DEV Community: ShikariSohan

How I Discovered Java's Most Famous Inside Joke

ShikariSohan — Sat, 23 Aug 2025 17:05:08 +0000

It Started with Boring Technical Stuff

Magic numbers are just the first bytes of a file that identify its type. Pretty straightforward:

JPEG files start with FF D8 FF
PNG files start with 89 50 4E 47
ZIP files start with 50 4B 03 04
PDF files start with 25 50 44 46

It's a security thing prevents a PNG from actually being a virus.exe. Technical, useful, but honestly... boring.

Then I Compiled Some Java Code

I work with Java so got curious about the magic number that identifies a Java class file. To explore this, I decided to compile a simple program and examine its hex dump to learn more:

public class Hello {
    public static void main(String[] args) {
        System.out.println("Hi");
    }
}

I ran javac HelloWorld.java and then hexdump -C -n 64 Hello.class.

Wait, what? The Java compiler knows this is a class file by reading "CAFE BABE"? Now THIS was interesting.

Down the Rabbit Hole I Went

I had to know more. How did CAFEBABE become Java's magic number? After digging through old comp.lang.java threads and NeXT documentation, here's what I found:

The Theories People Had

Tribute to coffee and baristas at Peet's in Palo Alto
Borrowed from NeXT's Mach-O file format
Just engineers being caffeinated and silly in the 90s
Second choice was apparently 0xDEADBABE

The Real Story from Java's Creators

Patrick Naughton (Original Java team):
"We were looking for something fun, unique and easy to remember. 0xCAFEBABE was better than the second runner-up, 0xDEADBABE."

This was chosen back when Java was still called the "Green" project.

James Gosling (Java's inventor):
"I was re-vamping some file format code and needed a couple of magic numbers... I hit on CAFEBABE and decided to use it."

He mentioned they also considered CAFED00D and CAFEDEAD, inspired by a local café nicknamed "Cafe Dead."

The NeXT Connection

Turns out NeXT also used CAFEBABE in their Mach-O binaries. Conspiracy? Nope. NeXT engineer Mike DeMoney confirmed: "I didn't bring it over to Java they picked it before I arrived."

Just a coincidence. Apparently there aren't that many cool hex words.

What I Learned

Every single Java class file I've ever worked with starts with those four bytes: CA FE BA BE. When the JVM sees this, it knows it's looking at valid bytecode. If it sees anything else, it throws a ClassFormatError.

What started as a practical need became one of programming's most famous inside jokes. Billions of Java files carry this signature and making it possibly the most widely distributed programming joke in history.

Other Fun Hex Numbers I Found

Hex Value	What It Means
0xDEADBEEF	Debug marker in various systems
0xFEEDFACE	Mach-O binary marker
0xBAADF00D	Windows bad memory marker

The Takeaway

What I thought would be a quick look at file formats turned into a fascinating dive into programming history. CAFEBABE isn't just a magic number and it's proof that even in the most technical corners of software, there's room for creativity and humor.

Every time I compile Java code now, I remember there are actual humans behind all this technology. Humans who drink too much coffee and like to sneak jokes into the foundation of enterprise software.

And honestly? That makes coding a lot more fun.

Resources and References

Why CAFEBABE? - https://www.artima.com/insidejvm/whyCAFEBABE.html
bbum's NeXT/Java History - https://radio-weblogs.com/0100490/2003/01/28.html

Simple vs. Preflighted Requests in CORS: What Developers Need to Know

ShikariSohan — Tue, 06 May 2025 05:08:23 +0000

TL;DR:

Simple requests: sent directly, response blocked if CORS headers are missing.
Preflighted requests: OPTIONS first, then the real request if allowed.
HTML forms are why simple requests are still allowed today.
CORS protects responses, not the requests.

Let’s Send a PUT Request and Inspect the Network Tab

Say you’re making a simple fetch call in JavaScript like this:

You might expect the browser to just send that PUT request to your server.
But when you check the Network tab in your browser's developer tools...

Figure 1: Screenshot showing the OPTIONS request followed by the PUT request

...you'll notice the browser sends an OPTIONS request first then the PUT. What’s going on?
This is what's called a preflight request — a kind of sanity check that the browser does before making certain types of cross-origin requests.

So What Is a Preflight Request?

A preflight (or "preflighted") request is when the browser sends an HTTP OPTIONS request before the actual request (like PUT or DELETE) to ask the server:

“Hey, I'm about to send a non-standard request. Are you okay with this?”

Only if the server responds with the right CORS headers, will the browser then send the real request.
This is a security measure, because certain requests can change server state or carry sensitive data.

Quick Refresher: What Is CORS?

Without a deep dive, CORS (Cross-Origin Resource Sharing) is:

A browser security feature that controls how web pages can make requests to domains other than the one that served them.

What’s a Simple Request?

