DEV Community: Haris Peter

Discovering Hidden Easter Eggs in Linux Package Managers 🐧🥚

Haris Peter — Thu, 12 Mar 2026 14:42:11 +0000

As developers, we often interact with package managers daily—installing libraries, updating systems, and managing dependencies. But sometimes, hidden surprises are tucked away inside these tools. Recently, I discovered something fun while working in the terminal: Easter eggs inside Linux package tools and sudo.

This was my first time encountering them, and it reminded me that even serious system tools have a playful side.

🐄 The `apt moo` Easter Egg

While experimenting with apt, I tried the command:

apt moo

Instead of an error, the terminal printed a small ASCII cow:

(__)
(oo)
/------\/
/ |    ||
*  /\---/\
   ~~   ~~
..."Have you mooed today?"...

This is a classic hidden feature inside the APT package manager used in Debian-based distributions like Ubuntu.

It doesn’t do anything useful—it's purely for fun. The developers added it as a lighthearted Easter egg. The command literally makes APT "moo".

It’s a small reminder that even the most serious software projects have developers who enjoy adding personality to their work.

🤖 The `sudo` Hidden Message

I also discovered another interesting Easter egg inside sudo.

If you enter the wrong password three times, sudo sometimes prints a reference to the movie 2001: A Space Odyssey:

There’s a lot of it about, you know.
This mission is too important for me to allow you to jeopardize it.
sudo: 3 incorrect password attempts

This is a famous line inspired by HAL 9000, the AI from the movie.

The idea is humorous: the system acts like an AI refusing to give you access because you might “jeopardize the mission”.

🎯 Why Developers Add Easter Eggs

Easter eggs are hidden messages, jokes, or features that developers place inside software. They serve a few purposes:

Celebrate developer culture
Reward curious users
Add personality to tools
Create memorable experiences

In open-source communities especially, these little details reflect the creativity and humor of contributors.

🧠 My Takeaway

Discovering this was surprisingly exciting. As developers, we usually treat system tools as purely functional, but moments like this remind us that software is created by humans with humor and creativity.

It also reinforces an important habit for developers:

Stay curious. Sometimes the best discoveries come from experimenting in the terminal.

🧪 Try It Yourself

If you're using Ubuntu or another Debian-based Linux distribution, open your terminal and run:

apt moo

Then intentionally enter a wrong password with sudo a few times and see what happens.

Just make sure you eventually type the correct password 😄

🚀 Final Thoughts

Little Easter eggs like these make the developer experience more enjoyable. Whether it's ASCII cows in package managers or movie references in system utilities, they add character to the tools we use every day.

And who knows? The next time you're exploring a command-line tool, you might stumble upon another hidden surprise.

Have you discovered any fun Linux Easter eggs? Let me know — I’d love to explore more of them.

Developers Beware: This Fake LinkedIn Interview Campaign is Targeting YOU (And Your SSH Keys)

Haris Peter — Wed, 11 Mar 2026 13:03:32 +0000

If you are a backend developer, DevOps engineer, or work in the Web3/Crypto space, you need to read this immediately.

There is a sophisticated, ongoing cyberattack campaign targeting developers on LinkedIn. The attackers pose as enthusiastic co-founders or recruiters, lure you through a fake vetting process, and then deploy devastating malware by convincing you to download and run their "company MVP" code.

I recently encountered this exact scenario, and thanks to a healthy dose of suspicion, I avoided a massive security breach. Here is exactly how the scam works, the anatomy of the conversation, and the red flags you must look out for.

The Anatomy of the Scam

The "Contagious Interview" campaign, as security researchers call it, is a masterclass in social engineering. It follows a distinct pattern designed to build trust before the final payload.

Phase 1: The Initial Hook

It starts with a connection request or a cold InMail from someone who appears to be a legitimate founder or technical recruiter (often with a polished profile and shared connections).

The conversation starter:

"Hi, It’s a pleasure to meet you. We’re developing an exciting project and would be happy to explore potential collaboration with you."

It’s generic, positive, and flattering. They often target people who look like ambitious "go-getters" on GitHub.

