FBA Saw was probably an offshoot of BFG. (pun intended...)

f**k sears. don't mess with reddit.

at the place i work at, we maintain a website that does something sorta like this i guess. whenever we get web based error messages, we can alter the URL and get any error messages we want. pretty hilarious because it looks legitimate. In fact, i had some people thinking that purple monkeys had taken over the web servers.

So, does that mean it won't grill babies? Because if so, I'm shopping elsewhere.

Developers that don't cut corners (web or otherwise) are few and far between.

@secret_curse: You'd be better off getting a smoker. Babies cooked over propane just don't have the flavor or tenderness of a good baby barbecue.

@Hanshiro:
Oh Emm Eff Gee.
That is probably one of the greatest pictures I have seen EVER.
Even cooler that it's not photoshopped.

The seventh-grader in me is giggling like an idiot. Unfortunately, the grown-up me on the outside is joining in.

Wow reddit is on fire today. That was a huge mistake by SEARS as it may have just gone by unnoticed. Now its sure to make cnn and other news networks.

@sqlrob:
I disagree with that, unless we're talking about overworked, underpaid, massively disgruntled developers. Then yeah. ^^

I've worked with several that were quite proud of doing a good job of things and didn't cut corners, they even pointed out missed scenarios.

Granted.. we're all overworked, massively disgruntled and underpaid right now >.>

@secret_curse: Nope...This one was in the sub-category of "Body Part Roaster". A little more suited for a nice hot pair of legs.

@cash_da_pibble: The grown-up me is joining in on your laughter as well.

I'm just imagining it being read out loud in a Monster Truck Radio Commercial kind of voice.

FUCKING BIG ASS SAW SAW SAWS!

Kmart was also selling "Dead cats in a sack" beds (specifically, a serta pet bed).

Let's also not forget the "You Lazy Bastard" garage door opener.

(I have caps, I'll upload them somewhere later if anyone cares).

@theblackdog: That makes me think of Jones BIG ASS Truck Rental and Storage or Jones GOOD ASS BBQ and Foot Massage.

Basically I just like it when casual cursing is injected into everyday objects.

@Viciouspixie:

Of the ones I've had the pleasure of interviewing, it's 1:10, if that. Error checking and handling, and parameter checking is a lost art.

@sqlrob: That's a shame. I at least like to be able to take pride in my work.

@shepd: Count me in.

@shepd: Yes please!

@sqlrob:
I don't think they were "cutting corners," they made a compromise for the sake of performance, something that you have to do on a website that gets as much traffic as Sears.com. Passing that information in the query string lets you avoid retrieving it from some external source, i.e. the DB or a cache or what have you - because you just retrieved that info on the previous page load. There is no negative impact to the user, so what's the problem?

@Hanshiro: It was really hilarious to start with but what tipped it over was the "Tools Yo"

@Cant_stop_the_rock: Because passing them in the url like that makes very messy urls!

@Oranges w/ Cheese - now with 50% more kitty!:

I haven't seen what the URLs looked like at Sears.com, but many sites, including Amazon.com and Consumerist.com, put that sort of information in the URL just to make the URL somewhat readable. You see [consumerist.com] and you wonder WTF that is, but you see sears-caught-selling-grills-to-cook-babies-thanks-to-poorly-built-website at the end and you know what that URL will take you to. Amazon puts product names in the URL for the same reason. Presumably Consumerist and Amazon don't actually USE that information when the user visits that URL - it's just for the user's information. That's the difference between what Consumerist does and what Sears does. But I don't see what the big deal is about what Sears was doing - it has no negative impact on anyone.

"Fuck Sears for trying to fix their mistake!"

I'll admit that Sears (or anyone for that matter) trying to get information off the Internet is pretty ludicrous, but how about, "fuck reddit for being a bunch of whiny babies". Their response is just silly, but then again this is the Internet (again).

@secret_curse: Cool! Anybody want a grilled hoagie? Toasty - mm mm mm mm mm mmmm!

@yadatothethirdpower: Grrr...meant to include URL:

[farm3.static.flickr.com]

Mammas, don't let your babies grow up to be Sears webmasters...

This is funny because Sears' entire web presence seems to be limited to randomly spamming people. I was added to one of their e-mail lists without my consent, and I contacted them and they said they had no way to know how I was added, and I could unsubscribe, which would be admitting I had subscribed in the first place.

How much longer until the Sears deathwatch starts?

@vdragonmpc: Hardly. It's a big deal on Reddit and almost nowhere else.

