Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Ask Slashdot: New To Linux; Which Distro?

rsk Old timer here, I hope this helps... (573 comments)

I haven't posted to SD in years, but felt compelled to brush the cobwebs off and reply to your question...

1. This is a semi-religious question, so you are going to get a lot of vitriol in some of the responses; ignore it.

2. Gentoo is the "dive in the deep end, with weights tied to my feet and battle my way back to the surface" answer to your question. You build everything. You won't just learn the command line, you'll learn build tools, config scripts, environment vars, libraries, manual dependency management and more. I DO NOT think this is the right choice for you right now given how new you are to all of this. This will be the "death by a thousand paper cuts" experience that runs the risk of driving you crazy after 3 days of work and you still don't have a GUI running because of some esoteric error that you don't understand.

That said, if you insist that this is how you like to learn, go for it. The community/forums are very helpful and PACKED with information. If you do this, mentally prepare yourself for days and days of an unbootable machine. Reformatting and reinstalling over and over again. Getting a boot loader wrong, not installing Grub right, killing your install that was almost working perfectly because you changed a VGA boot option and now everything hangs... just prepare for these KINDS of things. Don't go in thinking "Awesome, I'll get this done in a day and have GNOME running" -- you won't, and if you do, something weird will break it out of no where and you won't have any idea what to do so you'll need to start over again.

I am not trying to scare you, just setting the expectation. If that sounds like heart-burn city, move onto my next suggestion.

3. Arch Linux -- You already mentioned this in your post and I just want to confirm that I believe THIS is the right choice for you. It is the perfect middle ground between Gentoo and something like Ubuntu -- you do get to know the ins and outs of the system, without the compiling/building/dependency pitfalls of Gentoo. This is an EXCELLENT place to start, get really familiar with everything and grow from (either down to Gentoo, or out of system management entirely into something like Ubuntu).

4. Ubuntu / Fedora -- Use these if you want a working computer, want to "try" Linux with a nice GUI and slowly become familiar with the underlying system through SOME GUI tools, mostly command line and have tons of support for your hardware. This is the "Mac"-esque experience you can get in Linux, in that you can live in the GUI all day if you want, but there is an underlying CLI/Unix world there under the surface if you want to mess with it.

5. Mint / SUSE / Kubuntu / Slackware / Whatever -- I have always seen these as different flavors of the same things listed above. I'd start with the primaries first and go from there.

Have fun!

about a year and a half ago
top

Ask Slashdot: Is SHA-512 the Way To Go?

rsk Re:Calm down and read up (223 comments)

Really appreciate you posting some specifics here. There's been a lot of hand-waving and big-brothering in the thread so far (justifiably so, security is a hot-button/serious topic) but you actually posted something concrete that helped me put a name-to-a-face as far as a pw hashing technique goes.

more than 3 years ago
top

Are You Sure SHA-1+Salt Is Enough For Passwords?

rsk Re:Isn't salting to avoid similarities in hashes? (409 comments)

Much clearer now. Is there a generally "good length" for healthy sized salts? like random 32-character Strings or something else?

more than 3 years ago
top

Are You Sure SHA-1+Salt Is Enough For Passwords?

rsk Re:Isn't salting to avoid similarities in hashes? (409 comments)

The salt is typically a per-user thing you generate a registration time and store isn't it? Because you would need it every time they logged in to re-compute the hash and compare don't you?

I'm trying to figure out how to keep the salt safe in that case... as it seems storing it along side the password is just bad form.

But then a system-wide salt seems just as bad too (1 salt to rule them all).

more than 3 years ago
top

Are You Sure SHA-1+Salt Is Enough For Passwords?

rsk Re:Isn't salting to avoid similarities in hashes? (409 comments)

Excellent info, thanks for the info dump!

I wasn't clear on:

That's one reason why you should use a real password hash algorithm that cryptographers have looked at, not something your friend just came up with.

