Letters to the Editor
Thank you for the article by Reuven Lerner. I have been using file uploads for some months to allow students to upload assignments to my site for marking. Since they already have accounts, I use their UNIX password to check who they are.
File upload is part of HTML 3.2 and should be available from every browser. However, the standard says this is a slightly obscure part and may not always be supported. Internet Explorer 3 is one browser that does not support it, for example. Instead of a file selection box, the user sees a text entry area, and only the file name is uploaded, not the contents of the file. You need to guard against such browsers both at the HTML end (“You should see a file selection box here”) and by checking the output at the server end.
Hmm, I have been using attached files for months with a variety of clients, and no one ever mentioned this. (I thought I had tried it with Internet Explorer. I know some of my clients use IE, but I guess they used Netscape or something when they uploaded files.) Thanks for teaching me something new.
I regularly buy LJ here in Switzerland, and while in the USA recently I took the opportunity of buying Issue 46 a few days early as one of my particular interests is database design. While in general I found issue 46 was up to your usual excellent standards, it was unfortunately spoiled for me by the following throw-away remark made by Stu Green in his review of S.u.S.E. V5.0:
There are some minor errors in translation from the German, including the presence of some characters unique to that language being left as is, in particular in the names of individuals. These mistakes are easy to overlook.
Perhaps I have been living in Switzerland (a country with four national languages) too long, and I'm missing some ironic humour here. The alternative possibility, that Stu actually believes that people spelling their own names with characters from their mother tongue constitutes a mistake, is surely too insular even for Texas!
Given the international history of Linux (please note that most of the characters unique to German also exist in, for example, Finnish), it's a shame to see this Anglo-centric view of the world persist.
Perhaps the only crumb of comfort I can find in this situation is that software developers here in Europe and in Asia will continue to be able to market their products to several hundred million consumers with minimal competition from the English-speaking community.
In the February 1998 LJ's “From the Editor” under Databases, you said, “Sybase sells an official Linux version but refuses to support it.” I have spoken with several Sybase salespeople, and all of them told me that they do not sell any version of their SQL server for Linux.
I was wondering where you got this information, or better yet, who I might talk to in order to purchase a copy.
A system administrator, who was researching databases in order to buy one, made this statement to linux-list on-line. Since he was someone I know to be trustworthy, I believed it without checking. [Always a big mistake.] I have since learned that Sybase did have a client side freely available for a while, but work was stopped and the server side was not done. It is now being worked on once more. Our publisher Phil Hughes has been talking to the programmer doing the port. Sorry for the misinformation—Editor
I'm writing in reference to the “Best of Tech Support” item entitled “How Do I Remove This File?” (March 1998).
The information given in response to the question is absolutely correct. However, beyond the basic information about how to delete such files, a warning should be added: discovery of such files is a bright red flag that your system may have been compromised by hackers.
Hackers will very often use file names and directories with such names as “. ”, “.. ” and “...”. These names are easy to ignore in a directory listing and are commonly overlooked by novice (and even experienced) users. Also, hackers will use directory names of legitimate applications, such as “.elm”, “.data” and “.tin”, because these directories don't show up in a normal ls listing and because they appear normal. Naturally, there are many variations on this basic theme, but if you spot such directories in unexpected places (or even in legitimate user directories), further investigation is definitely warranted.
Another warning flag is the presence of IRC files. The IRC is a seething hotbed of hacker activity these days, because it's so easy to become anonymous and because of the total lack of security controls inherent in the entire IRC system. So called “warez” channels provide an easy and totally anonymous way for hackers to exchange pirated software and hacking tools. If you start seeing “eggbot” files on your system, it's possible at least one of your user IDs is being misused. It's been my experience that many of these people want only to quietly misuse a stolen account for purposes of running their IRC bots, but some of them have attempted some really nasty attacks. In general, it's wise to cast a suspicious eye on any sort of unexpected IRC activity on your system.
Finally, another trick currently in use by hackers is to use lynx to download hacking tools. By storing their files on a web host and then using lynx to retrieve them, they can bypass the logging that often occurs with an FTP server and may be able to blend in more easily as a legitimate user.
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- Devuan Beta Release
- May 2016 Issue of Linux Journal
- EnterpriseDB's EDB Postgres Advanced Server and EDB Postgres Enterprise Manager
- The US Government and Open-Source Software
- The Humble Hacker?
- BitTorrent Inc.'s Sync
- The Death of RoboVM
- Open-Source Project Secretly Funded by CIA
- Tech Tip: Really Simple HTTP Server with Python
- New Container Image Standard Promises More Portable Apps
In modern computer systems, privacy and security are mandatory. However, connections from the outside over public networks automatically imply risks. One easily available solution to avoid eavesdroppers’ attempts is SSH. But, its wide adoption during the past 21 years has made it a target for attackers, so hardening your system properly is a must.
Additionally, in highly regulated markets, you must comply with specific operational requirements, proving that you conform to standards and even that you have included new mandatory authentication methods, such as two-factor authentication. In this ebook, I discuss SSH and how to configure and manage it to guarantee that your network is safe, your data is secure and that you comply with relevant regulations.Get the Guide