I haven't posted to SD in years, but felt compelled to brush the cobwebs off and reply to your question...
1. This is a semi-religious question, so you are going to get a lot of vitriol in some of the responses; ignore it.
2. Gentoo is the "dive in the deep end, with weights tied to my feet and battle my way back to the surface" answer to your question. You build everything. You won't just learn the command line, you'll learn build tools, config scripts, environment vars, libraries, manual dependency management and more. I DO NOT think this is the right choice for you right now given how new you are to all of this. This will be the "death by a thousand paper cuts" experience that runs the risk of driving you crazy after 3 days of work and you still don't have a GUI running because of some esoteric error that you don't understand.
That said, if you insist that this is how you like to learn, go for it. The community/forums are very helpful and PACKED with information. If you do this, mentally prepare yourself for days and days of an unbootable machine. Reformatting and reinstalling over and over again. Getting a boot loader wrong, not installing Grub right, killing your install that was almost working perfectly because you changed a VGA boot option and now everything hangs... just prepare for these KINDS of things. Don't go in thinking "Awesome, I'll get this done in a day and have GNOME running" -- you won't, and if you do, something weird will break it out of no where and you won't have any idea what to do so you'll need to start over again.
I am not trying to scare you, just setting the expectation. If that sounds like heart-burn city, move onto my next suggestion.
3. Arch Linux -- You already mentioned this in your post and I just want to confirm that I believe THIS is the right choice for you. It is the perfect middle ground between Gentoo and something like Ubuntu -- you do get to know the ins and outs of the system, without the compiling/building/dependency pitfalls of Gentoo. This is an EXCELLENT place to start, get really familiar with everything and grow from (either down to Gentoo, or out of system management entirely into something like Ubuntu).
4. Ubuntu / Fedora -- Use these if you want a working computer, want to "try" Linux with a nice GUI and slowly become familiar with the underlying system through SOME GUI tools, mostly command line and have tons of support for your hardware. This is the "Mac"-esque experience you can get in Linux, in that you can live in the GUI all day if you want, but there is an underlying CLI/Unix world there under the surface if you want to mess with it.
5. Mint / SUSE / Kubuntu / Slackware / Whatever -- I have always seen these as different flavors of the same things listed above. I'd start with the primaries first and go from there.
Really appreciate you posting some specifics here. There's been a lot of hand-waving and big-brothering in the thread so far (justifiably so, security is a hot-button/serious topic) but you actually posted something concrete that helped me put a name-to-a-face as far as a pw hashing technique goes.
The salt is typically a per-user thing you generate a registration time and store isn't it? Because you would need it every time they logged in to re-compute the hash and compare don't you?
I'm trying to figure out how to keep the salt safe in that case... as it seems storing it along side the password is just bad form.
But then a system-wide salt seems just as bad too (1 salt to rule them all).
That's one reason why you should use a real password hash algorithm that cryptographers have looked at, not something your friend just came up with.
All I've ever known to do with passwords is hash them and store the hash and then provide a reset function -- what proper algos are out there that we should be using?
I'm fairly green when it comes to the security game, but wasn't the purpose of the salting to avoid the issue we saw with Gawker in that once you figured out Bob's unsalted password "password" hashed to "5f4dcc3b5aa765d61d8327deb882cf99" you suddenly has the credentials for X other users that all used "password" as their password as well? Where if the password had been salted all the hashes would be different and they would have had to brute force each one?
If the hacker has root access to your machine and has access to the encrypted passwords, salts and your code... it sort of seems like a given that you are (a) screwed and (b) they can brute-force the passwords with a much higher success rate.
I was thinking salting was just helpful when the passwords got exposed/stolen but the rest of the machine/code/etc. wasn't compromised. (not sure when that actually happens, but hey)
This comment will get buried among the 1000s of others, but I wanted to add my positive-karma to this thread for the Slashdot team.
The new design is simple, sharp and just... well... great! I have absolutely no modifications to suggest. This isn't one of those "Hey this looks great, EXCEPT I hate it for these X reasons..." types of posts, I literally love every aspect of it.
It seems to me that to get such a polished rollout, including all the redone story-topic graphics and all the admin pages/account pages/etc. all polished up like this, you guys must have been working on this for damn near a year.