Phase 2: Building Legitimacy and the "Vetting" Process

When you show interest, the attacker moves quickly to make the process seem structured. In my case, they immediately shared a generic Google Doc containing job descriptions and asked me to review it.

"Please find the job description below for your review: [Google Doc Link] I’d appreciate it if you could let me know which role best aligns with your skills."

This achieves two things for the attacker:

It looks like a real HR process.
It narrows down exactly what kind of tools and languages you use (e.g., if you choose the Backend role, they know you likely have NPM, Python, or Docker installed).

In my scenario, once I expressed preference for a backend role, they continued the standard interview dance, asking for my resume. I provided my GitHub resume link.

Phase 3: The "MVP Review" Trap

This is the critical turning point. Once they have engaged you and "accepted" your resume, they spring the trap. They offer to share their project’s Minimum Viable Product (MVP) and ask you to review the code before the interview.

"Here is the MVP version of the project: https://github[.]com/metabyte-org/NitroGem"

The accompanying request sounds like a standard take-home test, but it’s a setup:

Before our meeting, I’d appreciate it if you could:

Review the current MVP implementation

Understand how project listing, voting, and featured promotions function

Consider opportunities to improve UX...

STOP RIGHT HERE.

No legitimate company will share their entire, proprietary source code repository with an unvetted candidate before a single preliminary phone screen. This is the moment I knew something was wrong.

What Happens If You Clone the Repository?

The GitHub repository is a Trojan horse. While it might contain actual code (often stolen from other legitimate projects), it is heavily obfuscated with malware.

The attacker is relying on your initiative. As a developer, the first thing you are likely to do after cloning the repo is try to build and run it locally:

npm install
npm start
# OR
pip install -r requirements.txt
python setup.py install

The moment you run these commands, you are compromised.

This specific campaign uses malicious code (often named BeaverTail or InvisibleFerret) cleverly hidden within:

package.json post-install hooks.
Hidden dependency files.
Obfuscated scripts buried within legitimate-looking libraries.

The malware instantly executes in the background and begins aggressively harvesting your machine:

It steals SSH keys (~/.ssh/id_rsa).
It steals browser cookies and session tokens (allowing them to bypass 2FA on your email, banking, and LinkedIn).
It steals saved passwords.
It hunts for crypto wallets and browser-based wallet extensions.

Within seconds, the attackers can have access to your personal life, your professional accounts, and potentially your current employer's infrastructure.

Key Red Flags (Your Checklist)

Unsolicited Code Access: If anyone asks you to review or run an entire GitHub repository before a formal technical interview, it is a scam.
Skipping the Interview Process: Moving from "Nice to meet you" to "Here’s our entire source code" in 10 minutes is a massive anomaly.
The Web3/Crypto/Token Focus: While not all Web3 companies are scams, this campaign specifically uses the "Token/Crypto Listing" theme because it attracts developers with potentially valuable crypto assets on their machines.
Google Docs for Job Descriptions: Legitimate companies have formal careers pages or use LinkedIn/Indeed’s built-in tools. While a startup might use a Google Doc, use it as an indicator for extreme caution.
Obfuscated Files: If you are foolish enough to clone the repo, look at the code before running anything. If you see thousands of lines of base64-encoded garbage or weirdly named dependencies, delete it immediately.

My Conclusion

Your instincts are your best defense. I knew this process wasn't right, and I didn't run the code. You should do the same.

If you encounter a message like this on LinkedIn:

Do NOT clone the repository.
Report the LinkedIn profile immediately for fraud.
Block the account.

We are developers. Our tools and our machines are powerful, which makes them prime targets. Don't let your eagerness for a new opportunity make you a victim. Spread the word and keep your environment safe.

Postman API class -by Joel Jaison

Haris Peter — Wed, 19 Apr 2023 15:59:02 +0000

It was an comprehensive and excellent class about the utilisation of API's.
First, there was an introductory section where I could get a proper image about APs. Then the implementation was described . Get,post and put where the main activities discussed
. Get which was used to get info or data from the database, post which is used to post or gives new data to an existing database, and put request which was used to pass data to the server . Overall it was an interactive and refreshing section. Now I can use APIs in my project....