

E Online has left a Gist url on the top of their site - Moto7451
http://www.eonline.com/news/371827/newtown-school-shooting-jack-reacher-u-s-premiere-postponed-out-of-respect-for-victims

======
graue
Ha, funny little mystery to solve.

It's added from
[http://www.nbcudigitaladops.com/hosted/js/eonline_com_header...](http://www.nbcudigitaladops.com/hosted/js/eonline_com_header.js):

    
    
        //Site Pixel HEAD Script For:eonline.com
        //Krux Interchange - Krux KVs Written to AdTag UPDATED:2012-06-01 17:28:25
        document.write(unescape('%3Cscript%3E%28function%28%29%7Bvar%20kvs%20%3D%20window.Krux%20%3F%20window.Krux.dartKeyValues%20%3A%20%27%27%3Bif%28top.__nbcudigitaladops_inject%20%26%26%20top.__nbcudigitaladops_inject.dtprm%29%7Btop.__nbcudigitaladops_inject.dtprm%28kvs%29%3B%7D%7D%29%28%29%3B%3C%2Fscript%3E'));
        //FOR COMCAST: Krux Interchange - Krux Writes to Cookie UPDATED:2012-12-14 15:58:46
        document.write(unescape('https%3A%2F%2Fgist.github.com%2F9cf2d06784a93f1975cb'));
        //Default Pixel - Header (Do Not Delete) UPDATED:2012-02-28 16:35:47
        document.write(unescape('%3Cscript%3E%3C%2Fscript%3E'));
    

which is, in turn, inserted into the document by
<http://www.nbcudigitaladops.com/hosted/global_header.js>; excerpt:

    
    
        ...
        document.write('<scr'+'ipt src="//www.nbcudigitaladops.com/hosted/js/'+site+'_header.js"></scr'+'ipt>');
        ...
    

It looks like the idea here was to include the raw gist in a <script> tag, but
that didn't quite happen. Both the gist and the JS file that inserts it
include references to Krux, possibly <http://www.krux.com/>, a "cloud-based
data management platform".

~~~
drstewart
No possibly about it. The gist owner (<https://github.com/dbrans>) belongs to
the krux organization (<https://github.com/krux>).

------
RenierZA
Screenshot (for after they've removed it):

<http://imgur.com/rxIhL>

~~~
amitdugar
It has been more than 2 hours and I can still see it live. Strange that such a
large website could overlook this for so long.

~~~
johncarpinelli
This is why code changes should not be moved to production late on Friday.
Staff go home and problems don't get noticed or fixed in a timely fashion.

------
ghostfish
This same gist is on the Fandango website as of now. Some kind of library
issue maybe? <https://www.fandango.com/>

~~~
lmkg
Keep in mind, Fandango and E! are both properties of Comcast. That they would
share code isn't so surprising.

------
fistofjohnwayne
The offending JS files:

[http://www.nbcudigitaladops.com/hosted/js/eonline_com_header...](http://www.nbcudigitaladops.com/hosted/js/eonline_com_header.js)

[https://www.nbcudigitaladops.com/hosted/js/fandango_com_head...](https://www.nbcudigitaladops.com/hosted/js/fandango_com_header.js)

Which contain this:

//FOR COMCAST: Krux Interchange - Krux Writes to Cookie UPDATED:2012-12-14
15:58:46

document.write(unescape('https%3A%2F%2Fgist.github.com%2F9cf2d06784a93f1975cb'));

No doubt someone will be working to update it again either tonight or
tomorrow.

------
dbrans
I'm a Krux employee. Just before midnight PST, after friends noticed this post
on hacker news, we got to work and resolved the problem.

Thanks a ton for all the eyes out there that helped us find this one. It's
great when the community has your back.

Proof one more time of the dangers of making production changes on a Friday
afternoon, and that there's no substitute for manual monitoring of a site.

Derek Brans Technology Krux

------
kristopher
The gist in question: <https://gist.github.com/9cf2d06784a93f1975cb>

------
Shank
That's an interesting copy-paste fail. I wonder what their development process
is that someone managed to edit the template on production with presumably no
testing.

------
Moto7451
As of 12:47 AM PST it looks like they fixed the issue. If their devs are on
the East Coast, I feel bad for the poor guy who got that call.

