Slashdot Mirror
Easter Eggs in Web Sites?
cwikla asks: "Back in the .COM days, I worked at eGroups, now owned by a larger Company. During my time I added a couple of easter eggs to the site, which I was reminded of while watching Being John Malkovich this weekend. I checked, and ones sort of still there. If you append malkovich=1 to a message URL it would turn the message into 'malkovich' mode. It sort of still works, but over time I guess the code has been a changin' so it's kind of spotty. Oh, there are others that still are in there, but where's the fun of telling all the secrets? Any other folks done anything equivalent, especially on mainstream sites?"
Most Easter Eggs are things people might stumble upon...but appending words and parameters on to URLs isn't something I would find. How do you expect anyone except yourself to see these?
At the College of Business site I develop for, we used to use a picture of Yoda to scare the folks who wouldn't let us take their pictures. Seems as though most of them prefer a picture of themselves (no matter how horrible they may think it is) to one of Yoda attached to their bios.
In any case, changing the bio's email tag to "yoda" gives the visitor Yoda's (short) bio. There are a few others, but seeing as how nobody has found any of them yet, we gave up on adding them for our own amusement.
-Gabe
For attempts to compromise the security of the server while you are trying to find Easter eggs.
The last company I was at used all web-based customer management tools. If you searched for something like "I like banannas" it forwarded you to a java based tetris game.
There is no longer anything that can be done with computers that is nontrivial and clearly legal. -- Paul Phillips
I would append a url string like ....cgi?author=who
and the page would parse out my contact info. I would use this for portfolio pieces when demoing new clients. It just proved that you worked on it.
Using a classic bit of social engineering and a photograph donated by a mutual, er, friend, we modified a directors web page at UUNET. If you click on just the right letter, it takes you to a photograph other than the one you would expect. I checked a few minutes ago, and it's still there....
I consider http://apple.slashdot.org/ to be an egg... a lot of people don't know about it.
Funny, all I got was an alert, "This document contains no data."
Here's one you can find on slashdot: If your comment consists entirely of "First Post", you get modded down to -1.
Go on to http://www.ask.com and ask Jeeves if he's gay :-)
This used to result in a funny error message something like:
"Server Error 505 - None of your business".
I'll have something intelligent to add one of these days...
1. Eeggs.com is good site for Easter Eggs in general.
2. You'll find a few web sites with Easter Eggs here.
How to Download YouTube Videos
For "Security" on a friends site he has it redirect to goatse.cx if you try to change strings.
I learned my lesson. I don't try to fuck with his site anymore.
Klingon Google.
:)
Pig Latin Google.
What we need is an xx-askslashdot google.
- A.P.
"Remember when the U.S. had a drug problem, and then we declared a War On Drugs, and now you can't buy drugs anymore?"
I swear my server doesn't have easter eggs, but that doesn't stop some people from trying:
/scripts/..%255c../winnt/system32/cmd.exe?/c +dir HTTP/1.0" /_vti_bin/..%255c../..%255c../..%255c../winnt/sys tem32/cmd.exe?/c+dir HTTP/1.0" /_mem_bin/..%255c../..%255c../..%255c../winnt/sys tem32/cmd.exe?/c+dir HTTP/1.0" /msadc/..%255c../..%255c../..%255c/..%c1%1c../..% c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0"
"GET
"GET
"GET
"GET
"GET
Heh, my favorite was on black-background pages, having a random background image with an embossed super-dark-grey color... so only people in 16bit+ color COULD see it, if the brightness and contrast was high enough.. and once they did see it, it'd still be hard to discern. :)
:(
I remember putting a little easter egg into an undisclosed "mature webcam site" that would bring up the webcam of the NOC... I'm sure that nearly 3 years later it's gone, though... especially considering that the webcam of the NOC has changed IPs.
.... um, i lost you after "0110100001101001".
When I Decided to leave Comcast@Home I put my resume in the template source code as comments.
.. no crank calls .. even for having my phone number out there 'obtainable' as it were.
[Just in case I needed to prove to potential employers that I was what I said I was.]
It was there for about 3 months before someone caught it.
Oddly enough
--Ne auderis delere orbem rigidum meum, non erravi pernicose!
Go here and post your eggs. Hopefully others will follow. ~N
in the URL field. It's sorta like funny. I guess.
