Another fun related one: If your username is Tyler and you run shutdown, instead of the usual message it will say "Oh, good morning Mr. Tyler, going down?"
Discovered this in college when I was shoulder surfing a coworker who always used the username Tyler. When he typed shutdown I called it out, and he said, "wait, it doesn't do that for you? I always assumed it said that for everyone and just replaced the username!".
(For those of you too young to know, it's a reference to an Aerosmith song)
Personally I think ubiquitous software is even more important to have Easter eggs, because they're the most widely distributed, and we want as much joy as we could possibly have, before you know.
No, proper easter eggs don't introduce security issues, they're benign almost by definition. I think what made them disappear was the introduction of all the suit-wearing people who decide what the programmers are supposed to program, with no room for autonomous work within that.
Proper code doesn't either, and yet there they are! The point is they added another attack surface, however small, and another code path that should be tested.
When people started to care about 100% test coverage, they started to disappear.
> The point is they added another attack surface, however small, and another code path that should be tested.
I dunno, "attack surface" to me means "facilitate opening/vulnerability somehow" and none of the easter egg code I've seen has done that. You have any concrete examples where a easter egg made possible a security vulnerability that wouldn't be possible otherwise?
But yes, another code path created by easter eggs that wasn't tested I've seen countless of times, but never been an issue, but maybe our easter eggs always been too small in scope for that.
Or they were removed for other reasons than security.
In Star Trek: 25th Anniversary, we had a hidden animation of Captain Kirk's toupee jumping off his head and running out of the room. It was caught before release and they made us take it out since no one wanted to piss off William Shatner.
It should make you wonder instead about the appropriateness of testing over man(1) output, I suppose unless you're actually generating the format for use as man(1) input, in which case congratulations on your functional tests doing their job!
Discovered this in college when I was shoulder surfing a coworker who always used the username Tyler. When he typed shutdown I called it out, and he said, "wait, it doesn't do that for you? I always assumed it said that for everyone and just replaced the username!".
(For those of you too young to know, it's a reference to an Aerosmith song)