Letters to the Editor
There is a discussion on the GLUE (Groups of Linux Users Everywhere, http://www.ssc.com/glue/) e-mail list about a certification program for Linux. Most of the discussion is positive. Most writers feel that a comprehensive certification will make great strides in enabling Linux to be used in the business sector with more confidence. I would like to know how a larger audience feels about it. For any certification program to be representative, it must be a cooperative effort of all the major Linux companies. A relatively subjective organization would need to head the testing such as the LDP or SSC.
—Bryan Coleman, Triad Linux Users Group email@example.com
I thought Phil Hughes's May article on web browsers for Linux was a little negative. [“Linux and Web Browsers”, Issue 37] Here is some more positive news: Sun's HotJava 1.0 browser is available from http://java.sun.com/products/hotjava/. When you look at the distribution formats it has versions for Windows and Solaris. However, the browser is written in Java, just called from a different shell script for the two platforms. Download the Solaris version and run it under JDK 1.1.1 to get a working browser for Linux.
Sun MicroSystems, Inc. has bundled the HotJava web browser with the Java Runtime Library for SunOS on SPARC hardware. The download file is now 8.5MB.
Another choice is the Plume browser (formerly Surfit!) by Steve Ball at the Australian National University (http://tcltk.anu.edu.au/). This runs under Tcl/Tk 8.0. It is still under development, but Steve is actively working on it. What's more, you get the source code so you can do things with it too. The current version of Plume is v0.62alpha.
—Jan Newmarch firstname.lastname@example.org
As an avid amateur radio operator and a Linux tinkerer for nearly a year, I'd like to say a hearty “Thank You” for the positive coverage you give my favorite hobby in Linux Journal [“Packet Radio Under Linux”, Jeff Tranter, September 1997] and Linux Gazette [Issues 10 and 11]. Of course, it's great having access to the only OS that supports the packet radio protocol. Most other big-time magazines wouldn't bother to print such articles, but it proves the editorial commitment you have to covering all relevant aspects of Linux: business, technical, hobby/recreation and more.
I'm always glad to see this type of article as it introduces ham radio to a larger audience. We're always looking for more hams willing to push the digital RF (Radio Frequency) envelope. I invite all interested parties to get their license and join in building a state-of-the-art, wireless, non-commercial TCP/IP network.
—Nate Bargmann KA0RNY email@example.com
If I'm not mistaken, anyone on the Internet can execute any command on a machine with the CGI scripts you published on page 58 of LJ's August issue [“Big Brother Network Monitoring System”, Paul M. Sittler].The script executes $TRACEROUTE<\!s>$*, so a cracker can feed it with a machine name such as www.tamu.edu; then type cat/etc/passwd to see the last command being executed.
In my opinion, CGI scripts should all be written in Perl with the -T option set (-T tests that the file type is text, not binary) and should include the line use<\!s>strict. Strict compliance for symbolic references, global variables and key words—violations cause immediate program abend. The Bourne shell is especially dangerous. At least, enclose the arguments between double quotes.
I don't know that I have ever written to a magazine editor before, but Lee Brotzman's contribution to the August 1997 Linux Journal, “Wrap a Security Blanket Around Your Computer,” was very timely and very well written.
One of my client's Linux systems came under the control of hackers (who fortunately were somewhat benign in their apparent intentions for this particular system) about the time I received the aforementioned copy of LJ. During an intense weekend of observation and examination of various system logs, I was able to determine how the system had been compromised. After considering various strategies (and reading the issue cover to cover), I used Mr. Brotzman's article as a cookbook to install a series of TCP wrappers while continuing to watch the hacker's activities.
Not really knowing the expertise of the hackers, I surmised they were also “cook-booking” and decided to slowly cut off their air supply, in order to see what alternative methods of access, or back doors, they may have established. Selectively applying TCP_wrappers enabled me to do just that, and I received quite an education in the process. Today, thanks to LJ and Lee Brotzman, my client's system is secure, and I have greatly increased my understanding of security from an administrative perspective.
Once again, thanks for publishing useful, accurate information. If you have an award for writer of the year, I would like to nominate Lee Brotzman for his clear, concise presentation of an important topic. If you don't, start one.
—Mel Lester firstname.lastname@example.org
|Free Today: September Issue of Linux Journal (Retail value: $5.99)||Sep 27, 2016|
|nginx||Sep 27, 2016|
|Epiq Solutions' Sidekiq M.2||Sep 26, 2016|
|Nativ Disc||Sep 23, 2016|
|Android Browser Security--What You Haven't Been Told||Sep 22, 2016|
|The Many Paths to a Solution||Sep 21, 2016|
- Android Browser Security--What You Haven't Been Told
- Readers' Choice Awards 2013
- Free Today: September Issue of Linux Journal (Retail value: $5.99)
- Epiq Solutions' Sidekiq M.2
- Nativ Disc
- The Many Paths to a Solution
- Synopsys' Coverity
- Download "Linux Management with Red Hat Satellite: Measuring Business Impact and ROI"
- Returning Values from Bash Functions
Pick up any e-commerce web or mobile app today, and you’ll be holding a mashup of interconnected applications and services from a variety of different providers. For instance, when you connect to Amazon’s e-commerce app, cookies, tags and pixels that are monitored by solutions like Exact Target, BazaarVoice, Bing, Shopzilla, Liveramp and Google Tag Manager track every action you take. You’re presented with special offers and coupons based on your viewing and buying patterns. If you find something you want for your birthday, a third party manages your wish list, which you can share through multiple social- media outlets or email to a friend. When you select something to buy, you find yourself presented with similar items as kind suggestions. And when you finally check out, you’re offered the ability to pay with promo codes, gifts cards, PayPal or a variety of credit cards.Get the Guide