Letters to the Editor
There is a discussion on the GLUE (Groups of Linux Users Everywhere, http://www.ssc.com/glue/) e-mail list about a certification program for Linux. Most of the discussion is positive. Most writers feel that a comprehensive certification will make great strides in enabling Linux to be used in the business sector with more confidence. I would like to know how a larger audience feels about it. For any certification program to be representative, it must be a cooperative effort of all the major Linux companies. A relatively subjective organization would need to head the testing such as the LDP or SSC.
—Bryan Coleman, Triad Linux Users Group firstname.lastname@example.org
I thought Phil Hughes's May article on web browsers for Linux was a little negative. [“Linux and Web Browsers”, Issue 37] Here is some more positive news: Sun's HotJava 1.0 browser is available from http://java.sun.com/products/hotjava/. When you look at the distribution formats it has versions for Windows and Solaris. However, the browser is written in Java, just called from a different shell script for the two platforms. Download the Solaris version and run it under JDK 1.1.1 to get a working browser for Linux.
Sun MicroSystems, Inc. has bundled the HotJava web browser with the Java Runtime Library for SunOS on SPARC hardware. The download file is now 8.5MB.
Another choice is the Plume browser (formerly Surfit!) by Steve Ball at the Australian National University (http://tcltk.anu.edu.au/). This runs under Tcl/Tk 8.0. It is still under development, but Steve is actively working on it. What's more, you get the source code so you can do things with it too. The current version of Plume is v0.62alpha.
—Jan Newmarch email@example.com
As an avid amateur radio operator and a Linux tinkerer for nearly a year, I'd like to say a hearty “Thank You” for the positive coverage you give my favorite hobby in Linux Journal [“Packet Radio Under Linux”, Jeff Tranter, September 1997] and Linux Gazette [Issues 10 and 11]. Of course, it's great having access to the only OS that supports the packet radio protocol. Most other big-time magazines wouldn't bother to print such articles, but it proves the editorial commitment you have to covering all relevant aspects of Linux: business, technical, hobby/recreation and more.
I'm always glad to see this type of article as it introduces ham radio to a larger audience. We're always looking for more hams willing to push the digital RF (Radio Frequency) envelope. I invite all interested parties to get their license and join in building a state-of-the-art, wireless, non-commercial TCP/IP network.
—Nate Bargmann KA0RNY firstname.lastname@example.org
If I'm not mistaken, anyone on the Internet can execute any command on a machine with the CGI scripts you published on page 58 of LJ's August issue [“Big Brother Network Monitoring System”, Paul M. Sittler].The script executes $TRACEROUTE<\!s>$*, so a cracker can feed it with a machine name such as www.tamu.edu; then type cat/etc/passwd to see the last command being executed.
In my opinion, CGI scripts should all be written in Perl with the -T option set (-T tests that the file type is text, not binary) and should include the line use<\!s>strict. Strict compliance for symbolic references, global variables and key words—violations cause immediate program abend. The Bourne shell is especially dangerous. At least, enclose the arguments between double quotes.
I don't know that I have ever written to a magazine editor before, but Lee Brotzman's contribution to the August 1997 Linux Journal, “Wrap a Security Blanket Around Your Computer,” was very timely and very well written.
One of my client's Linux systems came under the control of hackers (who fortunately were somewhat benign in their apparent intentions for this particular system) about the time I received the aforementioned copy of LJ. During an intense weekend of observation and examination of various system logs, I was able to determine how the system had been compromised. After considering various strategies (and reading the issue cover to cover), I used Mr. Brotzman's article as a cookbook to install a series of TCP wrappers while continuing to watch the hacker's activities.
Not really knowing the expertise of the hackers, I surmised they were also “cook-booking” and decided to slowly cut off their air supply, in order to see what alternative methods of access, or back doors, they may have established. Selectively applying TCP_wrappers enabled me to do just that, and I received quite an education in the process. Today, thanks to LJ and Lee Brotzman, my client's system is secure, and I have greatly increased my understanding of security from an administrative perspective.
Once again, thanks for publishing useful, accurate information. If you have an award for writer of the year, I would like to nominate Lee Brotzman for his clear, concise presentation of an important topic. If you don't, start one.
—Mel Lester email@example.com
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- Server Hardening
- BitTorrent Inc.'s Sync
- Download "Linux Management with Red Hat Satellite: Measuring Business Impact and ROI"
- New Container Image Standard Promises More Portable Apps
- The Humble Hacker?
- The Death of RoboVM
- EnterpriseDB's EDB Postgres Advanced Server and EDB Postgres Enterprise Manager
- The US Government and Open-Source Software
- Open-Source Project Secretly Funded by CIA
- ACI Worldwide's UP Retail Payments
In modern computer systems, privacy and security are mandatory. However, connections from the outside over public networks automatically imply risks. One easily available solution to avoid eavesdroppers’ attempts is SSH. But, its wide adoption during the past 21 years has made it a target for attackers, so hardening your system properly is a must.
Additionally, in highly regulated markets, you must comply with specific operational requirements, proving that you conform to standards and even that you have included new mandatory authentication methods, such as two-factor authentication. In this ebook, I discuss SSH and how to configure and manage it to guarantee that your network is safe, your data is secure and that you comply with relevant regulations.Get the Guide