(2,3-Benzopyrrole)
I love n00b cam sites. The "egg" is that they don't always turn off directory browsing so you get to see images that they really didn't want you to see.
Not really hacking, but fun to spy around. Something like: http://pinksugar.net/cam/
Which might not having anything that she doesn't already have on the site.
Live web cams
Elmer Fudd Google
H4x0r g00g13
Swedish Chef Google
- A.P.
"Remember when the U.S. had a drug problem, and then we declared a War On Drugs, and now you can't buy drugs anymore?"
A friend of mine who knew our high school's webmaster showed me an easter egg they put in. You go to this page http://www.jefferson.k12.ky.us/Schools/High/Manual /va/VAstinfo.htm and click on the lips of Leonardo Rivera's picture and you get a funny page about dead clowns. I graduated about 4 years ago, so it's been up at least as long as that.
See, that's what the Anonymous Coward thing is for? To prevent people like you from being sued. Tell us about the lawsuit in a slashback, k?
*ahem*
Loooooooooooong time ago, in one of the sites I was working on, if you didn't have Javascript enabled it would just print "Hairy Moose Balls" instead of showing the rest of the site. It was a stupid testing thing, nothing serious. Of course, my boss ended up demoing the site to the client and the client didn't have JS enabled... Surprise!
[o]_O
Every site, or more specifically interesting component I built was egged.
:) Not backdoors mind you, just "Author Control's" :)
:)
.....how many egged sites are out there ?
I did this for 2 reasons, 1 company I worked at, my MGR had a VERY bad habbit of claiming work was his, he would do a search and replace on Our names with his own....schmuck, SO, I would easter egg a cgi into it for "Author and Verion control"
Lol....It basically said it was built by me when and what cool stuff it did.
The second reason was Job Hunting, nothing like bringing up a killer site and being able to PROVE you were the constructor. Worked like a charm every time. Or if I was a company or two down the road from something of note I built, I could prove it was mine.
I started doing this in the early 90's when a lot of applications we were writing were for exclusive distribution and branding by third parties, who were never going to , or expected to give credit, of course they still graced my resumes....ONCE I had a company get contacted, they claimed it was all written in house, and I was lying about having ever worked on the app, NOW I can actually understand this , it was a finacial app and the thought of eggs or backdoors must have been scarry, I got called on it in my secnd interview. I explained why the company lied about my involvment and promplty offered PROOF of my involvment on particuar modules....I got the job.....:)
I still do it to some extent although not as clandestine or ego-centric. I proved myself to those in the area a loooonnng time ago. But its cool that over half the site I put up are still up in their original form and doing well, most are ecommerce site, and their eggs are still there
If code goes under the proper review channels, as it should before release this should never happen, funny thing is you have guys in charge of this stuff like me who then add it
But then again , on a smaller site that then gets gobbled by a 800lb gorilla you may see this, I guess If Ive done it, the author has done it and as many slashdotters Ive seen have done it
Sig went tro...aahemmm.....fishing........
HP Scanjet playing Ode to Joy...
http://www.eeggs.com/items/557.html
From an episode of Farscape (paraphrased):
:)
Chrichton (human): OK now count, one Mississippi, two Mississippi, three Mississippi...
Dargo (big alien with tentacles): One Mippippippi, two Mippippippi, three Mippippippi...
At the ecommerce company I worked for, Zoovy, I wrote the shopping cart system used by a few hundred merchants. I wanted to make a completely innocuous egg since it would be used on stores selling everyting from dildos to bibles. If the merchant turns on international orders (so the state selection in checkout turns into a box instead of a dropdown), and you type in Mippippippi, it corrects it to Mississippi. I know, I know, boring...
Error: PANTS NOT FOUND. Press <F1> to continue.
Check here
My grammer was a nice old lady, leave her out of this!
I'm an American. I love this country and the freedoms that we used to have.
Oh yeah, when Eudora moved to adware mode and went public beta, me and a guy from tech support put in some ads of our own (accessible only to a small range of IPs, though). We had a Russian brides one, some personal lube ads, Gary Coleman, the usual. We used most of them for testing during the private beta, but one we did add was a picture of a former VP who played a large part in causing the ruination of the Eudora group. It wasn't a flattering ad, and predictably it didn't rotate for very long, but it got seen.
