The Sun JDK 6 on my Debian 4.0 system contains the following executables in its bin directory:

[weiqi@gao: /usr/lib/jvm/java-6-sun-1.6.0.06/bin] $ ls
amd64         java      jhat        jstat         rmic         unpack200
appletviewer  javac     jinfo       jstatd        rmid         wsgen
apt           javadoc   jmap        keytool       rmiregistry  wsimport
extcheck      javah     jps         native2ascii  schemagen    xjc
idlj          javap     jrunscript  orbd          serialver
jar           jconsole  jsadebugd   pack200       servertool
jarsigner     jdb       jstack      policytool    tnameserv

Some of these tools, such as javac, java and javap I use every day. Others, such as appletviewer and jdb, not so often any more. There are some I never used.

Today's quiz has multiple questions:

Q: for (String exe : aboveList) {
        What does exe do?
        Have you ever had any occasions to use it?
    }

(Via St. Louis Unix Users Group discuss mailing list.)

Bojan Zdrnja on SANS Internet Storm Center: Couple of days ago Swa posted a diary about a critical Debian/Ubuntu PRNG security vulnerability.

Today Matt wrote in to let us know that H D Moore posted a web page containing all SSH 1024, 2048 and 4096-bit RSA keys he brute forced.

It is obvious that this is highly critical—if you are running a Debian or Ubuntu system, and you are using keys for SSH authentication (ironically, that's something we've been recommending for a long time), and those keys were generated between September 2006 and May 13th 2008 then you are vulnerable. In other words, those secure systems can be very easily brute forced. What's even worse, H D Moore said that he will soon release a brute force tool that will allow an attacker easy access to any SSH account that uses public key authentication.

But this is not all—keep in mind that ANY cryptographic material created on vulnerable systems can be compromised. If you generated SSL keys on such Debian or Ubuntu systems, you will have to recreate the certificates and get them signed again. An attacker can even decrypt old SSH sessions now.

The Debian project guys released a tool that can detect weak keys (it is not 100% correct though as the blacklist in the tool can be incomplete). You can download the tool from http://security.debian.org/project/extra/dowkd/dowkd.pl.gz.

The bottom line is: this is very, very, very serious and scary. Please check your systems and make sure that you are both patched, and that you regenerated any potentially weak cryptographic material.

I haven't verified the validity of the claim made here. It's from an official sounding place. And if true, it represents real, big, problems—the kind of situation where you just want to pass on the information to everybody you know.

I don't have any keys generated on Debian during the period cited above. Even if I do, I would be reluctant to download a program from the internet and let it scan my private keys.

Use your judgement.

Code To Joy has ignited a debate on the topic of You Should Learn New Languages. The post is in response to a Gustavo Duarte post titled Language Dabbling Considered Wasteful, which was carried on InfoQ four days ago.

As always, I claim that both sides have their points. When I read Gustavo for the first time, I said to myself, "I couldn't agree more." And when I read Michael's response, I said to myself, "That's totally what I want to say—fifteen years ago."

Yes, I'm setting this up as the opinion of the young vs. that of the old.

Here's what I imagine is going on in the minds of the young and the old. (I don't mean to disparaging either the young or the old, we were all young once, and hopefully, we all grow old eventually. Here's how to tell if you are young—when you jump up from your seat shouting "What do you mean I'm too young?" you are young. And old—"I'll let the young ones have fun.")

Young: There are so many new languages out there. They all look wonderful. Each one has a special claim to an unfathomable feature (like objects, or closure, or unification, or curried functions, or actors or agents) that will solve the world's problems. Must learn new languages.
Old: I've learned a couple dozen programming languages over the years. I've come to appreciate the unique qualities each bring to the table. The last few languages I learned seems to be reorganizations of features of languages that I already know: Ruby is just like smalltalk, Scala is just like OCaml. I'm sure I can learn C# as well as anybody if I was unfortunate enough to be put on a C# project.

Young: Bruce Tate says Ruby will kick Java's ass. Martin Odersky says Scala combines the goodness of OO with the goodness of functional programming. Plus he's a professor in a university. Herb Sutter says the free lunch if over. Paul Graham says Lisp is the bestest languages on earth. Groovy is totally groovy. Larry Ellison says the world will embrace thin-client network computers. Must learn new stuff.
Old: Niklaus Wirth said to go with Pascal. Richard Stallman won't program in anything but Lisp. Brad J Cox said Objective-C is a much better OO language than C++. Bill Gates and Steve Ballmer bet their multi-billion dollar company on XML and SOAP. DBase, Clipper, SQLWindows, PowerBuilder were all very popular at some point. See where they are now. I'm glad I chose C++ and Java, which had put the food on my table for the last twenty years.

Young: Learning new and different syntaxes are fun. Look, in Python and Haskell you use layouts for block structures, cool! In Scheme, you use nothing but parentheses for syntax. (+ 1 2 3 4 5) saves a lot of keystrokes from 1 + 2 + 3 + 4 + 5, cool! In JavaScript, you can alter a class through its prototype chain, cool! ... Must learn!
Old: It was fun for a while. I've seen them all. I'll read some Perl if I want to have fun. And there's always the obfuscated program that compiles under seven compilers—Fortran, C, Pascal, ... Underneath them all, are the same little machines that make everything work.

Young: In five years, my desktop machine will have 20 cores. The only language that will allow me to take advantage of them all is Erlang. Even Steve Vinoski said so. Must learn.
Old: In five years, I'll be seven years away from retirement. They'll never come up with a way to easily decompose arbitrary desktop client algorithms into parallel tasks. Plus, the missile guidance system and the satellite ground station I write were pretty reliable, it was all done in C!

Young: Scala is the scalable language. Must learn
Old: Call me when I can do code completion, refactoring and debugging for it in my IDE.

Of all the language I learned on my own time, C++ and Java are among the most profitable. Both landed me new jobs. Scheme is the most intellectually rewarding. It allowed me to get through the SICP. Bash, Gawk, HTML/CSS are the most helpful. I use them to write little throw-away scripts and to write this blog everyday.

Groovy, Ruby, Scala, and lately Clojure are my learning for learning's sake languages. I'm sure I'm a better programmer because of my learning experience. But I haven't profited from them. None of the languages have become my go-to language. And I believe I'm at least one year away from being proficient in anyone of the languages, the achievement of which probably requires me to work on an actual project mainly developed in that language. With a full time job doing Java and C++, and a family to feed, I can't afford to commit more of my spare time.

As Michael said, "That's not momentum. That, my friends, is inertia."

Alas. That's also reality. You will understand.