Can anyone recommend a good open source IDE? Right now I'm only learning Python and HTML/CSS, but I'd like to expand to PHP and JavaScript, and maybe Java and C, who knows. Long term, I'm mainly interested in writing hacking and security related programs, but I'm also interested in web development. I might dabble in Android development sometime in the future, but I'm mainly just looking for an IDE that's open source, and will support multiple languages.

I use and prefer Linux, but I also use Windows, unfortunately, so I'm open to cross-platform recommendations, and one-or-the other recommendations.

I was going to install and check out Visual Studio Community, but I really would like to find something open source that's comparable. I was all set to install it and after the reading the privacy policy, I canceled like I was just about to have a go with a bird and noticed herpes blisters on her bits. I'm talking right shuddered mate.

Given that you're an individual not involved in corporate development, I would recommend loling at the VS privacy warnings and installing it. I have no idea what could possibly have freaked you out. You share more info with Google on a daily basis.

You're assuming incorrectly that I use google on a daily basis

lol OK. Good luck developing with DuckDuckGo.

Eclipse, NetBeans and IntelliJ IDEA Community Edition are all open-source, support multiple programming languages and are available on Linux and Windows.

https://startpage.com/

Thanks mate I'll look into these. Do you have any preference of the three?

I've read now several times that companies that hire java developers generally want you to have "that piece of paper" (the one that says you graduated from some school with a cs degree). When trying to get hired, what other programming languages/frameworks/etc fall into the "do you have that piece of paper" category?

A friend of mine just got a gig at Central Casting. He sayd the eye candy in the lobby is mind-boggling, and they all look at him wondering if he's somebody important that they should kiss up to.

I said he should tell them he can hack them into a role.

In addition to the python modules, I've also been working on the HTML&CSS modules on codecademy.com, and though I haven't gotten very far in them, it seems way easier, which leads me to wonder; is web design/development a lot easier than programming, simply because so much of it comes down to subjectivity?

Nooooo noo noo no no no.

It's like saying "is physics easier than biology?". That depends: are we talking about Newton's Laws, or the latest in string theory? Are we talking the Krebs cycle, or the finer points of epigenetic gene expression regulation? Both back-end and front-end programming can get complicated, it's a matter of how deeply you want to dive into each.

I haven't seen the Codecadamy course but I suspect that their HTML/CSS course is the equivalent of going "this is a for loop, this is an if statement, OK now you're a programmer! Good luck!".

Front and back end development tend to emphasise different skills. Even those categories are too broad. For instance, I fancy myself pretty good at figuring out nice, intuitive ways for users to interact with websites, but my visual design skills - i.e. actually implementing those concepts in ways that look nice - are hopeless.

Edit: To elaborate a bit, I'd say visual imagination is the single category of thought my brain is worst at. I'm fine at judging how good designs are, but I have to see them. If a design sucks, I can rarely be more useful than saying "that sucks". I can't suggest what needs to change because I can't imagine it. I'm like "show me variations, I'll tell you what is better". You can imagine how well this works out when I'm trying to design my own layouts from scratch.

You can study design. Like, it's less of an art than you might think if you're mystified by it. There are reasons you see and use a website and think, "well this experience sucks!"

When you study it, there's a lot of, "Oh, so that's what it's called when this happens," kind of stuff.

So, this sony pictures/guardians of peace hack is pretty insane.

Anyone here know someone who did or ever done security software themselves?

I'd be curious to learn what sort of skills someone needs to get into that kind of thing. Remember reading a story about a few schools starting cyber security programs due to how big a threat this stuff is.

Story linked on this usa today article claims 43% of companies worldwide have had data security breaches in the last year alone.

Madness of true.

Now we're talking my cup of tea! I'm in uni with a focus on cyber security, and have been studying hacking for a year or so. I'm not 1337, or even close to it, but I have my strengths, and I spend a lot of time studying.

Generally, I think the best thing I know is how much I don't know, and I know the directions of study I need to go to get to where I know what I need to know, you know? In this area, your two best friends are Kali Linux, and virtual machines. Kali is a Linux distro built for hacking/penetration testing, and ships with a ton of hacking tools. You'll obviously want to be familiar with wireshark, but you should also get familiar with metasploit, which is really ****ing awesome! Nmap for network scanning, burp suite for web hacking, sqlmap for database hacking, SET (Social Engineering Toolkit) for social engineering, and the aircrack suite of wireless hacking tools. These are some of the most commonly used tools, and if you get good with them, you can definitely own systems.