Ahh, the memories...
-B
Ash and Hickory, straight-grained and true, make excellent bludgeons, dandy for the cudgeling of vegetarians.
In the software I'm writing (Windows app), we've put in an easter egg that brings up a picture of one of the guy's dog (Yorkshire terrier that he absolutely loves) with an algorithm to animate flames superimposed on the picture, to achieve a burning dog effect.- Return
How did you get there?
Up-Up-Down-Down-Left-Right-Left-Right-B-A
(Up, Down, Left, Right being the arrow keys... No start key, so we had to go with return).
One of the sites that I wrote about 7 years ago included this HTTP header line in every response it sent out:
X-Urban-Legend: There's lots of hidden information in HTTP headers.
As computer programmers, me&my friends did quite weird things as easter eggs.
:P
:)
I used to work at a GPS-software company. When in navigation mode, if you typed "where in the world is carmen sandiego?" (actually only the initials and it worked, witwics?), it showed the precise position of my cubicle in the company's office. It was (believe it or not) quite useful to test the software's precision for many functions... I had to remove it though because we were lacking space the hard way and my code took 230 bytes - with 4k of free RAM, 230 bytes is a lot! No one would've found it as it was quite stealthy and precise enough it wouldn't crash anything... but when in monger for space, well, I have a conscience too
On a mainstream computer game, we were coding something where buildings could be put in place and under certain conditions, they could be destroyed. Then, sept. 11 arrived... We _HAD_ to make a small aircraft that goes on the buildings and make them crash. It is totally sick but anyways. The mod code and picture is on a CDROM copy somewhere, as it was totally kick-banned from the final code, for obvious reasons (even if almost impossible to find).
On the successful ones, I have more than a few hidden credits on my side, I used to comment quite extensively my javascript codes. One thing I found out was that record #0 of many of my databases are never used (sanity check). So I write anything that comes into my mind when creating that record. No one will see it anyways... And it's always selected out from any of my queries.
When creating a easter egg, you must remind yourself of something: it will always be shown somewhere. Don't put yourself in trouble, write "cutsie" thing, not things that you could be taken accountable for. For example, never put pr0n in a child game, don't put sicko things anywhere, don't kick the company in the groin... or else, someone will find it and then, you're in trouble (especially if CVS system is implemented - they can backtrace!)
Other than that, well, have fun, easter eggs are quite fun to do and discover! And they personalize the code too.
Have a nice day
Mike
Loved the 404 at http://www.sweweb.net/
Try http://www.sweweb.net/garbage.html for instance.
Another cool easter egg, although not web-related: Memepool posted this a while back. Someone discovered a "face" painted into the spectral view of one of the musical tracks on Aphex Twin's Windowlicker CD.
How typical of a guy to be unable to find it. ;)
-Sara
When your BSD-related story gets submitted and approved, "BSD is dying" posts suddenly appear.
Moral: don't jack with others' resources.
Click here or here.
Append "?=PHPE9568F36-D428-11d2-A769-00AA001ACF42" to the end of any php page running PHP$ gives a goofy picture of one of the PHP developers.
"God fights on the side with the best artillery." - Napoleon, Marshal of France - speaking truth to power
You think THAT'S funny? Heh, try a whois on yahoo.com .....
.com, .net, and .org domains can now be registeredwith many different competing registrars. Go to http://www.internic.net
IP Address: 66.51.126.66
me@comp1:~$ whois yahoo.com
Whois Server Version 1.3
Domain names in the
for detailed information.
Server Name: YAHOO.COM.SG
Registrar: DOTSTER, INC.
Whois Server: whois.dotster.com
Referral URL: http://www.dotster.com/help/whois
Server Name: YAHOO.COM.IS.NOT.CANADIAN.ORG
IP Address: 216.99.144.116
Registrar: TUCOWS, INC.
Whois Server: whois.opensrs.net
Referral URL: http://www.opensrs.org
Server Name: YAHOO.COM.BR
Registrar: ENOM, INC.
Whois Server: whois.enom.com
Referral URL: http://www.enom.com
Server Name: YAHOO.COM.AINT.NOTHIN.COMPARED.TO.SAFESEARCH.COM
Registrar: TUCOWS, INC.