If you weren't, then it sure looks like you were because I could lick it.
The refresh is a great experience and as a reader I sure appreciate you taking the time to roll it out!
RJHelms - I made no secret of the fact that I find the content of the fake reviews entertaining, they absolutely are (I mentioned it in the Amazon article, no need to look elsewhere), but it still bothers me that it is done so easily to products that I could be shopping for.
Thinking the content is funny and finding the flaws in the Amazon review system are two very different things.
Oh god the comments don't bother me at all, it bothers me how easy it is to game.
All these examples are hilarious because it's harmless, but if some douchebag marketer hops on there and starts spamming reviews for an awesome screwdriver set that is a POS or a $100 sports jacket (or book, or camera or whatever) that's what I see happening in the near future (assuming it isn't happening already) and I'll end up buying those items and regretting it.
I do rely on the reviews to at least be somewhat real and what all these fake reviews show is just how fragile that system is and maybe needs a bit more tightening.
So just to be clear, it's not about the review contents, it's about a system that is too easily gamed that I rely on that I don't want to be gamed so easily.
newtown, I think that's probably a fair statement... but the library is intended for developers that have to target a luddite crowd that either cannot change or doesn't know any better.
Imagine, for example, the requirements BofA.com or Wellsfargo.com has... they probably have to target IE 6 for another 5 years given their user base and that rules out a lot of nice looking CSS... this library addresses that for those devs that have to target crowds that aren't up to date.
It's pretty damn slick actually... technologically speaking, that it can even *do* this stuff in the first place.
I didn't even know IE 6 could render text correctly let alone run JavaScript effectively enough to mock this stuff up in it.
+1 to what Adam said, posted it again below without seeing his reply first. Gave a few other reasons of my own, but *basics* like understanding object equality and hashCode calculation that Adam points out are *excellent* points for this as your "next book" alone, even if those are the only two things you get out of it, that information will serve you again and again and again in Java.
Good question. Since you are relatively new to Java and seem to pick things up quick, I'd highly recommend picking up Effective Java (2nd Edition) by Joshua Bloch ($43 on Amazon) -- it's not that you have to become a high-performance fanatic, but there is a lot of magic in Java and a lot of abstractions that if you don't understand them correctly can be abused and result in poor performance.
Again, I don't care so much about pushing you towards optimized development, but what the book *will* do, is pull back the covers on the abstraction and "magic" in Java and show you the nuts and bolts all over the place so you understand everything from the high-level concepts (data structures, syntax, etc.) down to the low-level stuff (object creation, garbage collection, interned Strings, etc.) -- this will give you all that "depth" and detail to the learning of Java that will spring-board you forward with learning all the other things in Java.
As you pickup other APIs that might have otherwised seemed totally magical to you (Hibernate/JPA, proxied objects, etc.) you can just refer to the nuts and bolts you learned in Effective Java and go "Oh I see how that works" or "Yea I guess I get how that's functioning" so less of it is mystical hand-waving that just serves to confuse you when you are really down in the guts of some application.
Beyond that book, then you can start to specialize -- meaning you can learn specific APIs and frameworks based on your needs. Like Swing/SWT for Client GUI dev, or JSF/JSP/Struts/Wicket/SpringMVC/whatever-the-hell for web development and so on.
But the book you are reading now and Effective Java will give you that solid foundation to branch out to other areas.
Zach, you are correct, heard they ran out of time from one of the team members but it's suppose to come in 1.1 and at that time T-Mobile has the change to re-vet the OS and offer an upgrade to G1 users.
Not optimal, but when you think of how ambitious launching an OS is... I can't say I'm surprised.
The article seems to be comparing Java and Flash load times as both the examples the writer gave are of Java and a giant Flash application... neither of which test true browser loading performance and "JavaScript" performance as I'm sure most people are curious about.
This is like me reviewing the new Honda Accord by saying it's 10x faster than the Lexus when being dragged by a tow-truck.
That was my bad, Justin sent me some pictures and I popped them up cause I thought it was awesome... and then I realized what "Slashdotted" meant like 35 seconds later.
Yea sorry about that... I saw one post on the site "Did you know you got slashdotted?" I checked the server, the load level just said "Hahahah.0 0.24 0.13" and now I think it's in the process of melting.
