E Online has left a Gist url on the top of their site

[graue]

Ha, funny little mystery to solve.

It's added from http://www.nbcudigitaladops.com/hosted/js/eonline_com_header...:

    //Site Pixel HEAD Script For:eonline.com
    //Krux Interchange - Krux KVs Written to AdTag UPDATED:2012-06-01 17:28:25
    document.write(unescape('%3Cscript%3E%28function%28%29%7Bvar%20kvs%20%3D%20window.Krux%20%3F%20window.Krux.dartKeyValues%20%3A%20%27%27%3Bif%28top.__nbcudigitaladops_inject%20%26%26%20top.__nbcudigitaladops_inject.dtprm%29%7Btop.__nbcudigitaladops_inject.dtprm%28kvs%29%3B%7D%7D%29%28%29%3B%3C%2Fscript%3E'));
    //FOR COMCAST: Krux Interchange - Krux Writes to Cookie UPDATED:2012-12-14 15:58:46
    document.write(unescape('https%3A%2F%2Fgist.github.com%2F9cf2d06784a93f1975cb'));
    //Default Pixel - Header (Do Not Delete) UPDATED:2012-02-28 16:35:47
    document.write(unescape('%3Cscript%3E%3C%2Fscript%3E'));

which is, in turn, inserted into the document by http://www.nbcudigitaladops.com/hosted/global_header.js; excerpt:

    ...
    document.write('<scr'+'ipt src="//www.nbcudigitaladops.com/hosted/js/'+site+'_header.js"></scr'+'ipt>');
    ...

It looks like the idea here was to include the raw gist in a <script> tag, but that didn't quite happen. Both the gist and the JS file that inserts it include references to Krux, possibly http://www.krux.com/, a "cloud-based data management platform".

[drstewart]

No possibly about it. The gist owner (https://github.com/dbrans) belongs to the krux organization (https://github.com/krux).

[Shank]

Maybe that's an example of bad email wording or something gone wrong?

"Insert this into the header of your websites" and someone took it too literally?

[lmkg]

That JavaScript looks related to serving or tracking ads. The code makes reference to DART (part of DoubleClick) and Ad Ops, and it's on the same part of the page as all of their other analytics tools (Google Analytics, SiteCatalyst, etc). Comcast is probably not in direct control of the code, and may be in the position that they can't get rid of it without adversely impacting their ad revenue stream.

[kanzure]

What exactly is going on there?

http://wayback.archive.org/web/*/http://www.nbcudigitaladops...

[ghostfish]

This same gist is on the Fandango website as of now. Some kind of library issue maybe? https://www.fandango.com/

[lmkg]

Keep in mind, Fandango and E! are both properties of Comcast. That they would share code isn't so surprising.

[RenierZA]

Screenshot (for after they've removed it):

http://imgur.com/rxIhL

[amitdugar]

It has been more than 2 hours and I can still see it live. Strange that such a large website could overlook this for so long.

[johncarpinelli]

This is why code changes should not be moved to production late on Friday. Staff go home and problems don't get noticed or fixed in a timely fashion.

[fistofjohnwayne]

The offending JS files:

http://www.nbcudigitaladops.com/hosted/js/eonline_com_header...

https://www.nbcudigitaladops.com/hosted/js/fandango_com_head...

Which contain this:

//FOR COMCAST: Krux Interchange - Krux Writes to Cookie UPDATED:2012-12-14 15:58:46

document.write(unescape('https%3A%2F%2Fgist.github.com%2F9cf2d06784a93f1975cb'));

No doubt someone will be working to update it again either tonight or tomorrow.

[kristopher]

The gist in question: https://gist.github.com/9cf2d06784a93f1975cb

[dbrans]

I'm a Krux employee. Just before midnight PST, after friends noticed this post on hacker news, we got to work and resolved the problem.

Thanks a ton for all the eyes out there that helped us find this one. It's great when the community has your back.

Proof one more time of the dangers of making production changes on a Friday afternoon, and that there's no substitute for manual monitoring of a site.

Derek Brans Technology Krux

[Shank]

That's an interesting copy-paste fail. I wonder what their development process is that someone managed to edit the template on production with presumably no testing.

[Moto7451]

As of 12:47 AM PST it looks like they fixed the issue. If their devs are on the East Coast, I feel bad for the poor guy who got that call.