All posts by patorjk

Old School, Personal

Cracking MaGuS’s Fate Zero Encryption

293 Comments

I’m getting ready to upgrade my computer, and while going through some old files I stumbled across Fate Zero, the last version released of infamous Fate-X application. The tool was popular way back in the late 90’s since it added a lot extra functionality to AOL – some of which AOL was ok with, and some of which it wasn’t very fond of. It was created by two mysterious individuals known as MaGuS and FunGii. After Da Chronic (known for AOHell), MaGuS was probably the most widely known AOL hacker. Even though Fate-X 2.5 and 3.0 had a much bigger impact, Fate Zero was the most extensive in regards to features.

To maintain its status at the top of the heap, Fate Zero had to protect its external data, and this meant encrypting it so that other developers couldn’t snatch it up for their own progs. The prog scene of that time, however, is now long dead. Seeing these files today, I got curious. MaGuS was only 16 when he wrote Fate Zero. When I was 16, I knew almost nothing about encryption. It wasn’t until I was in college that I got a good exposure to the field of cryptography. Even though MaGuS seemed like a pretty smart guy, at that point in time he probably also didn’t know much about encryption. This made me think that the files might be easy to crack. It seemed like a fun way to spend a few hours, so I decided to see if I could decode them.

Interestingly (or not interestingly, depending on how you feel about it), the biggest source of external data for Fate Zero was AOL ASCII Art (ASCII Art done in 10pt Arial). This was typically used for scrolling into chat rooms. Fate Zero had over 500 files dedicated to this. You can see an example piece of art and its corresponding file encoding, below.

                         .--··´¯¯¯¨˜`·-.,
            .---··· ´¨¨¨                      `·.
       .·´                                        ',
    ,'                                               ',
   ¦             /|        |        /                  |
    ',     (     \\:\  |   /|      /''\     .|          |
      '·.  \|\ \.,'.|::\|\/ |¸,.-·´¨¨`·/.·´  |           |
         ` ·-\\|'/|¨`,     `|˜¨|¨˜`·„¸      |   |´¯`,    |
           ,'/||', \:'| ,     |_\::':/      |    |,  ,'     |
         ,'//|  ',¯¯·',                    |    | ¯        |
        ,'/  |  | ` ·.  --·´               |     |           |
        |´  |   |   _ ` ·.__ .·´        |      |/_        |
        |   |   |¨¯  ¯¯///,··\     ,.--·|      |  ',¯¨¨˜˜``'
        |.·´|   |--,··´¯//\ \ \    //   Aeka  _¸'·-By KioNe

File data for the above picture:

MDR恔…f”…f”…f”…f”…f”…f¡’ý)õý¦¡“rn~f”…f”…f”“sŽ¡ý”î
…f”…f”…f”…f”…f”…fÁ,“Sk…f”…f,f”…f”…f”…f”…f”…f”…f”…f”…f”…f”…mo恔…rˆ”…f”…f”…f”…f”…f”…f”…f”…f”…f”…f”…f”…fˆ rP”…쁔…f”…f”…f£áf”…f”…”…f”…f”…f”…f”…f”…f”…Ân~f”Œr”…fœ…f”…¢½®Áfð…f£áf”…f£Œm½”…f”“”…f”…f”áSk…f”…m¢…f½ðÁf½¢‘mðŸ€½ðÁuðr¡ú
Åý¢ú”áf”…f”…f”áSk…f”…f”Åf¡Á¢Ý›”Â
Ô‘f”…fÁðýîÝý¦øf”…fð…fðõÁ …f”áSk…f”…f”…f›”ÂÝ›‘f½®ŒÂ …f”…ÂÀП€ˆ®”f”…fð…f”ár”‘m”…fðrP”…f”…f Œuð…fˆ õ›‘f”…f”…f”…f”…f”…”…fÝ”f”…f”…Ân~f”…f”‘m”…”áfÁ”t”’s)…f”…f”…f”…fð…f”…”…f”…f”…Ân~f”…f”áú”áf”áf”ÄfÁ”tÀÓ…t)…f”…f”áf”…fð”¥”…f”…f݁o恔…f”…”…”…Â
$…f$”u ý½”…f”‘tŽ¡”…f”áf›‘õ
ýÞÁÔŒSk…f”…fð“ýð…fð’s,ú£”¢Ð…¢”…f£…fµÊ±Â”…¥›s£í…‘Ê㳫n~

