/lcd 2 ''"
password01char = "/bin/lcd 2 '*'"
password02char = "/bin/lcd 2 '**'"
password03char = "/bin/lcd 2 '***'"
password04char = "/bin/lcd 2 '****'"
password05char = "/bin/lcd 2 '*****'"
password06char = "/bin/lcd 2 '******'"
...continues...


The actual display output:
# do the star display
dispstar = keycounter % 15
if dispstar == 0 and keycounter > 0:
os.system(cpassword01char)
elif dispstar == 0:
os.system(password00char)
elif dispstar == 1 and keycounter > 1:
os.system(cpassword02char)
elif dispstar == 1:
os.system(password01char)
elif dispstar == 2 and keycounter > 2:
os.system(cpassword03char)
elif dispstar == 2:
os.system(password02char)
elif dispstar == 3 and keycounter > 3:
os.system(cpassword04char)
elif dispstar == 3:
os.system(password03char)
elif dispstar == 4 and keycounter > 4:
os.system(cpassword05char)
elif dispstar == 4:
os.system(password04char)
elif dispstar == 5 and keycounter > 5:
os.system(cpassword06char)
elif dispstar == 5:
os.system(password05char)
elif dispstar == 6 and keycounter > 6:
os.system(cpassword07char)
elif dispstar == 6:
...continues...


His ability to mangle code extends beyond Python however. I checked some of the C code he wrote, and was appalled at some of the errors I found. Again, there are far too many to post here, but here’s a very simple example:
char tty[9];
strcpy(tty, "/dev/ttyS0");

I can only assume he doesn’t understand C’s null termination of strings, and also doesn’t understand that, while arrays do start from 0, allocating an array of size 9 does exactly that, ie: indices 0 through 8 in the array are valid. He’s putting 11 characters into an array which can fit 9. Nearly every line of his code has bugs like this. I’m petrified that I’ll see his name as a contributor for an open source project.

In addition to this, the actual authentication method he used for the usb key doesn’t actually check the the usb key at all. Since he decided to store the keyfile on the hard drive itself, you can insert any old usb key and it will work just fine. His menu code is structured such that the smallest bug in any subsystem of the entire device will cause a complete meltdown. In fact, when we were about to present the rather nifty menu system we managed to complete to our professor when he insisted on making “a few quick changes.” I advised him to not touch anything, but he went ahead and “fixed up” some of the code. By the time our professor showed up, nothing was working. He just shrugged, and told our professor to write him a check for the money he spent in parts (including the $80 for the LCD screen he shorted out, and its replacement which he nearly destroyed before I had a chance to mount it).

He has since ceased responding to email, which could have been a problem, as he set a BIOS password for some reason. Luckily, clearing the CMOS also cleared the password, allowing me access to the BIOS setup. I worked on the new code a bit today, and it’s coming together quite nicely. It’s functional, fast, and a bug in one section won’t cause any problems outside of it’s own little area of functionality. I plan on posting the code, and pictures of the actual encrypted hard drive (taken with my new camera), when it’s completed.

The usual random notes:

• I’m taking a “human computer interaction” course this quarter, which I’m looking forward to. Since it’s likely I’ll be doing some multimedia GUI development, it’ll be good to have some UI design experience.
• I’m also taking a VHDL class, and the professor is great. Should be a lot of fun, and quite useful.
• Suse 10.0 is still running strong, with 61 days of uptime now, and 30638 remote SSH attempts.
• Why the sudden departure from NU, Kurt? Any specific reason for leaving?
• I am now running Wordpress 2.0. Amazingly easy upgrade. Took about 10 minutes.
• The weather here is awful.

~ by Andrew on January 4, 2006.