Another fun related one: If your username is Tyler and you run shutdown, instead of the usual message it will say "Oh, good morning Mr. Tyler, going down?"
Discovered this in college when I was shoulder surfing a coworker who always used the username Tyler. When he typed shutdown I called it out, and he said, "wait, it doesn't do that for you? I always assumed it said that for everyone and just replaced the username!".
(For those of you too young to know, it's a reference to an Aerosmith song)
Personally I think ubiquitous software is even more important to have Easter eggs, because they're the most widely distributed, and we want as much joy as we could possibly have, before you know.
No, proper easter eggs don't introduce security issues, they're benign almost by definition. I think what made them disappear was the introduction of all the suit-wearing people who decide what the programmers are supposed to program, with no room for autonomous work within that.
Proper code doesn't either, and yet there they are! The point is they added another attack surface, however small, and another code path that should be tested.
When people started to care about 100% test coverage, they started to disappear.
> The point is they added another attack surface, however small, and another code path that should be tested.
I dunno, "attack surface" to me means "facilitate opening/vulnerability somehow" and none of the easter egg code I've seen has done that. You have any concrete examples where a easter egg made possible a security vulnerability that wouldn't be possible otherwise?
But yes, another code path created by easter eggs that wasn't tested I've seen countless of times, but never been an issue, but maybe our easter eggs always been too small in scope for that.
Or they were removed for other reasons than security.
In Star Trek: 25th Anniversary, we had a hidden animation of Captain Kirk's toupee jumping off his head and running out of the room. It was caught before release and they made us take it out since no one wanted to piss off William Shatner.
It should make you wonder instead about the appropriateness of testing over man(1) output, I suppose unless you're actually generating the format for use as man(1) input, in which case congratulations on your functional tests doing their job!
One very important section number is 5 - it's for file formats. So if you forget the crontab format, you need to invoke man 5 crontab to read about it.
In fact, the only reference to crontab(5) is in the SEE ALSO section (on my version anyway), but that doesn't say why you might want to see crontab(5), just that it exists. That is spectacularly useless
That is incredibly stupid. A documentation system designed by someone who doesn't understand how people use documentation.
If man was designed by someone with any taste at all it would at least give you a menu to select (1) crontab command, (5) crontab file format. Maybe we need a rewrite in Rust to fix that.
Remarkable that no one yet here, including the article author, reports the true origin of these section numbers: they identified (depending on section size, one or a group of) physical binders in the series published by AT&T to document System V UNIX, and when you got an update to your system software, it came with a package of new manual pages which you would physically install in the binders to replace the now-superseded older versions. Everything you hate about man pages is in consequence of that origin, and of the corollary that the online version was never designed to be authoritative.
I have one of those physical binders, a volume of Section 3 for an AT&T 3B2, in the software section of my library downstairs. A beautiful artifact in every respect, of the level of quality you would imagine in the manual for a machine that cost $15,000 in the 80s.
My favorite piece of man trivia is from the source of the tunefs BSD man page, which contains:
.\" Take this out and a Unix Daemon will dog your steps from now until
.\" the time_t's wrap around.
.Pp
You can tune a file system, but you cannot tune a fish.
Interestingly, the section doesn't actually have to start with a number. TCL man pages use the 'n' section and 'man' resolves them just fine despite the ambiguity. Conversely, manpage names can also start with numbers, although this is rare (I found only one such example: man 30-systemd-environment-d-generator)
Note that this is contrary to the convention used in the Erlang community, where the number is used to disambiguate function definitions with different parameter counts, e.g. in https://www.erlang.org/docs/18/man/supervisor.html we see definitions of start_link/2 and start_link/3.
It is a stylistic convention to always add this number to any reference to a function, even if there is only one definition.
84 comments
(discussed at https://news.ycombinator.com/item?id=27994194)
Discovered this in college when I was shoulder surfing a coworker who always used the username Tyler. When he typed shutdown I called it out, and he said, "wait, it doesn't do that for you? I always assumed it said that for everyone and just replaced the username!".
(For those of you too young to know, it's a reference to an Aerosmith song)
Haha! Adequate amount of fun was provided, please resume regular man activities.
Which means you need to usually make it explicit to call them (man --abba or something) than something that "surprises" the user.
They fell out of favor when people realized they were a security issue, because it was a code path that rarely got tested.
> proper easter eggs don't introduce security issues
Proper code doesn't either, and yet there they are! The point is they added another attack surface, however small, and another code path that should be tested.
When people started to care about 100% test coverage, they started to disappear.
> The point is they added another attack surface, however small, and another code path that should be tested.
I dunno, "attack surface" to me means "facilitate opening/vulnerability somehow" and none of the easter egg code I've seen has done that. You have any concrete examples where a easter egg made possible a security vulnerability that wouldn't be possible otherwise?
But yes, another code path created by easter eggs that wasn't tested I've seen countless of times, but never been an issue, but maybe our easter eggs always been too small in scope for that.
https://security.stackexchange.com/questions/144202/are-ther...
In Star Trek: 25th Anniversary, we had a hidden animation of Captain Kirk's toupee jumping off his head and running out of the room. It was caught before release and they made us take it out since no one wanted to piss off William Shatner.
> (... less common section numbers)
One very important section number is 5 - it's for file formats. So if you forget the crontab format, you need to invoke
man 5 crontabto read about it.man crontabyou get section 1, which does not document the crontab fields.If man was designed by someone with any taste at all it would at least give you a menu to select (1) crontab command, (5) crontab file format. Maybe we need a rewrite in Rust to fix that.
I have one of those physical binders, a volume of Section 3 for an AT&T 3B2, in the software section of my library downstairs. A beautiful artifact in every respect, of the level of quality you would imagine in the manual for a machine that cost $15,000 in the 80s.
https://pubs.opengroup.org/onlinepubs/9799919799/idx/xcu.htm...
These would all be in section 1, if I am correct.
Run
apropos . | grep "(3)"; you'll be surprised how many libraries come with man pages for their functions (e.g; curl).Now I wonder if there are any IDEs that can automatically dial into these man pages and pull up documentation for functions?
man manStep 2: Feel the urge to write an article about that
start_link/2andstart_link/3.It is a stylistic convention to always add this number to any reference to a function, even if there is only one definition.
Perhaps the modern version of "man" should be a program you can talk to.