So right away it’s clear he’s not using a simple substitution cipher, yet due to the repeated use of white space in the source data, a pattern does seem to emerge in the encoded data. I compared the file sizes and found MaGuS’ encoded *.mdr files to be 5 bytes larger than their decoded counter parts. I chalked this up to the “MDR” that prefixed all the files, and the ending carriage return and line feed that seemed to end all of the files.

That meant there was probably one-for-one character encoding going on. After trying a few things out, I realized every 4th character seemed to use the same encoding. My guess was that he was combining 4 simple substitution ciphers, and using a different cipher depending on the index of the character. I created a quick script that read in an input/output combination and then tried to use that information to decode an encrypted file. To my delight, the script (mostly) worked! This was great, however, without knowing the full map of each cipher, I would only be able to get partial results.

I looked further and found each cipher was simply doing a character offset, meaning each cipher was a Caesar Cipher. The offsets were 70, 97, 116 and 101, respectively. If you look up the corresponding ASCII code for those numbers, you get the word “Fate”. I tried out this new decoding strategy and was able to successfully decode a directory of MaGuS’ files. I had broken the code! MaGuS was using what is known as the Vigenere Cipher, and for that particular directory, “Fate” was the pass-phrase.

In another interesting twist, I noticed certain types of files used different Vigenere keywords. For his *.mdf data files, the keyword “12151981” was used. My guess was that this was his birthday, since this date would have made him 16 when the prog was released and he mentions that he was 16 in the app’s about section. In this same about section he also mentions that he’s Asian and what high school he went to. This narrows down who he is to almost a T.

This got me thinking: “I wonder if I can track down who MaGuS was?” With the aid of some crafty googling, email addresses taken from webpages mentioned inside of Fate (if you dig through the machine code, you’ll find a dozen or so URLs), Rapportive (which can be used to look up social profiles based on email addresses), the internet archive, and leads taken from Fate Zero itself, I was able to pin point an individual who fit all of the criteria and was friends with people who got shout outs in Fate. I plugged their name and the “12-15-1981” birthday into dobsearch.com, and only one result came back, and it was from the state and city MaGuS said he lived in. I was stunned, I had found MaGuS.

I feel like it’d be wrong to out him, but at the same time I know it’d be a cop-out to not say anything. So I’ll just say that according to his LinkedIn and Facebook, he works for a consulting firm in the Washington DC area and is specializing in web related work. The rumors of him working for a security firm or of being this guy are false. He also seems to be somewhat of world traveler, and has a side hobby of being a photographer.

Part of me wondered for a second if I should contact him. He was a big inspiration to me back in the day, and Fate-X and its ilk are what led me to learn how to program. However, after talking with my wife, we thought that’d be too creepy. He made some cool progs a long, long time ago, no need to freak him out with some elaborate story that involves breaking some encryption he wrote over a decade ago.

Anyway, after I’d finished my little side quest, and I realized I still had 500+ decrypted AOL ASCII Art files, many of which haven’t seen the light of day in over a decade. Since some of that stuff is kind of cool, I decided to create a gallery for it. If you have a few moments check it out. Also, feel feel to grab and host any art there that you like, just be sure to leave in any artist signatures. It’s kind of strange to think that era is so far away, but also kind of neat to find remnants of it every so often.