Whois Server: whois.opensrs.net
Referral URL: http://www.opensrs.org
Now lets see Mikeysoft's whois.... Now this one is FUNNY.
IP Address: 202.182.69.39
X YTECH.NET
O M
O N.COM
H IT.NET
. EXEGETE.NET
Server Name: MICROSOFT.COM.WILL.CRASH.IN.6MN.ORG
IP Address: 62.4.22.195
Registrar: GANDI
Whois Server: whois.gandi.net
Referral URL: http://www.gandi.net
Server Name: MICROSOFT.COM.WILL.BE.BEATEN.WITH.MY.SPANNER.NET
Registrar: TUCOWS, INC.
Whois Server: whois.opensrs.net
Referral URL: http://www.opensrs.org
Server Name: MICROSOFT.COM.TONY.HAS.SEXUAL.IN.ADEQUACY.ORG
IP Address: 216.254.38.242
Registrar: MELBOURNE IT, LTD. D/B/A INTERNET NAMES WORLDWIDE
Whois Server: whois.melbourneit.com
Referral URL: http://www.melbourneit.com
Server Name: MICROSOFT.COM.SUX.BUT.PYROFREAK.ORG.RULEZ.AND.DIO
IP Address: 207.236.217.177
Registrar: GANDI
Whois Server: whois.gandi.net
Referral URL: http://www.gandi.net
Server Name: MICROSOFT.COM.SHOULD.GIVE.UP.BECAUSE.LINUXISGOD.C
IP Address: 65.160.248.13
Registrar: G.K. GROUP, L.L.C.
Whois Server: whois.gkg.net
Referral URL: http://www.gkg.net
Server Name: MICROSOFT.COM.RAWKZ.MUH.WERLD.MENTALFLOSS.CA
Registrar: TUCOWS, INC.
Whois Server: whois.opensrs.net
Referral URL: http://www.opensrs.org
Server Name: MICROSOFT.COM.OWNED.BY.MAT.HACKSWARE.COM
IP Address: 211.63.57.1
Registrar: TUCOWS, INC.
Whois Server: whois.opensrs.net
Referral URL: http://www.opensrs.org
Server Name: MICROSOFT.COM.MUST.STOP.TAKEDRUGS.ORG
IP Address: 12.5.4.8
Registrar: REGISTER.COM, INC.
Whois Server: whois.register.com
Referral URL: http://www.register.com
Server Name: MICROSOFT.COM.IS.SOON.GOING.TO.THE.DEATHCORPORATI
IP Address: 62.92.244.245
Registrar: G.K. GROUP, L.L.C.
Whois Server: whois.gkg.net
Referral URL: http://www.gkg.net
Server Name: MICROSOFT.COM.IS.NOT.SEXYCOOL.ORG
IP Address: 62.4.18.24
Registrar: GANDI
Whois Server: whois.gandi.net
Referral URL: http://www.gandi.net
Server Name: MICROSOFT.COM.IS.A.STEAMING.HEAP.OF.FUCKING-BULLS
IP Address: 63.99.165.11
Registrar: THE NAME IT CORPORATION DBA AITDOMAINS.COM
Whois Server: whois.aitdomains.com
Referral URL: http://www.aitdomains.com
Server Name: MICROSOFT.COM.HAS.ITS.OWN.CRACKLAB.COM
IP Address: 209.26.95.44
Registrar: DOTSTER, INC.
Whois Server: whois.dotster.com
Referral URL: http://www.dotster.com/help/whois
Server Name: MICROSOFT.COM.HACKED.BY.HACKSWARE.COM
IP Address: 211.63.57.62
Registrar: TUCOWS, INC.
Whois Server: whois.opensrs.net
Referral URL: http://www.opensrs.org
Server Name: MICROSOFT.COM.FILLS.ME.WITH.BELLIGERENCE.NET
IP Address: 130.58.82.232
Registrar: CRONON AG BERLIN, NIEDERLASSUNG REGENSBURG
Whois Server: whois.tmagnic.net
Referral URL: http://nsi-robo.tmag.de
Server Name: MICROSOFT.COM.EMPLOYEES.CANT.GET.SHAGZ.ORG
IP Address: 198.142.141.98
Registrar: TUCOWS, INC.
