God what a humorless crowd. We got a bug report from a customer on an Easter Egg once. There was nothing wrong with the software. It just annoyed them that there was an Easter egg.

The idea that Easter Eggs are security risks comes across as the most pedantic paranoid position. Statistically speaking software is not failing because of Easter eggs.

This does not seem to be about security but about typical American style “cover your ass” legalize thinking.

Sure if you create a space rocket control system I would not put in an Easter egg. But if it is a code editor, word processor, email reading client etc then who cares? Nobody will die and million dollar equipment is not going to blow up.

Disclaimer: I have never made an Easter Egg and I get that companies don’t do it if it causes problems with customers. I just think customers who complain about this should get a life.

I tend to agree with that sentiment. If most software "just worked", I would be okay with it from time to time. But it doesn't, so I am not. I feel the same with cutesy error messages. They're usually a bit condescending or infuriating when something is going wrong. I personally tend to be a bit clinical in my software development, despite the urge to be playful. I am also not a big fan of cutesy commit or issue descriptions either.

When I'm having problems with software I'm typically not in a whimsical mood. Most software I use are tools meant to help me do my job. A cutesy / playful error message coming from a misbehaving tool generates nothing but rage for me.

Cute, condescending error messages are unprofessional and unhelpful. If fewer programs were steaming piles of garbage I might feel differently about it.

Easter eggs are fine, just probably not in security code like bootloaders.