Caffeinated Coder

What happens when you mix one of the most evil things in music with the evil that is cross-site scripting?

Let’s just say that the potential for shenanigans is endless.

Observe the result of entering the following embed tag into an editable column for one of our internal web apps.

   1: <embed src="http://www.youtube.com/v/XZ5TajZYW6Y&hl=en_US&fs=1&rel=0&autoplay=1" type="application/x-shockwave-flash" width="640" height="385" autoplay="true"></embed>.

Like a huge number of websites, this one directly displays the user-input on the screen without first scrubbing it with something like HttpUtility.HtmlEncode() (.NET world).

Want to partake in the fun?

All you have to do is find an internal website in your development environment that is vulnerable by trying to paste the embed tag into a textbox of some editable grid. If the video displays after saving, then simply send a fellow developer or tester an email asking them to go to the vulnerable page and verify some made-up bug. When they pull it up, they will be rickrolled.

Many thanks to Dan, our new tester, for catching this bug and hatching the evil plot.

Any other suggestions on fun things I can do to my co-workers before this bug gets fixed (without getting me fired)?

Popularity: 1% [?]

Imagine my surprise when I went to answer my phone this morning and it was gone. The phone cord led up to my bookshelf, which was locked.

As you probably already guessed, the prankster stole my key.

It’s a good thing I don’t get many calls (other than this morning from the prankster).

Popularity: 1% [?]

Do you have a meeting coming up that you desperately wish you could get out of?

Try this nifty trick that I picked up from my boss.

1. Find a meeting at least 1 week in the future and click “Propose New Time” (or whatever the non-Outlook equivalent is in your mail client).
2. Make up a believable excuse for pushing the meeting back 15-30 minutes and put it in the proposal comments.
3. Set the date to 15 minutes and 90 years in the future. The 90 years is crucial because 2100 is on the same daily structure as 2010 and shares the same digits, so it is easy for someone to overlook.

As long as it is at least a week into the future, there is a good chance that the person will completely forget about it since it will no longer show up on their calendar to remind them.

If they do catch the date, you can always claim that you fat-fingered the date by accident.

Now go forth and use all that time that you’re going to gain back for the powers of good.

Popularity: 6% [?]

I was just debating whether I should try to sweet talk my wife and bribe my boss into letting me go to the upcoming ALT.NET conference in Houston.

I went to the first one in Austin a couple of years ago and just came across this satirical post that I wrote shortly afterwards. It is based on some creative interpretations of pictures that were taken at the event.

Besides being the most fun I ever had blogging, it also represents the closest thing I have to a legacy in this once vibrant movement.

Check out the post if you missed it the first time around and make sure to reserve the weekend of April 30th – May 2nd if you like or are up for experimenting with the open spaces format.

Popularity: 1% [?]

How does Bing expect to win the hearts and minds of geeks if it can’t even get this one little detail right?

Now observe how google handles this topic.

As you’ve probably guessed, clicking the recursion link in Google displays the exact same screen and it happens in every language.

I wonder how they wrote up the user story for this little easter egg…

As a socially inept geek, I want to recursively click on the word recursion so that I can snicker while procrastinating on this user story.

Kudos to google. Even though you have grown to be just as monstrous of a corporate entity as Microsoft, you’ve obviously still managed to hold on to at least some of your geeky, non-corporate roots.

Also thanks to my co-worker, Marc Shiker, for pointing this gem out to me.

Popularity: 9% [?]

I thought I would ease out of my two month blogging black-out by helping to promote a humorous YouTube gem that I found through Max’s blog.

A while ago I’ve blogged about my admiration for the emerging creative RWness that mediums like YouTube help foster, but adding subtitles to a foreign film as a form of remix humor is particularly brilliant.

I especially appreciated the build humor since I was banging my head against a nasty build failure involving version incompatibilities between MbUnit and NCover when I took a break to watch it.

Enjoy.

Here’s the link if you can’t see the embedded player.

Popularity: 18% [?]

Kansas residents who try to file unemployment claims online after normal business are greeted with the following message.

Is the Kansas Department of Labor blazing new trails when it comes to e-commerce by becoming the first ever 12/5 service on the internets?

Could it be that they forging ahead with a more humane working environment for servers than those infamous 24/7 data center sweatshops?

Some rather short-sighted people that I have shared this information with have taken a more cynical view of the situation.

One friend suggested that perhaps the developers had a nightly mainframe batch processing to contend with and simply weren’t smart enough to figure out a way to save requests in a queue for processing the next day.

Someone else thought that perhaps the developers were a little too literal when they tried to translate the manual processes into working software.

It was even suggested that bureaucrats might have been to blame with a dogmatically simplistic interpretation of regulations governing application timelines.

As for me, I believe it is wrong to view this simply as one of the greatest WTF finds ever.

Instead I see it as some of the most innovative thinking about the web medium since Al Gore first invented the internets.

Startups and VC’s of the world take notice!

I have seen the future and Web 3.0 is 12/5 all the way.

Popularity: 5% [?]

Don’t worry, I’m not going to join the growing ranks of developers with false claims of responsibility for the the Alt.NET pursefight blog (i.e. Bil Simser, Donald Belcham, Derik Whittaker, Sergio Pereira, Tom Openorth, David Woods, and Kyle Baley) .

My confession is way more shocking.

The more astute among you have noticed that D’Arcy Lussier has shown signs of instability and even mental illness lately. Who can forget the now infamous post that featured many Paint.NET atrocities that are now banned in most civilized nations?

The reason for this disturbing behavior is simple.

His entire blog has been an elaborate hoax that I invented while freebasing experimental, synthetically engineered, black-market coffee beans during a mind-numbing HR meeting one day.

Yes, I have been ghost writing the 50 plus posts a day for years under the guise of a batcrap crazy Canadian to keep up this charade. I even went as far as to hire a homeless guy who I found mumbling to himself on a street corner to impersonate this fictitious D’Arcy character of mine at various User Group meetings and conferences to lend credence to my misguided prank.

But no more…

Due to the recent addition to my family, I’ve decided to expose my blogging sins and turn full control of the blog over to the homeless guy, Burt. For those of you who actually do like D’Arcy’s blog, I’m sure that Burt will be able to maintain the quality of the content that you have grown accustomed to in between his frequent drinking binges.

Forgive me dear readers and may God have mercy on my soul for the havoc I have wreaked on the blogosphere with this cruel practical joke.

Popularity: 12% [?]

A friend of mine whose wife is an elementary school teacher just sent this to me.

You just can’t teach that kind of literal thinking in Computer Science programs. Yet another piece of evidence to support the claim that programmers are born, not made.

Popularity: 7% [?]

In my last post I hypothesized what could have caused Scott Bellware to disappear from the blogoshpere so quietly and abruptly.

I admit that I was leaning towards one of the options that involved alien abduction, but then after doing a little detective work I uncovered this little bit of photographic evidence.


Apparently Scott was just playing hard-to-get with Microsoft as a bargaining tactic. Well played, sir!

Popularity: 7% [?]