2013.04.28 Update: A bit more has happened since I made the original post. MaGuS actually emailed me to congratulate me on the finding and to confirm his identity (though I’ll continue to respect his anonymity). He also mentioned that at the time he wrote Fate he had no training or knowledge of programming, and that he came up with his own encryption method as he went along. I don’t fault him for this, as Fate is still really impressive and I think most of us were in the same boat back then. He seems like a pretty cool guy, and I was glad to hear he enjoyed the post.

2016.03.10 Update: To reconnect with fellow former AOL developers:

Development Thoughts, JavaScript

Finding and fixing JavaScript errors that no one tells you about

1 Comment

Earlier this month I saw an interesting article on logging client side JavaScript errors, and then another one that showed how to do it using Google Analytics. The idea was clever and easy to implement, so I decided to try out the Google Analytics version when I posted up my new Keyboard Layout Analyzer last week. When an error occurred, I’d log the file it happened in, the line number it happened on, the browser’s user agent string, and the error message itself. Below you can see a screen shot of the error log after 1 week.

Google Analytics Panel

I’m unsure what errors 2-5 are. There’s no associated file, and the error message is simply “Script error”. The Analyzer gets an average of 90 visitors a day, so these account for a small percentage of users, though it is a little peculiar. Error 1 is definitely a real error though. I had been checking the stats every day, so when it popped up I actually got a little excited.

Usually when I discover an error, it stings. Users don’t often tell you about errors, unless they really like the app or are feeling unusually nice. Often times they may not even know something’s wrong. If the app wont work correctly, they just move on to another page without another thought.

This time, I caught it right after it happened, so I was actually a little happy. The error was pretty easy to pinpoint. Luckily it only occurred if AltGr keys were used, which doesn’t effect users unless they decide to add customizations for foreign layouts, which is why it didn’t show up until later in the week. I should have caught this while testing, but over sights are made sometimes.

So far I’m happy with this little experiment, and am thinking about possibly adding client side error logging to my other apps. For now the only draw backs I see are that this method of discovering errors can be a hassle if your scripts are minified and concatenated, and that users could abuse this if they knew you were doing it (though then again, they could abuse any kind of data saving request you were doing).

Web Apps

Keyboard Layout Analzer 2.0

4 Comments

On Sunday I uploaded the new version of the Keyboard Layout Analyzer. It has a plethora of new features and charts, and a new layout design. My goal was to create something that was more useful and easier on the eye.

Several key features are currently missing from the app (saving/loading of layouts, heatmap stats, etc), and I hope to have those finished within the next week or two. I’ll do a second post, when version 2.1 is released, to chronicle those features. I decided to launch the new app before I had finished everything because I was worried my to-do list would get too large, and I’d simply just never finish before moving onto another project (I have quite a few unfinished projects). Work is also about to get a little hectic in two weeks, so I figured it was best to launch while I had some extra time on my hands. Below is a list of what’s new in the app.

  • Resigned layout.
  • Code rewritten from scratch (mostly because I just wanted to start fresh).
  • New configuration keyboard that allows you to set finger placement, finger start positions, and modifier characters for each key. Also supports drag and drop for ease of use.
  • Drop down for loading sample texts (hopefully more to come soon).
  • Bar charts comparing fingers are now available for distance and finger usage. For row usage, a row usage bar chart is presented.
  • Distance traveled is now broken down by finger.
  • Distance, finger usage, and row usage are displayed by a selectable unit type (percent, key strokes, etc).
  • Stats on consecutive finger and hand usage have been added in.
  • An adjustable number of layouts can be compared.
  • New algorithm for determining the best layout.

Many of the new features are user driven. I received around 8 emails, and they were all extremely helpful in guiding the direction the app took – so thank you to everyone who gave feedback (even if I didn’t implement every idea – yet at least). Hopefully in another week or two I’ll do another update chronicling the remaining features.

Lastly, I had a request to keep the original version intact and available, and have decided to make it available here. If you use IE8 or below, you’ll automatically be redirected there anyway.