Right now skill wise, my biggest strength is WLAN hacking, and I'm currently working on compromising hosts in a LAN, using Kali as the attack platform, Metasploitable2, and an unpatched Windows XP install as victims. I use all those operating systems in Virtual Box, using a host-only network configuration, where there's no outside connectivity from the VMs to the internet. It's really essential to use virtual machines for learning, because the only legal way to practice hacking is by hacking your own equipment, and if you don't know what you're doing and are trying to learn by hacking other people's systems, you're going to caught and arrested, and that can lead to some serious time in prison, especially over in the states.

Going back to the subject of a person knowing what they don't know,, obviously a person cannot even begin to study hacking if they don't have a good foundational understanding of things like hardware, operating systems, and networking, all the stuff covered in CompTIA A+ and Network+. Regarding myself knowing what I don't know, aside from working on hacking hosts on a LAN, I'm also working very hard on programming, because I recognize that to be a really good hacker, and to be able to get to a point of a deep level of understanding, I need to be a programmer as well, and right now I'm working on Python (which I'm taking a class on in uni, as well as self study), and I'm also working on HTML&CSS, which aren't really programming languages, but they're important foundations for working towards web development and hacking.

My plan of self-study, once I work through both programming, and hacking hosts on a LAN, is to then move on to actually developing working web sites with databases in a virtual environment, and then hacking them, and then move on to learning Assmebly and exploit development. I don't have any doubt in my mind that in order to be a good hacker, I must also be a good developer. Sure, people can wreak havoc by hacking with simple script-kiddie skills, but in order to be a highly sought-after, well paid professional in the industry, I think a person needs a lot of skills beyond simple script-kiddie skills, and those come with learning programming and web development. And mate, it's truly a booming industry, and I don't doubt that 43% statistic at all. This web forum could probably be hacked by someone with enough skill and determination. Probably any site could, even google.

Another skill that is essential for professionals is people skills. Lots of hacks happen not because a deeply technical vulnerability was exploited, but because a person was just stupid as a rock and clicked a link, opened an email attachment, plugged in a flash drive, let some guy with a tie and glasses and a clipboard into a server room, etc. A lot of times the easiest way to own a system comes from just owning humans. Being able to figure out people's emotional states, being able to manipulate and deceive people, and being able to instill a manufactured sense of trust in people are important skills for hackers. Kevin Mitnick is a perfect example. I think he asserts that he's never actually exploited a vulnerability when he's compromised systems, he's done it all through social engineering, so the so-called "soft skills" that so many people in the IT industry lack are important.

So if professional hacking is something you're interested in, I would recommened the following

* Don't be dumb and do something illegal, you will get caught
* Develop a strong foundation in the topics covered under A+ and Network+
* Learn programming and web development
* Set up Kali and Metasploitable and unpatched Windows XP on virtual machines and hack them
* Move on to developing your own web sites and databases and hacking them on VMs
* Get a few routers and learn how to hack WLANs on your home network/equipment
* Move on to learning Assembly, and learn to to develop actual zero-day exploits
* Learn how to turn an intelligent, policy-valuing person into your pawn
* Get some sort of certifications or degree to get a foot in the door of companies. You could get super 1337 by learning everything on your own, and in my experience, most of my learning has been outside of the classroom, on my own, but you still need a piece of paper to get your foot in the door.



Some books I have and highly recommend:

Metasploit: The Penetration Tester's Guide, by David Kennedy, Jim O'Gorman, Devon Kearns, and Mati Aharoni
The Hacker Playbook: Practical Guide to Penetration Testing, by Peter Kim
Basic Security Testing with Kali Linux, by Daniel W. Dieterie
Wireshark 101: Essential Skills for Network Analysis, by Laura Chappell
NMAP Network Scanning, by Gordon "Fyodor" Lyon (Author of Nmap program)
BackTrack 5 Wireless Penetration Testing Beginner's Guide, by Vivek Ramachandran
Web Application Security: A Beginner's Guide, by Brian Sullivan and Vincent Lui
The Web Application Hacker's Handbook, by Dafydd Studdard, and Marcus Pinto
SSH Mastery: Open SSH, PuTTY, Tunnels, and Keys, by Michael W. Lucas
Red Team Field Manual, by Ben Clark


