Mindshare fail



  • A lot of fast food places have been having surveys lately, usually with the offer of prizes. I fill them out because I've got nothing to lose and it doesn't take a long time. However, there is one company around here that will offer a free burger if you fill out the survey.

     I started to fill out the survey, got distracted, and went to reload the page. I saw this page



    I get the session timeout but woah man, technical details! So I decide to investigate. Turns out that the surveys are done by Mindshare. 

    So I hop onto Mindshare(mshare.net). It's a bunch of feel-good stuff that I sort of expect from a survey website. In browsing the site I found :

     * Typing in a url like (mshare.net/wtf) generates a lovely "we're down for maintenance." I guess they assumed that if a page wasn't found, then the server must be down for maintenance

     * After going to the number link at the top right, I checked out the function they used for number generation. Or what I thought they used for that. It's the same function cut and pasted before each number. It's called hivelogic_enkoder and it's some extreme hardcore js because they really don't want the numbers stolen by bots or...something.

     * mshare.net/roles/ pulls up a default index page. This index page has roles-call-centers and roles-call-centers-new, which only differ in some very minor padding.

     *  The roles pages have text that is broken manually, instead of wrapped around the image.

    There's way to many to list here, but the one that really got me was on (http://www.mshare.net/roles/roles-area-managers.html)

    It goes like this :

    <p><span class="h4heading">“How are my locations performing?”</span></p> 
     


  •  I don't think you quite understand the Role of the Mindshare Area Mangers. This site is clearly for feedback on how well you cradle the baby Jesus. Just in time for Christmas!



  • @Loop13 said:

    <p><div><span class="h4heading">“How are my locations performing?”</span></div></p>

    Fixed that for them.

    Also, what the hell?

    [quote user="Loop13"]&lt;<span class="start-tag">p</span>&gt;&lt;<span class="start-tag">span</span><span class="attribute-name"> class</span>=<span class="attribute-value">"h4heading"</span>&gt;“How are my locations performing?”&lt;/<span class="end-tag">span</span>&gt;&lt;/<span class="end-tag">p</span>&gt; [/quote]

    Where did that come from? Firefox' View Source?



  • @Loop13 said:

     * After going to the number link at the top right, I checked out the function they used for number generation. Or what I thought they used for that. It's the same function cut and pasted before each number. It's called hivelogic_enkoder and it's some extreme hardcore js because they really don't want the numbers stolen by bots or...something.

    It's a thing for protecting email addresses against getting scraped by bots.



  •  @DaveK said:

    It's a thing for protecting email addresses against getting scraped by bots.

    I'm used to seeing just a simple javascript plus or a rot13 type of hiding addresses. Anyway, I did some more looking and found some other funnies.

     * http://www.mshare.net/css/style-execteam.css which is full of rules like :

    .rich-hanks-sm{
    display: block;
    }
    .kurt-williams-sm{
    display: block;
    }
    * http://www.mshare.net/css/ shows the contents of the css directory, because directory access is not forbidden. Whomever designed this page left the dreamweaver sync xml inside
     a _notes folder. Then there's the fact that there's non-css inside of a css directory.
    * That same directory also has a CVS subdirectory, which is absent from /roles/. 
    I'm guessing that the site might be updated soon. A lot of things on the home page have the suffix '-2009' on them, and looking around shows nothing from 2008 or earlier.
     


  • @Loop13 said:

    I get the session timeout but woah man, technical details!

    I'm not sure whether to be happy because people are being forced to learn about technology, or depressed because this means a new wave of people who think they're experts because (they think) they know what a session is. Sadly I'm leaning toward the latter.

     

    Did anyone ever actually register 1-800-NOT-1337? We're going to need it now.



  • @scgtrp said:

    I'm not sure whether to be happy because people are being forced to learn about technology, or depressed because this means a new wave of people who think they're experts because (they think) they know what a session is.

     

    How about: Neither, 98% of fast-food junkies who see that message will read the first 3 words and go "boring, I'm not going through all this crap just for some stupid survey", and close it.

    I hate session abuse.  20 minutes made sense in 1992, maybe.  The only sites that should still have those kinds of timeouts are security-sensitive ones like banks that could actually be harmful to leave open at a public terminal.  What are these people worried about, that somebody might hijack another person's survey?  Scary!

    The worst are intranet sites that have maybe 50 users who always log in from the same machine.  You don't need timeouts at all for that.


Log in to reply