@Cant_stop_the_rock: The problem is that when they create the cache of the page, they cache the version from the user supplied variables in the URL instead of the version from the database. So the user supplied variables now get displayed to other users.

Even if there is is a performance gain from loading pages with url variables, when creating the cache, they should load their own database variables. Not the user supplied variables.

No matter what you try to claim, there is no excuse for them to cache the user supplied variables and start serving that to everyone else.

@Cant_stop_the_rock: Theres no negative impact... till the user gets creative.

It is about the same thing as letting users edit your billboard messages. As evidenced by this incident.

The correct way to do this would be to use POST and not GET. Using GET in places like this is just terrible software engineering.

Websites with much more traffic than Sears get by on it.

@madog: Their response is not silly. Sears was actually lying by saying they were victimized and someone was defacing their pages. The guy who brought up the topic on reddit didn't even know the funny pages were cached. Mid topic someone noticed the funny variables were coming up even when removed from the URL. There was no malicious intent here. Sears just screwed up when making their site. No one intended for these variables to be served up to other customers. Sears should have admitted their was a flaw in their website, said they fixed it and moved on.

@MostlyHarmless: There is nothing wrong with get. Sears just used it in a stupid way.

@Corporate_guy: I dont want to start a GET v/s POST flame war here on Consumerist of all the places, so I'll stfu about it ;)

Though you are right in that there is nothing wrong in using GET the right way, but just like GOTO and cheese, it gets used in all the wrong ways.

@shepd:
Would love to. I'm in a juvenile mood today.

what's really killing Sears' retail sales is the fact they no longer carry John Henry brand men's business attire. When you can buy a full suit for less than $80, does it matter what kind of material it's made from? I posit to you all that no, it does not. Just don't wear it too often, or it will literally fall apart on you.

I remember my old manager honoring a print-out some kid brought in of an online Sears Xbox add, and the price was $150. Clearly the kid copied the page and edited it (even the image was broken, he just stole the source code and changed the text), and even with me pointing this out, my manager still gave it to him for that price. As frustrated as I was, it just gave me all the more reason to get that Husqvarna 22" chainsaw for half the price with the same shenanigans.

well, they probably wouldn't have been tempted to cut those corners if management would stop making unreasonable requests and would invest some more money in development...

@yadatothethirdpower: Haha us dads are the best, no way my wife would let me do that

@Corporate_guy:

Are they actually caching the user input and sending it back to other users? It doesn't say that in the consumerist article. If they're doing that, that's stupid.

@MostlyHarmless:

What? You shouldn't use POST unless you're modifying something on the server side. Using POST here would be terrible software engineering. WTF.

@Cant_stop_the_rock: Seriously? What if you want to send in 2050 bytes of data that you do not want the client to fiddle with?

@snapdoodle: Sears used to have a better (though still not good) website. They spent money to make it worse--like Consumerist.

@MostlyHarmless: Wow, this conversation is actually too geeky for me.

Yeah, I don't see what the big deal is. Sears had a minor flaw in their website, some people got a chuckle out of it, Sears fixed the problem, and now it's time to move on.

If the website flaw exposed account information AND Sears tried to cover up their tracks, then it would be worth complaining about.

Seriously, Reddit people are whiners and they're trying to make a mountain out of a molehill. Almost as bad as Digg people.

@MostlyHarmless: Blasphemy! There is no possible wrong way to use cheese.

@Cant_stop_the_rock: Yes. After a page is visited enough times and is considered "popular" it is cached. So future visitors see the cached paged. The problem is that when they decide to cache the page, they cache the version generated via the user provided info in the URL. Instead of caching a version generated by the information in their database.

Definitely a flaw in the webpage. Of course sears is attempting to cry hacker and a few sites are reporting it as "hacking".

[kimag.es]
Win.

This is funny, but I don't see how it's an issue. It did remind me of this mod for The Sims 2, though. [www.modthesims.info]

@MostlyHarmless:
Seriously? You think using POST will prevent users from fiddling with the data they're sending you?

If they're sending 2050 bytes of data that would cause something to change on the server you should use POST. If they're sending 2050 bytes of data that doesn't cause anything to change on the server, it's probably because of a poor design.

@Oranges w/ Cheese - now with 50% more kitty!: Same here! I was giggling on the inside.. then I saw "Tools Yo," and I was giggling on the outside, right over my fruity smoothie.

And no one in the café was any the wiser..

I love small children, but I can't eat a whole one at one sitting.

I would have come up with somthing far more offencive than that if given the opportunity.