You are a technical engineer, consultant or operations person and you happen to be riding the Massachusetts Bay Transit Authority Red Line in Boston or Cambridge, Mass., when a QR Code with no other identifying information appears in a print advertisement above your head.
Well, 30,521 geeks have used QR scanning apps on their smartphones since Jan. 10 to see what the secretive QR code was all about, and many began a multi-step cyber hunt engineered by ITA Software as it tries to recruit crack technical staff who can crack the code and figure out what was going on.
ITA Software, which has been in the news of late regarding a not-so-mysterious search engine which is trying to buy it, is looking for "hackers with people skills," with the emphasis on the hacking part, and saw the multi-step, cyber-puzzle whodunit advertising campaign as a cool way to compete for hot technical personnel in demand.
The QR Code took people to a page on a specially created website, ohaipuzzle.com, which merely says, "Solve Me."
Believe it or not, 5,722 people solved the "Solve Me" portion of the puzzle, and made it to a second page (still with no clue that this was an ITA Software recruitment ploy) and 152 people solved a second portion of the puzzle, and received the following automated email:
You are the 122nd person to submit a correct solution to the OHai Puzzle. We hope that you enjoyed participating in this open challenge as much as we enjoyed creating it.
This puzzle was sponsored by ITA Software, a leading provider of innovative solutions for the travel industry. If you enjoyed the challenge of this site, you're the kind of person we'd like to hire! Please visit our website (http://itasoftware.com/careers) for more information.
Questions or comments? We'd love to hear from you! Send us an email:
Talk about a complicated click-through for a recruitment website.
The first to solve the puzzle was Jered Floyd, chief technology officer at Permabit Technology.
For an explanation of how Floyd solved the puzzle, follow his saga in the note below this post.
Floyd knows about the rigors of recruiting qualified developers, stating: "In my experience, trying to find good developers is a much harder puzzle than this was."
In addition to the stealth advertising with the QR Code on the Red Line, ITA Software place the advertisement on bus shelters along Massachusetts Avenue, which runs past MIT and company headquarters in Kendall Square in Cambridge, Mass.
The company has received 255 applications from the ads, as well as other advertisements on MBTA trains and buses, an advertisement on Tnooz and other venues.
"The puzzle is interesting to hackers because it is a combination of logical problem-solving and technical know-how," says Adam Fletcher, an ITA Software developer. "Puzzle solvers are clever, curious and persistent, which are also the traits of good hackers."
Some of the hacker puzzle-sleuths have enjoyed tweeting about their problem-solving. Here's a sampling:
Ohai, by the way, is another way of saying "Oh hi," or according to the Urban Dictionary, "A word used in conversations or online games, an alternative for 'Oh, hey,' but makes you sound even more [expletive deleted, expletive deleted.]
Note: Ohai, all. The following is the explanation that puzzle-solver number one, Jered Floyd, sent to ITA Software on how he figured it all out. If you can follow his thinking, you might want to consider working for ITA Software or some other similarly geeky enterprise:
"How I solved it:
"Puzzle 0: I saw the QR code on the subway coming home from The Field in Central Square, where I had a meeting for drinks and website planning for my rugby team. (Note for the future: bars not conducive to web design.) I used QuickMark on my iPhone to decode it, but didn't have signal to check the site. FYI, the code seemed to be mounted 'upside down' from the canonical orientation, not that it matters to the code. (Obviously the MBTA doesn't know that.)
"Puzzle 1: Once I got to Porter Square, I pulled it up on my phone, but was not able to figure out anything further. When I got home I opened it in Firefox and viewed the source. I couldn't find anything interesting.. there's an h3 style definition that isn't used, and what looks like (and is) a Google Analytics tracker.
"I was curious why my telnet attempts failed, so I used "'curl -v' to view the full request and headers, where I saw the X-Encode header. This base64-decoded into a URL.
"Puzzle 2: This was probably the hardest, although easy compared to the MIT Mystery Hunt (which is a good thing; some years I've barely been able to solve anything at all). I was pretty sure that this wasn't a word search, and didn't explore that route. The fact that there were 26 columns was a pretty clear indicator to me that this was a cipher of some sort, and I started with trying to use 'WORD' as various offsets before exploring other parts of the problem. Since the same letter appears multiple times in a row I concluded this wasn't a substitution cipher.
"Before solving for the WORD I went to the clue, figuring the 822-6 and 2616-9.5 might be coordinates or otherwise required to locate the word. The hyphen seemed to be a separator rather than a minus sign because a large non-integer didn't sound useful to me. The first Google hit for '2616-9.5' had the text. In the meantime, I did re-read both sections of the RFC 2616 (9.5 POST > and 9.6 PUT), which fit with the clue form to submit 'by 2616-9.5,' and I know RFC 822 well, so I figured out that these were RFC references. So, I now knew to submit WORD, UUID, and my address by HTTP POST.
"I then made a simple form on local disk to do a post to http://www.ohaipuzzle.com/ and thus found the proper field names ('email' being the non-obvious one). Now I just needed to figure out the word. I loaded a few different UUIDs to see that the grid was different each time, tried a few dead ends, and went to read livejournal/facebook/blogs for a bit.
"When I came back to it I considered the grid dimensions again. 26 columns must correspond to the alphabet, and 11 rows suggested an 11-letter word. Eventually I noticed that 'FIND THE WORD' has 11 letters, and it was very obvious to me that these letters were offsets into sequential rows.
"I submitted the form with complete data. It didn't work the first time because I paired the wrong UIUD and word (oops). It didn't work the second time because I had the word in lowercase. I then searched to see if there was some special INPUT encoding for uuid (there isn't), and then tried again in all caps. This gave me a blank page... so I tried it again and got an error saying that the word/uuid had already been used. I wasn't sure if the problem was on my side or yours so I use curl again to submit the POST (instead of Firefox and my HTML form) and received confirmation that I was the 2nd person to solve the puzzle. I then replied to your mail to see if I was the 1st as well."