All I've ever known to do with passwords is hash them and store the hash and then provide a reset function -- what proper algos are out there that we should be using?

more than 3 years ago
top

Are You Sure SHA-1+Salt Is Enough For Passwords?

rsk Re:Isn't salting to avoid similarities in hashes? (409 comments)

So salting is better explained as a uniqueness applied to your hash such that other people's hash of your password don't match yours.

Either I'm crazy or you retyped what I said with "No" prepended to it...

more than 3 years ago
top

Are You Sure SHA-1+Salt Is Enough For Passwords?

rsk Isn't salting to avoid similarities in hashes? (409 comments)

I'm fairly green when it comes to the security game, but wasn't the purpose of the salting to avoid the issue we saw with Gawker in that once you figured out Bob's unsalted password "password" hashed to "5f4dcc3b5aa765d61d8327deb882cf99" you suddenly has the credentials for X other users that all used "password" as their password as well? Where if the password had been salted all the hashes would be different and they would have had to brute force each one?

If the hacker has root access to your machine and has access to the encrypted passwords, salts and your code... it sort of seems like a given that you are (a) screwed and (b) they can brute-force the passwords with a much higher success rate.

I was thinking salting was just helpful when the passwords got exposed/stolen but the rest of the machine/code/etc. wasn't compromised. (not sure when that actually happens, but hey)

more than 3 years ago
top

Slashdot Launches Re-Design

rsk Design talent and hard work show (2254 comments)

This comment will get buried among the 1000s of others, but I wanted to add my positive-karma to this thread for the Slashdot team.

The new design is simple, sharp and just... well... great! I have absolutely no modifications to suggest. This isn't one of those "Hey this looks great, EXCEPT I hate it for these X reasons..." types of posts, I literally love every aspect of it.

It seems to me that to get such a polished rollout, including all the redone story-topic graphics and all the admin pages/account pages/etc. all polished up like this, you guys must have been working on this for damn near a year.

If you weren't, then it sure looks like you were because I could lick it.

The refresh is a great experience and as a reader I sure appreciate you taking the time to roll it out!

more than 3 years ago
top

Amazon Fake Products and Fake Reviews

rsk Re:This one's been posted on Slashdot before... (240 comments)

RJHelms - I made no secret of the fact that I find the content of the fake reviews entertaining, they absolutely are (I mentioned it in the Amazon article, no need to look elsewhere), but it still bothers me that it is done so easily to products that I could be shopping for.

Thinking the content is funny and finding the flaws in the Amazon review system are two very different things.

more than 3 years ago
top

Amazon Fake Products and Fake Reviews

rsk Re:Article is Clueless -- Reviews are Jokes (240 comments)

Oh god the comments don't bother me at all, it bothers me how easy it is to game.

All these examples are hilarious because it's harmless, but if some douchebag marketer hops on there and starts spamming reviews for an awesome screwdriver set that is a POS or a $100 sports jacket (or book, or camera or whatever) that's what I see happening in the near future (assuming it isn't happening already) and I'll end up buying those items and regretting it.

I do rely on the reviews to at least be somewhat real and what all these fake reviews show is just how fragile that system is and maybe needs a bit more tightening.

So just to be clear, it's not about the review contents, it's about a system that is too easily gamed that I rely on that I don't want to be gamed so easily.

more than 3 years ago
top

Java IO Faster Than NIO

rsk Re:And this is news? (270 comments)

I don't know anyone that would say NIO/Selectors is *easier* than straight blocking IO.

I also hate replies that begin with "of course"... makes me want to pour coffee on someone's lap.

more than 4 years ago
top

Adding CSS3 Support To IE 6, 7 and 8 With CSS3 Pie

rsk Re:Pointless. (142 comments)

newtown, I think that's probably a fair statement... but the library is intended for developers that have to target a luddite crowd that either cannot change or doesn't know any better.

Imagine, for example, the requirements BofA.com or Wellsfargo.com has... they probably have to target IE 6 for another 5 years given their user base and that rules out a lot of nice looking CSS... this library addresses that for those devs that have to target crowds that aren't up to date.

It's pretty damn slick actually... technologically speaking, that it can even *do* this stuff in the first place.

