Letters

Where's the Security?

I was surprised in a Linux Journal issue (January 2009) specifically targeting security that the shell script article by Dave Taylor didn't suggest a more secure method of creating temporary filenames other than just using the $$ variable. Adding a little ${RANDOM} to the temp directory name and filename, perhaps? Maybe he's going to address that in a later article.

—
Forrest Hudspeth

Dave Taylor replies: Great point, Forrest. Since I have limited space in my column, I tend to write short solutions rather than more complicated ones. You're right that something like:

tempname="/tmp/appname.$$.${RANDOM}"

works better than just a simple application of $$ in terms of making it harder for a hacker to game your temporary files and potentially alter the execution and results of system shell scripts.

Lots of Security

In my opinion, the January 2009 Security issue was one of the best issues put out in a while, not that the magazine isn't good, but you really outdid yourselves this time in keeping the articles on focus with the focus of the issue. The one thing I would have liked to see is if Cooking with Linux could have talked about setting up home surveillance cameras in keeping with the Security theme or something of the like. Although I always enjoy Marcel Gagné's articles, I'd like to see him focus on some small-to-medium projects too instead of just games.

—
Mike

Laptop Sizes and Great LJ Subscription Service

In the January 2009 issue, you have a nice article: “Small Laptops vs. Large Laptops” by Kyle Rankin and Bill Childers. Well, I've worked for several years as a consultant, and I travel a lot, so I can understand the need for a big laptop and also can understand the need and usefulness of a small laptop. But, why not have the best of both worlds? First, I had a big 15" or 17" laptop, and it was great, but then I had to travel, and it wasn't so nice to carry nor was it usable on an airplane, so I bought a small Sony with an 11" monitor. It was nice to have eight hours of battery life, but at the end of the day I was tired, and my head hurt because of the effort to read all the tiny letters. The keyboard was too small, and I spent much time using delete and backspace to correct my errors while programming or writing documentation. So, I bought a 13" display laptop, once again from Sony—an SZ series. Right now, I'm the happiest man in the world with my laptop. It's light (1.5kg), fast, has 2.0MHz dual core and 4GB of RAM. It has a nice hybrid dual video card (one Intel for extreme endurance on battery, and one NVIDIA for games and so on). Nowadays, I think we can have both worlds, being light and small and at the same time, powerful and functional.

On another subject, some weeks ago I had a problem with my subscription for Linux Journal, and I didn't get my favorite magazine. I contacted LJ support and they were great. In a week, I had the missing issues (and I live in Portugal). Here's something we all love: real support when you need it, and as with Linux, LJ gives you the best support. Keep up the excellent work!

—
Pedro

Pedro, glad you liked Kyle and Bill's new Point/Counterpoint column—see page 77 of this issue for more bickering.—Ed.

Reducing Keystrokes

Further to Antoine's suggestion to Dave Taylor on reducing keystrokes [see Letters in the January 2009 issue of LJ], note that:

pickline=$(( $RANDOM % 250 + 1 ))

can be further simplified to be:

pickline=$(( RANDOM % 250 + 1 ))

It seems that all bash environment variables are expanded within the scope of $(()).

—
Black Jack Shellac

More Love for Kyle and Bill

Just wanted to drop y'all a line to voice my appreciation for Point/Counterpoint. While Kyle vs. Bill did smack of a rap battle in a few places, it was excellent nonetheless. Keep up the great work, guys!

—
Samuel

Ouch!

The “Go Green, Save Green with Linux” article [by James Gray, in the April 2008 issue of LJ] carelessly misquotes an incompetently uttered sound bite of Springboard Research: “an average-sized server has the same carbon footprint as a mid-sized 4wd taking 17 litres of fuel to travel 100km”, said Bob Hayward, Research Vice President for Springboard Research. His comment says nothing. Is he comparing a server to 17 liters of fuel? or a 4wd? Or 100km, walking, flying, driving? Linux Journal butchered this incomprehensible statement into the ludicrous, saying a server has the same footprint as a 4WD vehicle! This is business incompetence stacked on journalism incompetence.

—
Jim Leuba

James Gray replies: I personally find Hayward's quote ingenious, which does two things. First, Hayward compares the energy consumption of two very different machines: one whose energy consumption isn't readily apparent (the server) to one that is more publicized (the vehicle). Second, he shows that servers consume more energy than their compact size belies. Hayward's metric of energy consumption is the carbon footprint, which is simply the quantity of carbon dioxide created by the burning of fossil fuels in energy generation—pretty straightforward stuff.

I can only speculate why you had such a strong emotional reaction to Hayward's quote. My best guess is because it is hard for us human beings to accept that our actions are directly and gravely degrading the health of our planet. It's tough news to hear.

Tip

This is in reference to David Sinck's Tech Tip in the December 2008 issue. I find the following code a little simpler and also insensitive to file extensions:

#!/bin/sh
case `file -b $1 | cut -d' ' -f1` in
  Zip|gzip) CAT=zcat ;;
  bzip2) CAT=bzcat ;;
  *) CAT=cat ;;
esac
$CAT $1

As an aside, if one is looking to open the files in an editor, vim makes it easy by opening zip files in various formats.

—
Mayuresh Warunjikar

Photo of the Month

Have a photo you'd like to share with LJ readers? Send your submission to publisher@linuxjournal.com. If we run yours in the magazine, we'll send you a free T-shirt.

Photo submitted by Brenton Leanhardt: “I made this when I was in Colorado for Christmas.”