Sent a ticket to the hosting co asking them to stop throttling it temporarily.
Sorry guys, I really didn't think slashdot would kill the site *that* freaking fast.
Actually the MyEclipse team snuck that ability into the 6.0.1 release. You can now install Matisse4MyEclipse directly into Eclipse without MyEclipse by just pointing at the MyEclipse discovery site and selecting M4M and not ME. (You do need a Pro subscription though to use it).
The bean question is a good one. With our old drip maker I couldn't tell a difference at all, with the super-auto I can tell a *huge* difference between a "smooth/fresh" bean and a "bitter/old" bean. Starbucks beans taste like crap in the super... they are *very* bitter. I also try and get a mild to light roast to preserve the caffeine in the bean which is something not a lot of people realize (darker == more roast == less caffeine)
Is anyone surprised that THIS is his management style, and the end result is Vista? I have to say that as soon as I used Vista and saw what 5 years of work had wrought, I freaking called it. You don't need a degree in Asshole to know that type of management style will realized a product as mis-guided, discontiguous, disorganized and buggy as Vista.
I've had an opportunity to work for people like this before, and the resulting project was identical to how Vista turned out. Made no sense, every week "Priority #1 was something different, and not determined by any intelligent estimation, but instead by how pissed off the manager was and how much screaming he did. So whatever he screamed about on Friday's meeting was Priority #1 for the next week... until the next Friday when he didn't care about that issue anymore and it was something else.
Personality types like this are the most poisonous in any kind of relationship (work, personal, etc.) and never bears any sort of recognizable fruit.
Actually I don't even think I need to type the last sentence... the result speaks for itself doesn't it?
Slashdot Mirror
I haven't posted to SD in years, but felt compelled to brush the cobwebs off and reply to your question...
1. This is a semi-religious question, so you are going to get a lot of vitriol in some of the responses; ignore it.
2. Gentoo is the "dive in the deep end, with weights tied to my feet and battle my way back to the surface" answer to your question. You build everything. You won't just learn the command line, you'll learn build tools, config scripts, environment vars, libraries, manual dependency management and more. I DO NOT think this is the right choice for you right now given how new you are to all of this. This will be the "death by a thousand paper cuts" experience that runs the risk of driving you crazy after 3 days of work and you still don't have a GUI running because of some esoteric error that you don't understand.
That said, if you insist that this is how you like to learn, go for it. The community/forums are very helpful and PACKED with information. If you do this, mentally prepare yourself for days and days of an unbootable machine. Reformatting and reinstalling over and over again. Getting a boot loader wrong, not installing Grub right, killing your install that was almost working perfectly because you changed a VGA boot option and now everything hangs... just prepare for these KINDS of things. Don't go in thinking "Awesome, I'll get this done in a day and have GNOME running" -- you won't, and if you do, something weird will break it out of no where and you won't have any idea what to do so you'll need to start over again.
I am not trying to scare you, just setting the expectation. If that sounds like heart-burn city, move onto my next suggestion.
3. Arch Linux -- You already mentioned this in your post and I just want to confirm that I believe THIS is the right choice for you. It is the perfect middle ground between Gentoo and something like Ubuntu -- you do get to know the ins and outs of the system, without the compiling/building/dependency pitfalls of Gentoo. This is an EXCELLENT place to start, get really familiar with everything and grow from (either down to Gentoo, or out of system management entirely into something like Ubuntu).
4. Ubuntu / Fedora -- Use these if you want a working computer, want to "try" Linux with a nice GUI and slowly become familiar with the underlying system through SOME GUI tools, mostly command line and have tons of support for your hardware. This is the "Mac"-esque experience you can get in Linux, in that you can live in the GUI all day if you want, but there is an underlying CLI/Unix world there under the surface if you want to mess with it.
5. Mint / SUSE / Kubuntu / Slackware / Whatever -- I have always seen these as different flavors of the same things listed above. I'd start with the primaries first and go from there.
Have fun!
I'm sorry about that misstatement; thank you for the correction.
Really appreciate you posting some specifics here. There's been a lot of hand-waving and big-brothering in the thread so far (justifiably so, security is a hot-button/serious topic) but you actually posted something concrete that helped me put a name-to-a-face as far as a pw hashing technique goes.