I didn't even know IE 6 could render text correctly let alone run JavaScript effectively enough to mock this stuff up in it.

more than 4 years ago
top

After Learning Java Syntax, What Next?

rsk Re:Effective Java (293 comments)

+1 to what Adam said, posted it again below without seeing his reply first. Gave a few other reasons of my own, but *basics* like understanding object equality and hashCode calculation that Adam points out are *excellent* points for this as your "next book" alone, even if those are the only two things you get out of it, that information will serve you again and again and again in Java.

more than 4 years ago
top

After Learning Java Syntax, What Next?

rsk Effective Java by Joshua Bloch (293 comments)

Good question. Since you are relatively new to Java and seem to pick things up quick, I'd highly recommend picking up Effective Java (2nd Edition) by Joshua Bloch ($43 on Amazon) -- it's not that you have to become a high-performance fanatic, but there is a lot of magic in Java and a lot of abstractions that if you don't understand them correctly can be abused and result in poor performance.

Again, I don't care so much about pushing you towards optimized development, but what the book *will* do, is pull back the covers on the abstraction and "magic" in Java and show you the nuts and bolts all over the place so you understand everything from the high-level concepts (data structures, syntax, etc.) down to the low-level stuff (object creation, garbage collection, interned Strings, etc.) -- this will give you all that "depth" and detail to the learning of Java that will spring-board you forward with learning all the other things in Java.

As you pickup other APIs that might have otherwised seemed totally magical to you (Hibernate/JPA, proxied objects, etc.) you can just refer to the nuts and bolts you learned in Effective Java and go "Oh I see how that works" or "Yea I guess I get how that's functioning" so less of it is mystical hand-waving that just serves to confuse you when you are really down in the guts of some application.

Beyond that book, then you can start to specialize -- meaning you can learn specific APIs and frameworks based on your needs. Like Swing/SWT for Client GUI dev, or JSF/JSP/Struts/Wicket/SpringMVC/whatever-the-hell for web development and so on.

But the book you are reading now and Effective Java will give you that solid foundation to branch out to other areas.

Best,
Riyad

more than 4 years ago
top

Google Opens Up Android Codebase

rsk Re:Allowing "Banned" Features (204 comments)

Zach, you are correct, heard they ran out of time from one of the team members but it's suppose to come in 1.1 and at that time T-Mobile has the change to re-vet the OS and offer an upgrade to G1 users.

Not optimal, but when you think of how ambitious launching an OS is... I can't say I'm surprised.

Let's hope the upgrade process is smooth.

about 6 years ago
top

Computer-Aided Lego Art Project

rsk Re:I wonder what computer was used (112 comments)

That was my bad, Justin sent me some pictures and I popped them up cause I thought it was awesome... and then I realized what "Slashdotted" meant like 35 seconds later.

about 6 years ago

Submissions

top

Canonical drops CouchDB from Ubuntu One

rsk rsk writes  |  more than 2 years ago

rsk writes "Since the Ubuntu One desktop synchronization service was launched by Canonical it has always been powered by CouchDB, a popular document-oriented NoSQL data store with a powerful master-master replication architecture that runs in many different environments (servers, mobile devices, etc.)

John Lenton, senior engineering manager at Canonical, announced that Canonical would be moving away from CouchDB due to a few unresolvable issues Canonical ran into in production with CouchDB and the scale/requirements of the Ubuntu One service. Instead, says Lenton, Canonical will be moving to a custom data storage abstraction layer (U1DB) that is platform agnostic as well as datastore agnostic; utilizing the native datastore on the host device (e.g. SQLite, MySQL, API layers, "everything"). U1DB will be complete at some point after the 12.04 release."