Whois Server: whois.opensrs.net
Referral URL: http://www.opensrs.org
Server Name: MICROSOFT.COM.AND.MINDSUCK.BOTH.SUCK.HUGE.ONES.AT
IP Address: 63.241.136.53
Registrar: DOTSTER, INC.
Whois Server: whois.dotster.com
Referral URL: http://www.dotster.com/help/whois
Server Name: MICROSOFT.COM.AINT.WORTH.SHIT.KLUGE.ORG
IP Address: 216.181.127.195
Registrar: THE NAME IT CORPORATION DBA AITDOMAINS.COM
Whois Server: whois.aitdomains.com
Referral URL: http://www.aitdomains.com
Miko O'Sullivan
If you are running Mozilla 1.0 on a non-UNIX platform, click and drag the bookmarks button onto the browser window below. You'll be taken to my Mozilla Easter Egg Page. It gets approximately 200-300 hits per day.
I've helped create a number of easter eggs in the past, but these days, I've had a serious change in thinking about them.
This may sound extreme, but if a coder added an easter egg to a project that I was running, they would get in serious trouble, maybe even fired. Now, before you think that is just being too serious or flame-bait, here's my reasoning:
Simply put, easter eggs are for the developers, not for the customers, and they don't belong in commericial software developement. The risk almost always outweighs the benefits, especially in a project like a public site! That is incredibly dangerous.
One of the biggest problems with easter eggs is they almost always bypass the QA process. Think about that for a minute. The developers are writing code that hasn't been tested, and the QA department doesn't even know it exists! Granted, this isn't always true, but most of the time, it is. Bad, bad. Like potentially company-ruining-bad if the dev uses some bad judgement (gee, that never happens, late at night, at the end of a project, does it?).
The best course of action is that the devs know ahead of time that easter eggs are not tolerated unless they are totally above-board in the development cycle. Save your humorous inside jokes for internal little apps you give to your mates, and you and your company will be a lot better off. They're usually inside jokes, anyways, so putting them in a public software project is just a totally unecessary risk, IMO. A few yuk-yuks is not worth your company or your project being compromised by bad code or a PR hit from an embarassing easter egg.
Theres a post about people putting easter eggs in thier code, so they can have proof they did the work. If a company lies about you not doing the work, thats slander. Offering a "Credits List" makes them 100% responsible for keeping it accurate, even if people leave the company.
Nobody can give you freedom. Nobody can give you equality or justice or anything. If you're a man, you take it. - Malcolm X, Malcolm X Speaks, 1965
My favorite by far is if you ask the alice bot on the webpage for the movie AI "What is microsoft" It replys: "Microsoft is a giant software monopoly."
If you ask what is linux it replys: "Linux is the worlds best operating system"
Heh I love pranks like that.
:P) I downloaded a CNN Health page and wrote up a fictional health warning about the 'Microwave Virus'. Heh It was a silly idea: A virus floats around people's machines and increases the power of UV guns in your monitor by 400%. Eventually it burns out some of the shielding and exposes people to radiation. Common symptoms included drowsiness, irritability, and other stuff you typically feel at work.
:)
My company asked me to put a demo of our technology up on our website. So I created a blank web page with a windows error message in the center that read: "The radiation shielding on your monitor has failed, please do not sit directly in front of your computer."
Then, I did something really sneaky: Using FrontPage (there really is a use for it
I renamed my computer on the network to 'www.cnn-news.com' and set up MS's Personal Web server on my computer to host that fake web page I created. Except for the domain, the URL looked exactly like one of CNN's pages. I even corrected all the links to go to other areas of CNN's site. (It seems like a lot of trouble, but like I said, FrontPage made it real easy.) Of course, I sent out a 'virus advisory'.... Anybody on our network was able to visit 'www.cnn-news.com' (with the address stuff at the end) to hit that page.
So what happened was first a few people opened my message about the new demo, and they got the 'Radiation Shielding has Failed' message. They ignored that (they work too hard), then they read my advisory of the 'Microwave Virus' and put the two together.
When I got to work, several of the women in the office were standing around asking each other if they should go to their doctor. The System Administrator about died laughing when I let him on it. (He had to put up with strange questions about radiation shielding all morning. Heh.)
