Letters to the Editor
There is a discussion on the GLUE (Groups of Linux Users Everywhere, http://www.ssc.com/glue/) e-mail list about a certification program for Linux. Most of the discussion is positive. Most writers feel that a comprehensive certification will make great strides in enabling Linux to be used in the business sector with more confidence. I would like to know how a larger audience feels about it. For any certification program to be representative, it must be a cooperative effort of all the major Linux companies. A relatively subjective organization would need to head the testing such as the LDP or SSC.
—Bryan Coleman, Triad Linux Users Group email@example.com
I thought Phil Hughes's May article on web browsers for Linux was a little negative. [“Linux and Web Browsers”, Issue 37] Here is some more positive news: Sun's HotJava 1.0 browser is available from http://java.sun.com/products/hotjava/. When you look at the distribution formats it has versions for Windows and Solaris. However, the browser is written in Java, just called from a different shell script for the two platforms. Download the Solaris version and run it under JDK 1.1.1 to get a working browser for Linux.
Sun MicroSystems, Inc. has bundled the HotJava web browser with the Java Runtime Library for SunOS on SPARC hardware. The download file is now 8.5MB.
Another choice is the Plume browser (formerly Surfit!) by Steve Ball at the Australian National University (http://tcltk.anu.edu.au/). This runs under Tcl/Tk 8.0. It is still under development, but Steve is actively working on it. What's more, you get the source code so you can do things with it too. The current version of Plume is v0.62alpha.
—Jan Newmarch firstname.lastname@example.org
As an avid amateur radio operator and a Linux tinkerer for nearly a year, I'd like to say a hearty “Thank You” for the positive coverage you give my favorite hobby in Linux Journal [“Packet Radio Under Linux”, Jeff Tranter, September 1997] and Linux Gazette [Issues 10 and 11]. Of course, it's great having access to the only OS that supports the packet radio protocol. Most other big-time magazines wouldn't bother to print such articles, but it proves the editorial commitment you have to covering all relevant aspects of Linux: business, technical, hobby/recreation and more.
I'm always glad to see this type of article as it introduces ham radio to a larger audience. We're always looking for more hams willing to push the digital RF (Radio Frequency) envelope. I invite all interested parties to get their license and join in building a state-of-the-art, wireless, non-commercial TCP/IP network.
—Nate Bargmann KA0RNY email@example.com
If I'm not mistaken, anyone on the Internet can execute any command on a machine with the CGI scripts you published on page 58 of LJ's August issue [“Big Brother Network Monitoring System”, Paul M. Sittler].The script executes $TRACEROUTE<\!s>$*, so a cracker can feed it with a machine name such as www.tamu.edu; then type cat/etc/passwd to see the last command being executed.
In my opinion, CGI scripts should all be written in Perl with the -T option set (-T tests that the file type is text, not binary) and should include the line use<\!s>strict. Strict compliance for symbolic references, global variables and key words—violations cause immediate program abend. The Bourne shell is especially dangerous. At least, enclose the arguments between double quotes.
I don't know that I have ever written to a magazine editor before, but Lee Brotzman's contribution to the August 1997 Linux Journal, “Wrap a Security Blanket Around Your Computer,” was very timely and very well written.
One of my client's Linux systems came under the control of hackers (who fortunately were somewhat benign in their apparent intentions for this particular system) about the time I received the aforementioned copy of LJ. During an intense weekend of observation and examination of various system logs, I was able to determine how the system had been compromised. After considering various strategies (and reading the issue cover to cover), I used Mr. Brotzman's article as a cookbook to install a series of TCP wrappers while continuing to watch the hacker's activities.
Not really knowing the expertise of the hackers, I surmised they were also “cook-booking” and decided to slowly cut off their air supply, in order to see what alternative methods of access, or back doors, they may have established. Selectively applying TCP_wrappers enabled me to do just that, and I received quite an education in the process. Today, thanks to LJ and Lee Brotzman, my client's system is secure, and I have greatly increased my understanding of security from an administrative perspective.
Once again, thanks for publishing useful, accurate information. If you have an award for writer of the year, I would like to nominate Lee Brotzman for his clear, concise presentation of an important topic. If you don't, start one.
—Mel Lester firstname.lastname@example.org
Getting Started with DevOps - Including New Data on IT Performance from Puppet Labs 2015 State of DevOps Report
August 27, 2015
12:00 PM CDT
DevOps represents a profound change from the way most IT departments have traditionally worked: from siloed teams and high-anxiety releases to everyone collaborating on uneventful and more frequent releases of higher-quality code. It doesn't matter how large or small an organization is, or even whether it's historically slow moving or risk averse — there are ways to adopt DevOps sanely, and get measurable results in just weeks.
Free to Linux Journal readers.Register Now!
|Secure Server Deployments in Hostile Territory, Part II||Jul 29, 2015|
|Hacking a Safe with Bash||Jul 28, 2015|
|KDE Reveals Plasma Mobile||Jul 28, 2015|
|Huge Package Overhaul for Debian and Ubuntu||Jul 23, 2015|
|diff -u: What's New in Kernel Development||Jul 22, 2015|
|Shashlik - a Tasty New Android Simulator||Jul 21, 2015|
- Secure Server Deployments in Hostile Territory, Part II
- Hacking a Safe with Bash
- KDE Reveals Plasma Mobile
- Huge Package Overhaul for Debian and Ubuntu
- The Controversy Behind Canonical's Intellectual Property Policy
- Home Automation with Raspberry Pi
- Shashlik - a Tasty New Android Simulator
- Embed Linux in Monitoring and Control Systems
- diff -u: What's New in Kernel Development
- General Relativity in Python