Letters to the Editor
There is a discussion on the GLUE (Groups of Linux Users Everywhere, http://www.ssc.com/glue/) e-mail list about a certification program for Linux. Most of the discussion is positive. Most writers feel that a comprehensive certification will make great strides in enabling Linux to be used in the business sector with more confidence. I would like to know how a larger audience feels about it. For any certification program to be representative, it must be a cooperative effort of all the major Linux companies. A relatively subjective organization would need to head the testing such as the LDP or SSC.
—Bryan Coleman, Triad Linux Users Group email@example.com
I thought Phil Hughes's May article on web browsers for Linux was a little negative. [“Linux and Web Browsers”, Issue 37] Here is some more positive news: Sun's HotJava 1.0 browser is available from http://java.sun.com/products/hotjava/. When you look at the distribution formats it has versions for Windows and Solaris. However, the browser is written in Java, just called from a different shell script for the two platforms. Download the Solaris version and run it under JDK 1.1.1 to get a working browser for Linux.
Sun MicroSystems, Inc. has bundled the HotJava web browser with the Java Runtime Library for SunOS on SPARC hardware. The download file is now 8.5MB.
Another choice is the Plume browser (formerly Surfit!) by Steve Ball at the Australian National University (http://tcltk.anu.edu.au/). This runs under Tcl/Tk 8.0. It is still under development, but Steve is actively working on it. What's more, you get the source code so you can do things with it too. The current version of Plume is v0.62alpha.
—Jan Newmarch firstname.lastname@example.org
As an avid amateur radio operator and a Linux tinkerer for nearly a year, I'd like to say a hearty “Thank You” for the positive coverage you give my favorite hobby in Linux Journal [“Packet Radio Under Linux”, Jeff Tranter, September 1997] and Linux Gazette [Issues 10 and 11]. Of course, it's great having access to the only OS that supports the packet radio protocol. Most other big-time magazines wouldn't bother to print such articles, but it proves the editorial commitment you have to covering all relevant aspects of Linux: business, technical, hobby/recreation and more.
I'm always glad to see this type of article as it introduces ham radio to a larger audience. We're always looking for more hams willing to push the digital RF (Radio Frequency) envelope. I invite all interested parties to get their license and join in building a state-of-the-art, wireless, non-commercial TCP/IP network.
—Nate Bargmann KA0RNY email@example.com
If I'm not mistaken, anyone on the Internet can execute any command on a machine with the CGI scripts you published on page 58 of LJ's August issue [“Big Brother Network Monitoring System”, Paul M. Sittler].The script executes $TRACEROUTE<\!s>$*, so a cracker can feed it with a machine name such as www.tamu.edu; then type cat/etc/passwd to see the last command being executed.
In my opinion, CGI scripts should all be written in Perl with the -T option set (-T tests that the file type is text, not binary) and should include the line use<\!s>strict. Strict compliance for symbolic references, global variables and key words—violations cause immediate program abend. The Bourne shell is especially dangerous. At least, enclose the arguments between double quotes.
I don't know that I have ever written to a magazine editor before, but Lee Brotzman's contribution to the August 1997 Linux Journal, “Wrap a Security Blanket Around Your Computer,” was very timely and very well written.
One of my client's Linux systems came under the control of hackers (who fortunately were somewhat benign in their apparent intentions for this particular system) about the time I received the aforementioned copy of LJ. During an intense weekend of observation and examination of various system logs, I was able to determine how the system had been compromised. After considering various strategies (and reading the issue cover to cover), I used Mr. Brotzman's article as a cookbook to install a series of TCP wrappers while continuing to watch the hacker's activities.
Not really knowing the expertise of the hackers, I surmised they were also “cook-booking” and decided to slowly cut off their air supply, in order to see what alternative methods of access, or back doors, they may have established. Selectively applying TCP_wrappers enabled me to do just that, and I received quite an education in the process. Today, thanks to LJ and Lee Brotzman, my client's system is secure, and I have greatly increased my understanding of security from an administrative perspective.
Once again, thanks for publishing useful, accurate information. If you have an award for writer of the year, I would like to nominate Lee Brotzman for his clear, concise presentation of an important topic. If you don't, start one.
—Mel Lester firstname.lastname@example.org
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- Download "Linux Management with Red Hat Satellite: Measuring Business Impact and ROI"
- Profiles and RC Files
- Understanding Ceph and Its Place in the Market
- Astronomy for KDE
- The Giant Zero, Part 0.x
- Maru OS Brings Debian to Your Phone
- Git 2.9 Released
- OpenSwitch Finds a New Home
- What's Our Next Fight?
- Snappy Moves to New Platforms
With all the industry talk about the benefits of Linux on Power and all the performance advantages offered by its open architecture, you may be considering a move in that direction. If you are thinking about analytics, big data and cloud computing, you would be right to evaluate Power. The idea of using commodity x86 hardware and replacing it every three years is an outdated cost model. It doesn’t consider the total cost of ownership, and it doesn’t consider the advantage of real processing power, high-availability and multithreading like a demon.
This ebook takes a look at some of the practical applications of the Linux on Power platform and ways you might bring all the performance power of this open architecture to bear for your organization. There are no smoke and mirrors here—just hard, cold, empirical evidence provided by independent sources. I also consider some innovative ways Linux on Power will be used in the future.Get the Guide