Random Thoughts

Don’t want to use JavaScript? What about Tcl? Or LOLCODE?

Wouldn’t it be neat if web browsers had more client-side languages available? Wouldn’t it be kind of cool if you could code up your app in Tcl and place it in a script tag? Well, it turns out you actually can (sort of)! The below Tcl code is mostly non-sense, but it does do some DOM manipulation, and you can see it in action here. 

<script type="text/tcl">

proc appendTextNodeToElement {divId text} {
    set div [document getElementById $divId]
    set textNode [document createTextNode $text]
    $div appendChild $textNode
}

proc listNames {name1 name2} {
    if {== $name1 $name2} {
        set nameStr $name1
    } else {
        set nameStr "$name1 and $name2"
    }
    puts "hi $nameStr"
    return $nameStr
}

appendTextNodeToElement "testDiv1" "This is a test!"
set names [listNames "Bob" "Alice"]
appendTextNodeToElement "testDiv2" $names
appendTextNodeToElement "testDiv3" "2 + 2 = [+ 2 2]"

</script>

It turns out that when a web browser is parsing a script tag, if it doesn’t recognize the “type” attribute, it will ignore the code within the tag. This allows newer browsers to support additional languages without breaking older browsers. However, the older browsers still leave the contents between its opening and closing tags there, so if you have some JavaScript code that will parse and interpreted it, you can execute it.

The idea fascinated me and I wanted to see if I could whip up a proof of concept. I found a neat open source Tcl interpreter written in C called Picol, which was only 550 lines and covered only a sub-set of the language. I figured this was perfect for my needs and decided to see if I could port it to JavaScript. The port was really straight forward and I was pretty amazed when I actually saw it working. I went ahead and added in a few DOM manipulation functions, but decided not to get too carried away. The code for this is available here. I only went far enough to get a proof of concept though, so it’s not very feature rich. I also don’t really have any plans to go further with this, I just sort of got excited at the idea and wanted to see what would happen.

I also decided to search around and see anyone else had ported other languages for use on the client side. I ended up finding some code written by a Dutch programmer which allows for LOLCODE in the browser (zip mirrored here). However, rather than interpreting the code, his method converts the LOLCODE to JavaScript, and then appends this new JavaScript into the web page via a script tag. Still neat though.

Also, I’m aware interpreting code with an interpreted language isn’t the best idea performance wise, and that there is currently a growing number of languages that compile into JavaScript. So client-side developers aren’t technically limited to just JavaScript, but I do still find the idea of JavaScript-based interpreters kind of neat.

Lastly, there are a couple of JavaScript Tcl interpreters out there already. I played around with a few, but ultimately found them a little too confusing, and I wasn’t sure they were made for what I wanted to do (basically act as a JavaScript substitute), so I passed them over when doing this experiment. However, I’ll link to them below for those of you who are curious.

Book Reviews

Book Review: “The Tangled Web: A Guide to Securing Modern Web Applications”

The Tangled Web

Security is a hot right now*. You see TV commercials touting degrees in Information Security, you see news stories on hacking done by Anonymous, and you hear people throwing around terms like “cyber security” and “cyber attacks”. So when offered a review copy of The Tangled Web, my interest was piqued. The book aims to take its readers on a walk through of the modern web stack, and to explain the web’s vulnerabilities and what can be done to avoid them. It’s geared at software engineers and security professionals, and is written by a security expert at Google.

The book is divided into 3 sections. The first section aims to describe the anatomy of the web. It goes over URLs, the HTTP protocol, CSS, HTML, JavaScript, non-HTML document types, and browser plugins, all with a security mind set. I felt I was pretty familiar with the URL syntax, but was surprised to learn about some of the tricky URLs that could be created. Most people probably wouldn’t think twice before visiting this URL: http://bing.com&q=test@1249763400 – what happens depends on what browser you’re using.