Link to Original Source
top

AWS ELB Sends 2 Million Netflix API reqs to wrong

rsk rsk writes  |  more than 2 years ago

rsk (119464) writes "Amazon Web Services's Elastic Load Balancer is a dynamic load-balancer managed by Amazon. Load balancers regularly swapped around with each other which can lead to surprising results; like getting millions of requests meant for a different AWS customer. Using ELBs can result in AWS unintentionally introducing a man-in-the-middle (attack) into your application environment. Most AWS users do not realize this can happen and have not secured against it."
Link to Original Source
top

Performance effects of an SSD in your PS3

rsk rsk writes  |  more than 3 years ago

rsk (119464) writes "Ever wondered what kind of performance improvement putting an SSD in your PS3 would give you? Well, it's roughly a 2x speedup in disk intensive operations. Because of the bandwidth cap of the SATA 1.5 Gb/sec (~192 MB/sec) controller in the PS3, there is no need to spend a boat-load on next-gen SSDs (Vertex 3, Intel 510). Picking up a cheaper last-gen SSD like the Vertex 2 or Intel X25 is all you need."
Link to Original Source
top

Unavoidable Security Risk Caused by Elastic Load B

rsk rsk writes  |  more than 3 years ago

rsk (119464) writes "Originally discussed in the EC2 forums, the existing design of elastic load balancing in AWS can result in other AWS customers using load-balancing receiving your web application traffic for brief periods of time. Most AWS users see this as "odd traffic" in their server log files, but any unsavory AWS customer would setup servers in each availability zone (in each region) behind an ELB and simply log all the misdirected traffic, potentially exposing customer information (e.g. private API keys) never intended for public consumption."
Link to Original Source
top

Sony Taking the Low Road w/ PS3 Hackers

rsk rsk writes  |  more than 3 years ago

rsk writes "Since the PS3 MetLdr key was exposed by GeoHot and the fail0verflow group presented the PS3 DRM being subverted, Sony has been on a legal rampage to murder the cat now that it is out of the bag at all costs; one of those costs being a violently-degraded customer image.

Occurring right along side this event is Microsoft's response to Kinect hacking: "Cool, here is an SDK!"; not what I would have expected.

Given that the fight over DRM is an age-old battle (even on consoles) and there is plenty of market history to pull from to see what happens over time, isn't the right move for Sony to just suck it up, innovate and move forward?"

Link to Original Source
top

Why Faster-than-Light Travel is Impossible

rsk rsk writes  |  more than 3 years ago

rsk writes "reddit user purpsicle27 asked "Why exactly can nothing go faster than the speed of light?" and got a slew of excellent replies. One reply in particular, by user "RobotRollCall" (RRC), was a favorite thanks to its simplification of an inherently complex matter and easy to understand examples.

According to other reddit folk, RRC has been notoriously tight-lipped about his real identity but continually drops excellent written comments into the community from time to time. reddit user mazsa suggested that RRC is actually popular science author Brian Greene, author of the The Fabric of the Cosmos. I don't know if that is true, but the reviews from his existing books seem to suggest that the easy-to-understand style is a very Greene trait."

Link to Original Source
top

Bvckup - Simple Backup for Windows

rsk rsk writes  |  more than 3 years ago

rsk (119464) writes "If you are a child of the Quarterdeck utility days and remember a simpler time when backup software just copied files from one location to another without proprietary compression or overly complex configuration, you'll enjoy Bvckup. Bvckup (pronounced... read this) is a Windows backup app that uses simple file copy and binary diff-ing to keep files from a source location in sync with a backup destination. Setting up a job is as simple as giving it a name, setting a source directory and a destination and hitting "Start"; Bvckup will monitor the files for changes either in real-time or based on a timer, then generate a diff and merge that into the backup copy or (if you turn that off) just copy the new file over. Weighing in at under 500 KB, it is nice to see these boutique desktop apps coming back in vogue for the day to day jobs that are still a pain."
Link to Original Source
top

Makerbot Thing-o-Matic 3D Printer Review

rsk rsk writes  |  more than 3 years ago

rsk (119464) writes "A review of the $1200 Makerbot Thing-o-Matic 3D printer. After a 16-hour self-assembly and a few weeks of use a blown PSU was replaced with a higher powered PSU via a mod to the Thing-o-Matic. Video of the Thing-o-Matic printing out little solar panel mounts from Google Sketch-up included in the review. Final thoughts suggest that the Thing-o-Matic is not a great gift for non-engineers: You need a decent understanding of robotics, hardware, software, electronics and mechanics, need a little hand dexterity and a ton of patience."
Link to Original Source
top