Some very good websites or youtube channels I watch and highly recommend:

Vivek Ramachandran's site
www.securitytube.net

Florida State University Offensive Security
https://www.youtube.com/user/gtg051x/videos

Lowell Vanderpool
https://www.youtube.com/user/vanderl2796/videos

Database Design and other topics
https://www.youtube.com/user/DanSoper33

NetSecNow
https://www.youtube.com/user/NetSecNow/videos

Also look around for CBT Nuggets videos, especially by Keith Barker. There are some on youtube, but I've found the best ones can be found on other parts of the internet. Like Swedish websites that roam the oceans. Probably the most important thing to know if you get into this field, is that the rabbit hole doesn't just go deep, it has no end, and you should always forge ahead, deeper and deeper with resolve. Cheers!

Most of my experience is working with external clients, so I will go with that, but I've seen this internally at companies as well.

I understand and agree with what ChrisV said, but also going to go in another direction.

Yes, some folks like ChrisV are not design-minded and admit it and say things like he said that he can't imagine and visualize a new concept, but if you show him several he can tell you which one is more intuitive, appears to be "designed better", etc.

That is not the reality.

The reality is the non-technical, non-design, non-anything, business or marketing person that is working on the project with you thinks they are the next Steve Jobs designing a product for Apple. If you are delivering something that you allow to be judged subjectively, you are really building something that reflects the opinions and preferences for someone who rarely has a background in design or user interface development.

Relevant oatmeal piece: http://theoatmeal.com/comics/design_hell

What you don't want to do is introduce a lot of subjectivity into the qualification criteria to determine if your design is good or not. The main reason is 99% of the people who will be telling you how they like the design is completely unqualified to do that, and will never have the humility of ChrisV to admit it.

What you have to do is have all of your designs tie into the intended outcomes and hit the goals from both a user experience and business goals perspective. The biggest way we do that is with data. I'm actually about to turn down an exclusive RFP with a high profile organization primarily because the criteria is completely subjective, and the team from the client for approvals includes ~10 people (and they are planning to use 2 guys from a small company as the UI and backend developers, and we want control of that).

If you are working in a subjective field, you are going to be forever subject to people's opinions, and when those people change and someone new takes their position, you are going to now have a totally different set of opinions to follow.

IMO, it is much more rewarding and will offer more success to be able to say:

"With your old design, this specific call to action was converting 1.17% of traffic, our new design is converting that call to action at 3.17%, and the other 12 major metrics for this page are all improving as well, here they are..."

or

"With the old interface it took an average user 1:15 to get through the first 4 steps and complete the goal at the end. The new interface allows that do be done in :35 and is seeing more users that start step 1 complete to step 4"

Does anyone else find learning new technologies more and more "painful" the older they get? It almost feels like my brain just burns too many calories being completely lost – and I don't have the energy for it. I just want to bypass that part somehow.

Time for management I guess. Ugh.

What is your process for learning new technology?

I read an interesting opinion recently (I think on HN) that it is difficult to learn things for the older generation of programmers because instead of everything being in an O'Reilly book, you have to enter obscure search terms to find the corresponding SO page or someone's random blog post about what you are looking for.

Well obviously I use Google like everyone else. But Google-fu only gets you so far on something like node, angular or karma unit testing if you don't have access to a live person with a lot more experience than you.

What I'm dealing with right now is we're trying to implement unit testing on the node side. I've googled around and found a half a dozen or so different approaches. I have absolutely no idea which one is best – I just have to guess and move forward.

I put our intern turned junior programmer on it for the last week – just to give him something to do and because I think he's ready for it. But he hasn't gotten much past hello world yet. So next week I get to figure out if a) the solution I chose is the right one at all (a guess), and b) unravel all the things the intern has attempted.

I just wish we had a bona fide expert around, like the guy who helped us get moving in the right direction on node in the first place. What I'm going to struggle with all next week would only take a few hours with him around – and I'd know we're pointed in the right direction.

I just know there's going to be a lot of frustration and head scratching ahead - which seems to become less and less fun each time. Once I get to a reasonable competence level in a technology, then I enjoy it.

But I also feel like unless I am really ready to give up on programming – I need to fight back against that feeling – and push through it anyway . Which is part of why I'm making this post.

So your company is using node even though you don't have anyone who really knows node? Brilliant.