Not all requests go through this preflight step. Some are "simple" — a term from the older CORS spec (though the newer Fetch spec no longer uses it explicitly).
A simple request is one that satisfies all of the following:
✅ Allowed Methods: GET, HEAD, POST

✅ Allowed Headers:
Only CORS-safelisted headers like:
Accept, Accept-Language, Content-Language
Content-Type — but only with:

application/x-www-form-urlencoded
multipart/form-data
text/plain

✅ Other Rules:

No custom headers like Authorization or X-Whatever
No ReadableStream in the body
No xhr.upload.addEventListener(...) handlers

These constraints are what keep simple requests “safe enough” that the browser doesn’t feel the need to pre-check them with the server.

So Now We Have Two Types of Requests
Let’s break down how simple requests and preflighted requests interact differently with the server and browser:

❌ If a CORS Error Happens:
Simple request:
✅ The request is sent to the server. Process and send the response back with headers added.
🚫 But if the server doesn't return the right Access-Control-Allow-Origin, the browser blocks the response.

Preflighted request:
🚫 The browser sends a preflight OPTIONS request.
❌ If the server doesn't respond correctly, the actual request is never sent.

Figure 2: Shows the flow when a browser requests a simple request.

Figure 3: Shows the flow when a browser requests a preflight request.

Why Are Simple Requests Even Allowed Now?

It goes back to the HTML<form> tag from way back in HTML 4.0.
Before JavaScript could make HTTP requests using fetch() or XMLHttpRequest, you could already do this:

<form method="POST" action="https://otherdomain.com/submit"> ... </form>

This would submit data across origins, no problem. So servers had to defend against that kind of cross-site behavior — namely, CSRF (Cross-Site Request Forgery).
Because simple requests look like form submissions, they’re no more dangerous than what browsers could already do decades ago. That’s why:
CORS doesn’t block simple requests. They’re not introducing a new threat.
But—and this is key—the response is still blocked unless the server opts in by including the Access-Control-Allow-Origin header.

So, What Protection Still Exists?

Even when the browser allows the request to go out:
The response is blocked unless the server returns:

Access-Control-Allow-Origin: http://your-frontend-domain.com

So yes — the request can happen, just like a form could do it...
But JavaScript can’t access the response unless the server explicitly says it can.

Why Do We Need Preflight at All?

Preflight requests were introduced so browsers could:
✅ Verify the server is CORS-aware
✅ Get explicit permission for potentially dangerous or unusual requests
These are typically:

Methods other than GET, POST, HEAD (like PUT, DELETE)
Requests with custom headers (e.g. Authorization)
Requests with bodies like application/json

Here’s what the original CORS spec said:

“To protect resources against cross-origin requests that could not originate from certain user agents before this specification existed, a preflight request is made to ensure that the resource is aware of this specification.”

Translation:

Only let “new” types of cross-origin requests through if the server knows about CORS and says “yes”.

🧠 Let’s wrap it up:

Simple requests are like old-school form submissions. They're allowed without preflight — but the browser blocks the response unless the server opts in.
Preflighted requests are more powerful or unusual. The browser checks with the server first using OPTIONS. If the server doesn't opt in, the actual request never goes out.
The protection lies in the server's response: unless it sends the right CORS headers, JavaScript can’t read the response.

References:

Google Chrome Won’t Open After a Hostname Change? Fix It With This One Line Command!

ShikariSohan — Fri, 28 Mar 2025 16:44:44 +0000

The Chrome Crash That Caught Me Off Guard 🚨

I was recently playing with my Linux machine, setting things up just the way I like them. One of the things was updating my hostname simple enough, right? Everything seemed fine until I rebooted and tried to launch Google Chrome. Nothing. No error popped up, no loading spinner. Chrome just refused to open. 😱

As a developer, my first instinct was to fire up the terminal and launch Chrome from there to see what was going on. Sure enough, cryptic error messages popped up. But what exactly?

AI Let Me Down This Time 🤖

Living in the era of AI, I figured I’d ask the experts: ChatGPT-4o and Gemini Advanced. They give list of suggestions to perform for start Chrome, clear the cache, tweak permissions, you name it. I spent way too long trying each one, but Chrome still wouldn’t budge. Frustration level: rising.

Back to Basics: The Power of a Google Search 🔎

With AI failing me, I turned to the tried and true method: a classic Google search. After experimenting with a few keyword combos, I found gold. Tucked away in an Ask Ubuntu thread was a comment by user Bain, and a related Chromium bug report confirmed it: this was a known issue tied to hostname changes messing with Chrome’s internal files.

And the fix? *A single, glorious line of code. 🙌 *

The One Line Fix That Saved the Day ✅

Here’s the magic command that’ll get Chrome running again:

bash
rm -rf ~/.config/google-chrome/Singleton*
What Does This Do?
Let’s break it down:

~/.config/google-chrome/ is where Chrome stores its user configuration files on Linux.
Inside that directory, files like SingletonLock, SingletonSocket, and SingletonCookie are used to ensure only one instance of Chrome runs at a time and to manage session data.
When you change your hostname, these files can get confused, tying themselves to the old hostname and blocking Chrome from launching.
The command deletes all those Singleton files (the * wildcard grabs them all). Once they’re gone, Chrome regenerates them on the next launch, syncing them to your new hostname.