Not sure if that quite qualifies as an easter egg, but a fun story nonetheless.
Scroll down until you see the characters in the yellow box with the grid. Click "help?" and you will get a popup window outlining some help junk, disregard that.
Click "Listen To These Characters" and it will load a wav file that tells you the characters...
Now go back, and copy the address of that link. It 'll look something like:
https://www.paypal.com/cgi-bin/wv_web/[blah blah blah]/secret.wav
Add a letter into the blahblahblah section, and load that file :-)
I won't spoil your fun.
-braxton
X-Fry: I'm never gonna get used to the thirty-first century. Caffeinated bacon?
X-Powered-By: Slash 2.003000
% lwp-request -m HEAD http://slashdot.org/ | grep '^X-'
X-Bender: Bite my shiny, metal ass!
X-Powered-By: Slash 2.003000
% lwp-request -m HEAD http://slashdot.org/ | grep '^X-'
X-Bender: Like most of life's problems, this one can be solved with bending.
X-Powered-By: Slash 2.003000
% lwp-request -m HEAD http://slashdot.org/ | grep '^X-'
X-Bender: There's nothing wrong with murder, just as long as you let Bender whet his beak.
X-Powered-By: Slash 2.003000
% lwp-request -m HEAD http://slashdot.org/ | grep '^X-'
X-Fry: No, no, I was just picking my nose.
X-Powered-By: Slash 2.003000
Is this a Slashdot specific hack, or does the publically available version of it do the same thing?
DO NOT LEAVE IT IS NOT REAL
One of my personal favorties:
During April 1st of each year, php pages containing phpinfo(); (web server configuration dump) show a different picture for the PHP logo than the normal one.
The first time I saw it, I thought someone had haX0red my web server!
This is not a dream, not a dream...we are transmitting from the year 1-9-9-9.
For a company on its way out, this is still amusing....
Not quite the same, but my resume has an easter egg in it. At the top of the resume, separating my name and job title from the main body of the document, is a small line of ones and zeros (4pt font) with border lines above and below. It looks like a simple, decorative border to separate the title from the rest of the page. It is, but it also contains a "secret message" using "binary encryption".
Most people don't even notice that it is there.
If you Ask Jeeves,
"what is the air-speed velocity of an unladen swallow?"
then he will ask you the proper question in response, and you can click on it to see where the hell this quote comes from.
My home page allows the user to choose among several different themes, many of which look like windows on a desktop in a variety of operating systems. Your default theme when you first visit the site is chosen based on your browser and operating system. If you use a 4.0 or better browser, it chooses one of the more complex themes based on your OS; if you run Netscape 3 (which doesn't support background graphics in table cells) you get the Plain theme, and if it doesn't recognize your browser, you get the Simple theme which renders nicely in Lynx.
Robots and spiders, such as those who might be trolling for e-mail addresses, aren't recognized and therefore get the Simple theme. At the bottom of the main home page, only shown in the Simple theme, in very fine print, appears a message that is tailored for your particular IP address:
Home page in simple theme
$x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
$x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
It says: "Enter username for NSA_MaxSecZone at warez.slashdot.org"
Please, what it the password, quick, before they find me in here.. I realy shouldn't be using the production servers to read /.
echo '[q]sa[ln0=aln80~Psnlbx]16isb572CCB9AE9DB03273snlbxq' |dc
Awesome prank. Remember that "Bill Gates will send you $1000 if you forward this..." email that was sent around extensively a few years ago? My friend sent it to me and everyone he knew one day, because he claimed "It was worth his time just in case it was true."
I modified my header information and sent him a nice form letter thanking him for participating in Microsoft's email tracking software beta and told him to send a self addressed stamped envelope to Microsoft so he could get his $1000 check. I gave him an address and a confirmation number, too. I didn't tell him about it for 2 years and finally one day he brought the subject up. The sucker had sent the self addressed stamped envelope and Microsoft just sent it back to him. He said he figured "it was worth the 66 cents in case it was true". haha.
OddManIn: A Game of guns and game theory.
(without the leading slash, your link was going to the wrong place on our static .shtml page... we've gotten a ton of 404s in our error log :)
Oh, and don't forget the other easter egg, /comments.pl?op=user_created_index