The second section of the book covers Browser Security, and was to me the most interesting part of the book. The fundamental security policy of the browser is the Same Origin Policy (SOP), which puts content isolation rules in place to keep web sites from interfering with one another. In most web browsers, the origin for a page is defined by its scheme, host, and port. Though apparently for IE versions before 9, only the scheme and host are taken into account – unless you’re dealing with the XMLHttpRequest (XHR) object, then IE takes all 3 into account when defining the origin.

My favorite browser flaw talked about in this section was the one on the getComputedStyle/currentStyle API. Back in 2002, it was discovered that JavaScript could be used to look at the computed color of visited links to determine if a visitor had visited a particular site. Thousands of checks could be made a second, thus any website you went to could snoop-in on your browsing habits if it wanted to. Fixes for this security issue were put in place around 2010.

Another neat trick that was talked about was trying to load an authentication-requiring image from a third party site and using the image’s onload and onerror events to see if the user had logged into that site (a good discussion of this can be found here). This idea can further be extended to third party APIs. If a website doesn’t put the proper security in place for its API, malicious sites can do all sorts of mischief to their visitors, all without them noticing.

The last section of the book is the shortest (32 pages) and focuses on coming security features. This section of the book didn’t really grab me, but there were a few bits that piqued my interest. Cross-Origin Request Sharing finally allows developers to use the XHR object in a cross domain fashion, but until older browsers are phased out, developers will have to create a fall-back behavior if they decide to use it.

Overall I enjoyed the book and found it worth reading. I do, however, wonder if framing security around a discussion of the web stack was the best way to go. The author contends that arbitrary taxonomies of vulnerabilities aren’t as informative, and that some problems don’t fit into buzzword friendly names like Cross-Site Scripting (XSS) or SQL Injection, but I think information is more accessible when organized that way. Reorganizing chapters around a taxonomy of problems like XSS, CSRF, etc, would also probably make it a better reference for developers. Though to his credit, the author does devote the last few pages to common web problems like XSS, CSRF, etc, and indicates the pages where these problems are discussed (since they come up throughout the book).

If you’re a web developer and want to get a better understanding of security I think this is a very good book and worth checking out. However, if you’re not a web developer, I wouldn’t pick this up unless you had a technical interest in web security. Lastly, if you’re interested in the book I’d recommend reading the sample chapter on the HTTP protocol, since it gives a good preview of what the book is like.

*This may be area specific. I live in Maryland, and the BRAC has been driving a lot of job growth. So it maybe it’s better to say it’s hot in the Maryland area, and possibly other places too.

General News, Web Apps, web development

New Keyboard Layout Analyzer (Preview)

1 Comment

You can now try out a preview version of the new Keyboard Layout Analyzer. I completely re-did it from scratch. I know I’ve done that before, but I’ve learned a lot about JavaScript and HTML5 over the past two years and thought the application would be best served with a fresh start. Below you can see a screen capture of the new configuration page.

Configuration Tab

The biggest problem with the previous Analyzer was that it didn’t have the best configuration options. And even then, the top-based tab interface led to a lot of people not even noticing that configuration options existed. My main goal was to make configuration much more intuitive and flexible.

The previous Analyzer also assumed keys to be atomic and wouldn’t let you mix and match characters from different keys. For English keyboards this was mostly fine, but when I started learning about Foreign layouts and specialized layouts like the Programmer Dvorak, I realized I’d made a fatal mistake. The old code centered around atomic keys and even used image icons for the configuration display. For this version, I decided to draw the keyboard on a canvas element and to allow keys to mix and match characters. Theoretically, the new setup could even analyze unusual layouts like the Maltron layout, but I haven’t yet created Keyboard Maps for that layout, nor have done much testing in that area (though it’s a goal).