After running this command, I typed google-chrome in the terminal, hit Enter, and boom Chrome spawned back to life like nothing had ever happened. 🚀

Why This Matters 🎓

This experience taught me two things:

AI isn’t always the shortcut you hope for. While ChatGPT and Gemini are incredible tools, they couldn’t pinpoint this niche issue. Sometimes, the wisdom of the crowd like a random Ask Ubuntu comment beats fancy algorithms.
Simple fixes can hide in plain sight. Hours of troubleshooting boiled down to one terminal command, thanks to Bain’s sharp insight. Massive props to Bain for dropping this gem in the comments of that Ask Ubuntu post. You’re the real MVP!

Have you ever faced a similar issue? Let me know in the comments! 👇

How I merged Five Pull Requests, Lose Sanity, and Laugh It Off

ShikariSohan — Sat, 26 Oct 2024 17:26:24 +0000

This is a submission for the 2024 Hacktoberfest Writing challenge: Contributor Experience

When I started Hacktoberfest, I thought the real challenge would be the coding. Oh, how wrong I was. Turns out, finding a repository I could work on was the real adventure. Scrolling through issues and projects, wondering, “Can I even do this?” was practically a full-time job. Once I did find an issue, coding wasn’t too bad—until I hit the testing phase. Nothing quite like watching a build fail to keep you humble. 😅

But hey, somehow, I managed to get five PRs merged. 🎉 Maybe not the most groundbreaking work, but from my POV, each contribution added a little something to the repository. Below, I’ve broken down each of these PRs and the unexpected twists that came with them.

I can’t even describe how proud I am! 😄🙌

1. Feature/line clipping algorithms

PR: TheAlgorithms/Java#5580

Contribution Summary:

This was my first and biggest contribution, and it’s crazy to think this repo has nearly 60,000 stars! ⭐ This repository is a compilation of all algorithms implemented in Java. I quickly realized most algorithms I learned were already implemented, but then I remembered I’d tackled line clipping algorithms in my computer graphics exams. So, I jumped in and coded up Cohen-Sutherland and Liang-Barsky. Passing the tests, though? That was the real challenge! It took me an entire day (talk about a noob moment) to get everything to pass, but hey, it was a great learning experience—and I survived to tell the tale! 💪

Every time my pushed code shows a test failed error.

2. Feature/quote-to-image-maker

PR: JayShukla8/Quotes#140

Contribution Summary:

I stumbled upon this repository in a Discord server where everyone was busy contributing by adding quotes to the database. 💬 I noticed a demand for a tool to generate shareable quote images for social media. So, I decided to jump in and create a feature that lets users convert quotes into images for easy sharing. It even auto-adjusts the image for dark or light mode based on the theme—perfect for any time of day! 🌞🌜

3. Add tooltips to calculator buttons for improved user understanding

PR: Alitindrawan24/Binary-Calculator#140

Contribution Summary:

This one was a no-brainer! 🤓 While exploring the project, I struggled to figure out the functionality of each button. So, what did I do? I added tooltips to all the buttons to clarify their functions. Easy peasy! 🍋

4. Implement pause state in Breakout game

PR: DhanushNehru/breakout-game#53

Contribution Summary:

I discovered this project in a blog, and while the game was a ton of fun, I realized it was missing a crucial feature: a pause state. ⏸️ I mean, who doesn’t need a quick timeout now and then? So, I jumped in and added that pause functionality. I faced some tricky logic along the way, but in the end, it all came together nicely! 🎮

5. Implemented WeatherApp and updated README

PR: Janani-Balasooriya/Java-Beginner-Projects#28

Contribution Summary: This repository is a collection of simple Java projects, and I decided to tackle a Weather App. 🌦️ I developed a straightforward console-based application where users can get weather updates for their current location or any location they input. I made some API calls and did a bit of formatting to make it all work. It’s cleanly coded and modular, making it easy for new Java learners to grasp! 👩‍💻

Wrapping up my Hacktoberfest adventure, I’ve learned that coding can be chaotic but oh-so-rewarding! 🎢 From battling stubborn tests to adding cool features, each pull request was a mini victory. If you’re thinking about joining the open-source fun, do it! You’ll sharpen your skills and have a blast while doing it. Here’s to more bugs, features, and laughter—bring on next year’s Hacktoberfest! 🚀

A huge thank you to all the maintainers out there—your hard work and dedication make these contributions possible, and we are truly grateful! 🙌

Connect with Me!

GitHub: shikarisohan
Discord: @shikarisohan
LinkedIn: moksedur-rahman-sohan
Email: mokesdur.rahman.sohan@gmail.com

Cover Image created by Adobe Firefly.