Amazon Fake Products and Fake Reviews

rsk rsk writes  |  more than 3 years ago

rsk (119464) writes "The first time I came across fake reviews on Amazon, it was hilarious. Using Amazon's Window Shop app I came across a great category, "Peculiar Products", and was more than happy to look through it. Almost every one of the products I found on the list (Uranium Ore, 1 Gallon of Milk, Parent Child Test, Fresh Whole Rabbit) were fake with thousands of reviews on them. As a shopper, I wasn't aware of how easy it was to apparently fake product reviews and it bothers me. When I'm shopping, the first (and a lot of times only) place I visit is Amazon to read the reviews if I'm in the market for something. I don't expect the reviews to be the word of God, but I do assume a certain level of legitimacy for most of them. While this won't effect my use of Amazon (especially not at this time of the year) I would like to bubble this up to Amazon's attention so some time is spent on improving the quality of the reviews."
Link to Original Source
top

Sensible Time Management for Busy People

rsk rsk writes  |  more than 3 years ago

rsk (119464) writes "Like most nerdy tech-folk I've tried to leverage my fair share of TODO software and time-management techniques over the years. It is usually the rigid requirements of a time management approach that turns me off to it; rules, styles and techniques that are complex enough (or annoying enough) to go onto a TODO list themselves. This is what I found so appealing about Mark Forster's "Autofocus" technique. How Autofocus works is based on the idea of a writing down tasks as they come to you, but the approach to reviewing and completing them is designed to subtly engaging your subconscious for a solution while keeping your conscious mind focused on actually getting things done. As someone who is regularly paralyzed by the sheer size of his own TODO lists, I found this approach very appealing and wanted to share it."
Link to Original Source
top

FourSquare Checkin Hack Now w/ GUI and Source Code

rsk rsk writes  |  more than 4 years ago

rsk (119464) writes "Back in August Mayank Lahiri discovered a hole in FourSquare's API with regard to authenticating a "Checkin", he created a 9-line Perl script proof of concept that could could check you in as long as you had the Venue ID (from the 4sq site) and lat/long (from Google Maps). Additional versions of the script (e.g. in Ruby) were submitted to Mayank which he has posted on his website. To make things easier on folks wanting to play with this, I reimplemented the original script in Java and gave it a GUI. The source is all available under the GPL for anyone that wants to play with this implementation."
Link to Original Source
top

Digg v4's Problems are Not Technical

rsk rsk writes  |  more than 4 years ago

rsk (119464) writes "Weeks after a rocky launch of Digg v4, the company's challenges continue with the replacement of temporary CEO Kevin Rose by Amazon's Matt Williams and firing 3yr Digg veteran and VP of Engineering, John Quinn. Original online speculation lead the unexplained firing of Quinn to be caused by the risky move to a NoSQL backend power by Cassandra. Jonathan Ellis, project chair for Cassandra, has pointed to two Digg engineers on Quora discrediting this rumor and make Quinn's firing even less clear. Ultimately, Digg's problems have nothing to do with technical challenges, and more to do with the shifting commercial-driven interest of the mega social news site."
Link to Original Source
top

Gaming Foursquare check-in with 9 lines of Perl

rsk rsk writes  |  more than 3 years ago

rsk (119464) writes "Mayank Lahiri has hacked together a 9-statement Perl script that mocks a Foursquare check-in (HTTP POST) allowing you to claim a check-in to any location. Running the script only requires you know the Venue ID (from the website) and lat/long GPS coordinates for the location (available from the "link" link on Google Maps when location is centered). I'm fairly certain this violates the ToS of Foresquare, so becoming the Mayor of Google HQ could be harder than you thought."
Link to Original Source
top