I also tried to make the app look more visually appealing and to provide a better user experience. The old layout was kind of amateurish looking, a number of people didn’t utilize the top-based tabbed interface, and the amount of scrolling you had to do on the output page made it easy to miss interesting information – not to mention that I was using pie charts, which are notoriously bad at presenting this type of information (I had a decent number of people email me asking me to switch to bar charts). I tried my best at making something that was reasonably ok looking, and I hope the new side-tabs making navigating the information easier.

I’ve recently taken on a lot at work, so that has slowed me down quite a bit, but I hope to finish off the rest of the output sections in the coming month. If you find any bugs or have any suggestions please let me know!

Random Thoughts

Pronouncing SQL: S-Q-L or Sequel?

87 Comments

I know, I know, tomato-tomahto, but I’ve had people tell me I say it wrong when said each way, which has left me rather confused, so I decided to do some research and figure out how SQL is actually pronounced. SQL is the language used for querying and managing data in a relational database system. Some people say S-Q-L and some people say “sequel”. This difference in pronunciation also effects the writing of documentation. The indefinite article that’s used before the term (a or an) is based on how it’s pronounced (try saying “a SQL” and “an SQL”). No one wants to sound ignorant, so which way is correct? It turns out they’re both correct/acceptable, but that the S-Q-L way of saying it is more “official”.

SQL was initially developed at IBM by Donald Chamberlin and Raymond Boyce. It was initially called “Structured English Query Language” (SEQUEL) and pronounced “sequel”, though it later had to have it’s name shortened to “Structured Query Language” (SQL) due to trademark issues. It was created to supplant the then popular QUEL database language, and the name “sequel” was meant as a pun (it was the sequel to QUEL) [1]. However, this leads to the big question – was language still called “sequel” after the name change?

If you look at Oracle’s official documentation on SQL, it says it’s still pronounced “sequel” [2]. However, if you look at MySQL’s official documentation, it says “MySQL” is officially pronounced “‘My Ess Que Ell’ (not ‘my sequel’)” [3], and Wikipedia says SQL is officially pronounced “S-Q-L” and references an O’Reilly book on the subject [4]. So this is no help, the major sources aren’t agreeing on the way it’s “officially” pronounced.

Then a thought occurred to me: SQL was created in the 70’s, the creators are probably techies, I can probably just email them and ask them how it’s pronounced! Ray Boyce had passed away at a young age, but Don Chamberlin was alive and now teaching at a university. I felt a little silly, but I decided to fire off a short email to him:

Hello Don,

I’m sorry to waste your time with such a silly question, but I’ve often heard SQL pronounced S-Q-L or as Sequel. I’ve also seen the official pronunciation listed both ways. According to wikipedia, you and Raymond Boyce created the language and it was shortened to SQL after some legal dispute. So my question is, is there an official pronunciation to SQL? Thank you for your time.

– Pat

To my delight, he replied back:

Hi Pat,

Since the language was originally named SEQUEL, many people continued to pronounce the name that way after it was shortened to SQL. Both pronunciations are widely used and recognized. As to which is more “official”, I guess the authority would be the ISO Standard, which is spelled (and presumably pronounced) S-Q-L.

Thanks for your interest,
Don Chamberlin

I felt a little dumb wasting his time with such a goofy question, but I was thrilled he replied back. Later I would find out that he himself pronounces it as “sequel” [5], so it’s interesting he would be so unbiased, though I suppose his pronunciation is consistent with him noting that the original guys kept calling it “sequel”. With this I felt I had found my answer: Both were acceptable, though the standard indicated S-Q-L was probably more official.

I don’t have any plans to be that guy and start correcting people who say “sequel”, though now I feel I can at least defend saying S-Q-L if someone tries to correct me. Additionally, while this may seem like a really trivial matter, some people seem to take it rather seriously. On a thread at Oracle’s message forum, a DBA who pronounces it “sequel” mentioned that “I’ve rejected interviewees because they didn’t know how to pronounce SQL … If you can’t pronounce it correctly, then I have doubts as to your ability to use it correctly.” [6] Though then again, the Oracle community seems to have adopted the “sequel” way of saying it, so maybe adapting to whatever environment you’re in is the best policy. Whatever the case, knowing why it’s said one way or another can useful.