Much clearer now. Is there a generally "good length" for healthy sized salts? like random 32-character Strings or something else?
Thank you Qzukk for the clarification.
The salt is typically a per-user thing you generate a registration time and store isn't it? Because you would need it every time they logged in to re-compute the hash and compare don't you?
I'm trying to figure out how to keep the salt safe in that case... as it seems storing it along side the password is just bad form.
But then a system-wide salt seems just as bad too (1 salt to rule them all).
Excellent info, thanks for the info dump!
I wasn't clear on:
That's one reason why you should use a real password hash algorithm that cryptographers have looked at, not something your friend just came up with.
All I've ever known to do with passwords is hash them and store the hash and then provide a reset function -- what proper algos are out there that we should be using?
So salting is better explained as a uniqueness applied to your hash such that other people's hash of your password don't match yours.
Either I'm crazy or you retyped what I said with "No" prepended to it...
I'm fairly green when it comes to the security game, but wasn't the purpose of the salting to avoid the issue we saw with Gawker in that once you figured out Bob's unsalted password "password" hashed to "5f4dcc3b5aa765d61d8327deb882cf99" you suddenly has the credentials for X other users that all used "password" as their password as well? Where if the password had been salted all the hashes would be different and they would have had to brute force each one?
If the hacker has root access to your machine and has access to the encrypted passwords, salts and your code... it sort of seems like a given that you are (a) screwed and (b) they can brute-force the passwords with a much higher success rate.
I was thinking salting was just helpful when the passwords got exposed/stolen but the rest of the machine/code/etc. wasn't compromised. (not sure when that actually happens, but hey)
This comment will get buried among the 1000s of others, but I wanted to add my positive-karma to this thread for the Slashdot team.
The new design is simple, sharp and just... well... great! I have absolutely no modifications to suggest. This isn't one of those "Hey this looks great, EXCEPT I hate it for these X reasons..." types of posts, I literally love every aspect of it.
It seems to me that to get such a polished rollout, including all the redone story-topic graphics and all the admin pages/account pages/etc. all polished up like this, you guys must have been working on this for damn near a year.
If you weren't, then it sure looks like you were because I could lick it.
The refresh is a great experience and as a reader I sure appreciate you taking the time to roll it out!
RJHelms - I made no secret of the fact that I find the content of the fake reviews entertaining, they absolutely are (I mentioned it in the Amazon article, no need to look elsewhere), but it still bothers me that it is done so easily to products that I could be shopping for.
Thinking the content is funny and finding the flaws in the Amazon review system are two very different things.
Oh god the comments don't bother me at all, it bothers me how easy it is to game.
All these examples are hilarious because it's harmless, but if some douchebag marketer hops on there and starts spamming reviews for an awesome screwdriver set that is a POS or a $100 sports jacket (or book, or camera or whatever) that's what I see happening in the near future (assuming it isn't happening already) and I'll end up buying those items and regretting it.
I do rely on the reviews to at least be somewhat real and what all these fake reviews show is just how fragile that system is and maybe needs a bit more tightening.
So just to be clear, it's not about the review contents, it's about a system that is too easily gamed that I rely on that I don't want to be gamed so easily.
I don't know anyone that would say NIO/Selectors is *easier* than straight blocking IO.
I also hate replies that begin with "of course"... makes me want to pour coffee on someone's lap.
newtown, I think that's probably a fair statement... but the library is intended for developers that have to target a luddite crowd that either cannot change or doesn't know any better.
Imagine, for example, the requirements BofA.com or Wellsfargo.com has... they probably have to target IE 6 for another 5 years given their user base and that rules out a lot of nice looking CSS... this library addresses that for those devs that have to target crowds that aren't up to date.
It's pretty damn slick actually... technologically speaking, that it can even *do* this stuff in the first place.
I didn't even know IE 6 could render text correctly let alone run JavaScript effectively enough to mock this stuff up in it.
+1 to what Adam said, posted it again below without seeing his reply first. Gave a few other reasons of my own, but *basics* like understanding object equality and hashCode calculation that Adam points out are *excellent* points for this as your "next book" alone, even if those are the only two things you get out of it, that information will serve you again and again and again in Java.
