I had installed and configured a trial of a web analytics package for my day job and had the server put through the wringer. Among the issues found was a redirect buried deep in the code to cornify.com, “…the #1 unicorn and rainbow service worldwide, spreading sparkly happiness around the world.” I added it to my list of concerns for the products developers and shipped it to them. They responded that the cornify link was an “Easter Egg” put there by one of the coders and wasn’t a security concern.
My immediate thought was this: What if cornify becomes something else? What if it stops being the #1 unicorn and rainbow service worldwide? What if someone buys the name, or hijacks it, and it instead leads to an unsavory site? How will you explain to your paying customers that you’re rushing out an update to the web app they’ve paid you handsomely for, and that their administrators need to burn their time updating it ASAP, because a redirect you added on a whim now points to something lawsuit inducing? Less dramatically, and more likely, why would you want to deal with that inevitable customer who gave you thousands of dollars for your product and doesn’t have a sense of humor? The one who thinks it’s completely unprofessional and a poor reflection on them that your product did what you think is a lighthearted redirect? Is being clever (and let’s be fair – it’s not all that clever) worth that risk?
And that’s when I realized I’d stopped being the Young IT Guy and I’d become the Old IT Guy.