[1] http://www.ibphoenix.com/resources/documents/design/doc_123
[2] http://docs.oracle.com/cd/B10501_01/server.920/a96540/intro.htm
[3] http://docs.oracle.com/cd/E17952_01/refman-5.1-en/what-is-mysql.html
[4] http://en.wikipedia.org/wiki/Sql
[5] http://www.youtube.com/watch?v=ghxpXpTuALM#t=33m23s
[6] https://forums.oracle.com/forums/thread.jspa?threadID=630585&start=15&tstart=0

Random Thoughts, Web Apps, web development

Is ___ more of a boy’s name, or a girl’s name?

2 Comments

Photo By Zach Klein

So my boss came into my office on Friday and off handily asked me if “Stacy” was more of a boy’s name, or more of a girl’s name. I immediately thought “piece of cake!” and brought up my Baby Naming Trends Tool, only to be really confused that there was no feature for determining this. “Wait, I remember programming this feature last Fall, where is it?” I thought. Then I remembered I had waited to push the update out until I finished a couple of other features (which remain unfinished). D’oh!

Since male vs female feature was kind of fun, I decided cut out the unfinished functionality (for now), and push out the update so users could query the data. Now you can see if names are more popular for girls or for guys. Just place a “m:” or “f:” before a name when you enter it in. Here are some examples of names commonly given to both boys and girls:

  • Casey – Very close, more male leaning though.
  • Jordan – More male leaning.
  • Mackenzie – More female leaning.
  • Pat – A nick name, but popular with female babies in the 30’s and 40’s (though it’s almost no longer used). Patrick and Patti are more popular.
  • Quinn – More female leaning.
  • Riley – More males, but trending towards more females.
  • Stacy – More female leaning.
  • Taylor – More female leaning.

However, when creating this feature, I noticed some interesting abnormalities. No popular names seemed to be 100% male or female, even names that were obviously male or female. For example, according to the data, 11 females were named John in 2010, and during its peak popularity, when 80,000 males a year were being named John, the data says 200-300 females a year were being named John. Even though that means only ~0.375% of John’s were female, it still seems bizarre that someone would name a baby girl “John”. I wondered if this was a mistake on my part, but the underlying data showed the numbers to be correct.

The idea that someone would give a baby girl or boy a name of the opposite sex isn’t too far fetched, I know a few guys with names more commonly associated with girls, but are there really hundreds of guys named Jennifer walking around in the US? I accept that there may be a hand full, but my guess for the real reason this anomaly appears is because nurses or doctors sometimes make mistakes when recording the data. That makes me a little sad, but I suppose any data that’s hand recorded is going to have some errors. Though if this is the case, since this data comes from the US Social Security website, does this mean that these people may have their sex incorrectly recorded on their birth certificate? Though then again, perhaps people give a name for their baby, but then change it when it’s born and they find out it’s a different sex. Or then again, maybe there are lots of male Jennifers out there. Whatever the case, it makes for an interesting blip in the data.

Keyboard Layout Analyzer Update

I’ve rewritten the Keyboard Layout Analyzer. Back in November I told a guy I was close to being done and would have a new version up in “2 weeks”. I then told two other people in December who asked for additional features that I’d have it up in “2 weeks”. I now feel a little bit like a jack ass, but I honestly have been really busy. My new plan is to simply put up a preview version soon. The new app is mostly done, but rough around the edges in the output department.

General News

Coming updates

Photo By gureu

Two updates for the price of one today. It’s been killing me that I haven’t been posting more. I’ve been switching between projects a lot lately and I’m ultimately left with a lot of stuff that’s between 25%-75% done.