Maybe things have eased up now, but a couple of years ago when we started this process you simply couldn't find a great developer with extensive node experience. We got insanely lucky just to find a high-priced consultant who really knew what he was doing. I know because we tried a few other high-priced consultants after that who were billed as node experts - but in reality were good JavaScript developers who didn't really know **** about node best practices. It did help us with recruiting though – as everyone wanted to learn node.

Look at this forum – we've probably got a half dozen legitimate angular experts, and I might be the closest thing to a node expert. (If I'm wrong, someone please come out of the woodwork and talk to me about unit testing )

In any case – here we are. We've got a significant portion of a monster site for a Fortune 100 entertainment company running on node – and I am the node guy. So far no major issues (fingers crossed).

I am also the guy responsible for implementing integration and unit testing (from node to angular - there's also scala/play layer I'm not responsible for - which is also supposed to be doing unit testing, but isn't yet). Even though I've never really done either at any level – and have made that abundantly clear to my bosses many many times. I've always worked at companies that talked about testing but never actually did anything.

However this time I making it my personal crusade to actually implement testing, mainly because I really want to learn it - even though obviously I find that process somewhat frustrating.

Over the last couple years, we tried a bunch of integration (zombie, Casper, karma) testing frameworks – but none of them worked reliably at all. Protractor hadn't really come out yet at the time. It never really occurred to us to try to do almost everything in unit testing. But then another developer went to the Google test automation conference – and they said for big sites the trend is to do almost everything in unit tests – with integration test as total last resort. They're just too ****ing slow. So I figure we need node unit testing - which we probably should have had from the beginning.

I have a feeling my bosses would be content to basically go down the same road of just talking about testing. They love to make PowerPoint slides about how awesome things are going to be when we have true CI/CD. But when the rubber meets the road they never really do anything or commit any resources (I still have a completely full workload, and no official deliverables when it comes to testing). If CI/CD is walking, we're still struggling to hold our heads up.

suzzer;

I've written about this before, but you are facing 2 issues, IMO.

First, you are using a newer technology. Yes, there will be a dearth of experts, little to no documentation, and tons of bad information.

Second, you are correct, it is very difficult to learn a newer / esoteric technology without a good resource, and a good resource is nearly 100% NOT a blog post or online tutorial. The amount of incorrect information (even on SO) is astonishing, no matter what technology you are using.

So, find a book and use that instead. Just go page 1...END and only look at Google for further insight. Seriously.

After that, expect more head-bashing and crying.

And also suzzer, wouldn't it a be a good idea to find someone who *doesn't* know JavaScript? It seems like a JS expert would struggle because they are likely more involved in front-end and won't necessarily understand the move to back-end is more complicated than just writing JavaScript for a server. If said expert is an expert in front-end, well, that's a totally different world than server-side.

Why not find applicants that has already mastered another esoteric language, such as GoLang, Lisp, Haskell, or whatever. This person has the experience of digging through the glom of awful resources, not giving up, and coming out on top. Of course, you'd probably want to find out why this person chose NOT to learn NodeJS, but at least you have someone on your team that understands the issues you are facing.

I think the best candidates for node are people are proficient in JavaScript, but also have a lot of experience with app/web servers like Weblogic. Many of the concepts are the same – just implemented differently.

I agree pure front end devs – whose JS experience mostly consists of SPA frameworks – do not make the best candidates. I designed our node framework so those guys can get their data as easily as possible, in a sandbox where they don't have to worry about/can't do much damage to the inner workings of node.

A bunch of us have had the experience of digging through the glom of awful resources, not giving up, and coming out on top. It just seems to get more and more frustrating with each iteration. That's my point.

I don't know if it's just a byproduct of getting older, getting a little burned out, or what. When I taught myself web programming and Perl on a huge side project that I completely bluffed my way into - there was still that excitement of not being even sure if I could do it at all.

With stuff now I know I'll get there eventually. I just know it will be a slog. Maybe the loss of adrenaline fueled by that fear of failure is what's sapping my motivation.

There is no book on node/express unit testing.

suzzer,

Didn't we talk about node/express stuff a few years ago? What's wrong with picking one of the frameworks out there and actually start writing the tests? Who cares what everyone says is best or not.

If you want a sure fire way to get stuff done, just look at TJ's github repo. He has like 50 node modules that are all tested with Mocha and express alone has a toooon of tests.