Good question. Since you are relatively new to Java and seem to pick things up quick, I'd highly recommend picking up Effective Java (2nd Edition) by Joshua Bloch ($43 on Amazon) -- it's not that you have to become a high-performance fanatic, but there is a lot of magic in Java and a lot of abstractions that if you don't understand them correctly can be abused and result in poor performance.
Again, I don't care so much about pushing you towards optimized development, but what the book *will* do, is pull back the covers on the abstraction and "magic" in Java and show you the nuts and bolts all over the place so you understand everything from the high-level concepts (data structures, syntax, etc.) down to the low-level stuff (object creation, garbage collection, interned Strings, etc.) -- this will give you all that "depth" and detail to the learning of Java that will spring-board you forward with learning all the other things in Java.
As you pickup other APIs that might have otherwised seemed totally magical to you (Hibernate/JPA, proxied objects, etc.) you can just refer to the nuts and bolts you learned in Effective Java and go "Oh I see how that works" or "Yea I guess I get how that's functioning" so less of it is mystical hand-waving that just serves to confuse you when you are really down in the guts of some application.
Beyond that book, then you can start to specialize -- meaning you can learn specific APIs and frameworks based on your needs. Like Swing/SWT for Client GUI dev, or JSF/JSP/Struts/Wicket/SpringMVC/whatever-the-hell for web development and so on.
But the book you are reading now and Effective Java will give you that solid foundation to branch out to other areas.
Best,
Riyad
Zach, you are correct, heard they ran out of time from one of the team members but it's suppose to come in 1.1 and at that time T-Mobile has the change to re-vet the OS and offer an upgrade to G1 users.
Not optimal, but when you think of how ambitious launching an OS is... I can't say I'm surprised.
Let's hope the upgrade process is smooth.
The article seems to be comparing Java and Flash load times as both the examples the writer gave are of Java and a giant Flash application... neither of which test true browser loading performance and "JavaScript" performance as I'm sure most people are curious about.
This is like me reviewing the new Honda Accord by saying it's 10x faster than the Lexus when being dragged by a tow-truck.
Super-internet-logic fail
It's responding now, albeit a bit slowly. Server load is a nice healthy 31... that's a good thing right? :(
That was my bad, Justin sent me some pictures and I popped them up cause I thought it was awesome... and then I realized what "Slashdotted" meant like 35 seconds later.
Working on getting this horse running again. Sorry for that guys.
Yea sorry about that... I saw one post on the site "Did you know you got slashdotted?" I checked the server, the load level just said "Hahahah.0 0.24 0.13" and now I think it's in the process of melting.
Sent a ticket to the hosting co asking them to stop throttling it temporarily.
Sorry guys, I really didn't think slashdot would kill the site *that* freaking fast.
Also shopping for dedicated solutions now =/
Actually the MyEclipse team snuck that ability into the 6.0.1 release. You can now install Matisse4MyEclipse directly into Eclipse without MyEclipse by just pointing at the MyEclipse discovery site and selecting M4M and not ME. (You do need a Pro subscription though to use it).
Instructions here:
http://www.myeclipseide.com/documentation/quickstarts/m4minstall/#install_eclipse
Good timing, I just posted a review to the Super Automatic we ended up getting here:p resso-impressa-s9-avantgarde-review/
http://www.breakitdownblog.com/2007/05/16/jura-ca
The bean question is a good one. With our old drip maker I couldn't tell a difference at all, with the super-auto I can tell a *huge* difference between a "smooth/fresh" bean and a "bitter/old" bean. Starbucks beans taste like crap in the super... they are *very* bitter. I also try and get a mild to light roast to preserve the caffeine in the bean which is something not a lot of people realize (darker == more roast == less caffeine)
I've had an opportunity to work for people like this before, and the resulting project was identical to how Vista turned out. Made no sense, every week "Priority #1 was something different, and not determined by any intelligent estimation, but instead by how pissed off the manager was and how much screaming he did. So whatever he screamed about on Friday's meeting was Priority #1 for the next week... until the next Friday when he didn't care about that issue anymore and it was something else.
Personality types like this are the most poisonous in any kind of relationship (work, personal, etc.) and never bears any sort of recognizable fruit.
Actually I don't even think I need to type the last sentence... the result speaks for itself doesn't it?