Coming up within the next month there will be a make-over/overhaul of an existing app. I also started some big updates for the baby naming tool, but temporarily shelved them when I started the remake of the previously mentioned app – though I’m not sure when these updates will be out. I’ve also been experimenting with FireFox addons, but I haven’t yet put together anything interesting. Sometimes I feel like I have programmer ADD.

Anyway, I just wanted to let you all know I’m still actively working on stuff for this site and haven’t forgotten about it. Sorry it’s been so quiet lately!

Development Thoughts

Testing your Linux skills

Photo By mkrigsman

If you’re a developer, you probably find yourself using Linux at least some of the time. Knowing your way around the OS can make your life a lot easier, and I’ve sometimes found myself wishing I knew certain commands or concepts a lot sooner. I’m no expert, but since I thought it might be useful, I’ve put together a short quiz to test your Linux skills.

Important Note: Since you are reading this through a feed reader or by email, the answers will be right below the question. On the main blog entry the answers are hidden until you mouse over or click on the “+” next to the question. Click here to be taken to the blog entry if you wish to not see the answers.

So, let’s get started…

  1. What does the cd command do when handed each of the following inputs: “-“, “/tmp” and “~”? [+]

    • “cd -” changes the current directory to the directory you were previously in.
    • “cd /tmp” changes the current directory to “/tmp”
    • “cd ~” changes the current directory to your home directory.

  2. What are two ways of copying a text file without using the cp command? [+]

    • cat the file and redirect the output to a new file.
    • Use the scp command (secure copy).

  3. You want your console window to continuously show you the latest updates to a log file as its being updated. How would you do this? [+]

    • Use the tail command with the -f flag.
    • Use the less command with the +F option (personal favorite).

  4. What is the difference between the “which” and “whereis” commands? [+]

    • which shows the full path of a given command.
    • whereis locates source, binary, and manual files for a given command.

  5. How would you find all of the files modified within the last day under a particular directory structure? [+]

    • find ./ -type f -mtime -1

  6. What is the purpose of the “/etc” and “/var” directories? [+]

    • The main directory layout for all Linux systems is based on the Filesystem Hierarchy Standard (FHS).
    • The “/etc” directory contains host-specific, system-wide configuration files (sometimes called “Editable Text Configuration”).
    • The “/var” directory contains “variable files”, or files whose content is expected to continuously change during the normal operation of the system (ex: log files).

  7. What are “cron jobs”? [+]

    • Linux systems have a program called “cron” which runs in the background and executes jobs (commands, scripts, etc) based on a schedule defined in a crontab file. This allows you to routinely do certain tasks. A “cron job” refers to a job run by the cron daemon.

  8. What does the “nohup” command do? [+]

    • Short for No Hang Up, this command allow you to execute a command that will keep going after you’ve logged out (ie, one that ignores hang up signals).

  9. You have a directory tree which contains all of the files for a web application. You want to make a list of all of the files that contain a phone number in the format of “(XXX) XXX-XXXX”. How would you do this? [+]

    • The key insight is to use the grep command with the -R flag (recursive directory search), -l flag (list files) and a regular expression to find the phone numbers.
    • As a side note, this used to be a popular interview question that Amazon gave to potential applicants (for more info, see the “Notes” section at the bottom of this post).

  10. What is the name of the official Linux kernel mascot? [+]

    • Tux.

Mouse over or click the +’s to see possible answers (though I didn’t include all possible answers – so you may have thought of some solutions that aren’t listed).

If you found yourself doing poorly, or just want to refresh your linux skill set, check out:

http://www.funtoo.org/wiki/Linux_Fundamentals,_Part_1

They have some of the best tutorials I’ve seen on Linux. However, if anyone knows of any other good tutorials let me know and I’ll add them here too.

Notes:

  • For more information on question 9, click here and go to the section titled “Area Number Three: Scripting and Regular Expressions”.