Java IO Faster Than NIO – Old is New Again

rsk rsk writes  |  more than 4 years ago

rsk (119464) writes "Paul Tyma, the man behind Mailinator, has put together an excellent performance analysis comparing old-school (java.io.*) synchronous programming to Java's (java.nio.*) asynchronous programming showing a consistent 25% performance deficiency with the asynchronous code. As it turns out, old-style blocking I/O with modern threading libraries like Linux NPTL and multi-core machines gives you idle-thread and non-contending thread management for an extremely low cost; less than it takes to switch-and-restore connection state constantly with a selector approach."
Link to Original Source
top

Adding CSS3 Support to IE 6, 7 and 8 with CSS3 Pie

rsk rsk writes  |  more than 4 years ago

rsk (119464) writes "Internet Explorer 6, 7 and to some extent 8 have been the bane of every CSS-loving web developer for years. With the spreading adoption of CSS3's fancier rendering effects like rounded edges, drop shadows and linear gradients, the frustration of needing to deal with IE compatibility is growing. 327 Creative's Jason Johnston has created the CSS3 Pie library to address this. CSS3 Pie adds support for CSS3's most popular rendering techniques to Internet Explorer 6, 7 and 8 by way of the IE-only CSS property "behavior". CSS3 Pie is open sourced under the Apache 2 license and can be accessed from it's github repository."
Link to Original Source
top

MongoDB Favors Performance Over Durability

rsk rsk writes  |  more than 4 years ago

rsk (119464) writes "Mikeal Rogers (of CouchDB) recently blogged about the lack of data durability in MongoDB (with default settings) which lead to a compelling discussion between Mikeal and the MongoDB creators, 10gen. Conversations about MongoDB's single-server durability continued to spring up so I put together a MongoDB guide covering every setting, tip and trick you can use to improve your data durability with MongoDB. I would also note that MongoDB has more single-server durability features in the works for 1.7/1.8."
Link to Original Source
top

Apache Wicket Powers mobile.walmart.com

rsk rsk writes  |  more than 4 years ago

rsk (119464) writes "On the Apache Wicket user mailing list today one of the developers announced that his team had rolled out Walmart's new mobile website which was built on top of the Apache Wicket Java web framework. The team's primary reasons for using Wicket was the ability to maintain the same server-side code for the component layout of the pages while allowing the components to generate appropriate HTML depending on the client browser's capabilities (HTML5 for iPhone/Android, HTML 4 subset for BlackBerry and more trimmed down HTML for even older clients). Overall a very exciting shot in Wicket's arm to see such a large corporate asset rolled out and scaling on the platform."
Link to Original Source
top

Issues with 3G Signals on T-Mobile with Nexus One

rsk rsk writes  |  more than 4 years ago

rsk (119464) writes "One of the most popular questions on the Google Nexus One support forums is the 'Spotty 3G?' thread with almost 700 posts of users complaining about their 3G signal coverage fluctuating up down and between EDGE/3G with the phone just sitting on the desk or compared to other 3G devices on the T-Mobile network that don't offer the same unpredictable behavior. One workaround that seems to fix the issue is forcing the phone into "3G" or "WCDMA Only" mode. This is a bit of a downer given that T-Mobile just finished their 3G upgrade to 7.2Mbps. Official word from Google is "We are investigating this issue..."."
Link to Original Source
top

HTC Hero Review Uncovers Performance Issues

rsk rsk writes  |  more than 4 years ago

rsk writes "I don't think I was the only nerd on T-Mobile that was crestfallen when the myTouch 3G (aka "G2") was announced to be an HTC Magic and then immediately trumped by HTC's own announcement the upcoming Hero release that wouldn't be gracing T-Mobile US networks anytime soon. As initial reviews of the HTC Hero trickle in, it seems that all is not roses and flowers on the HTC Hero front. With the hardware of the Hero being identical to that of the HTC Magic, the extra UI glitz and glamor as well as official Flash support come at the cost of some pretty noticeable performance problems during use."
Link to Original Source

Journals

rsk has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?