I was very happy to see John Ouellette's article in the September 2005 issue. In particular, it was nice to see someone discuss limiting of remote command execution using the authorized _keys file. However, I would like to point out that with a little extra work, it is entirely possible to secure your ssh private key with a decent password and still use it in scripts and cron jobs without human intervention.
Keychain, when combined with ssh-agent, allows
you to re-use an ssh-agent session between logins.
Once you use keychain to launch ssh-agent, you
need to enter the password for each of your private
keys only once. Keychain then keeps your key decrypted
until it is killed. We use this method on all of
our production servers for secure remote backups.
Since our servers are rarely rebooted, the keychain
remains active for as long as I need it.
Should I reboot the server, or should I be forced to
kill the keychain or ssh-agent, then and only then
will I have to retype my password.
This weekend some friends and I were trekking in Jotunheimen, a popular national park in Norway. At the top of a mountain called Surtningssue (2,368 meters), I felt a sudden urge to read LJ.
I read Linux Journal because I run a Linux consultancy business, and LJ does an excellent job of helping me keep up to date with some of the developments in the Linux world, both commercial and technical.
Some of the letters published are amusing, particularly when people seem
disproportionately upset by a particular advertisement. However, we all
have our foibles and mine is an abhorrence of the pictures of readers'
children month after month. How many readers really need or even want to
Our son Sam is excited about being a member of the Linux generation.
I happened to come across your review of the Archos PMA430 [September 2005] and would like to offer some counterpoint. The PMA430 is my third Archos unit; a 20GB MP3, the great AV340 and now the PMA. So I am happy with their products in general.
Now specifically to the PMA430. First of all, the SDK package, such as it is, has been released. Second, programs for Microsoft formats such as Excel, Word and PowerPoint are also available, and in fact work quite well. Third, there are some sync problems with films, but this is easily overcome with the correct software. Fourth, I use the PMA Wi-Fi quite often, and overall it seems fast enough for me.
Another complaint was that the PMA430 did not have enough software or functions to make it worthwhile. This seems rather not the point, since not many people would have use for a bare-bones PC. We all find apps outside of those that come with the PC. So it seems quite natural for PMA430 users to find more and better ways to use it.
I have had mine for about two months and find new uses for it every day. In this short time I feel lost when it isn't in my pocket. Last, I was able to purchase one for less than $700, and Archos had a special that threw in $150 worth of accessories.
My only complaint is that I don't have any Linux
experience, so the learning curve is pretty steep.
Luckily, there are lots of great people out there
working hard to make this product even better.
Alan E. Kayser
You know this means we're going to bug you to write an article for LinuxJournal.com on apps for your Archos, right? —Ed.
About the article titled “Developing GNOME Applications with Java” [July 2005]: the article is excellently written and provided some important insight, precisely as I'm integrating several legacy applications into a Linux/Java enterprise solution for a company in Italy.
I'd like to point out to LJ readers that Borland has released JBuilder Foundation free of charge, even for commercial use. I had been plugging several solutions in to a toolset for Java GUI development under Linux (including some mentioned in the article, such as the Glade XML GUI generator), but then I came upon JBuilder Foundation, and it solved all my needs in one powerful tool.
I'd like to suggest you contact your distributor in Brazil
because they're charging us $13.60 US per issue here, or 31.95 Reais on
today's exchange rate. That is a 272% increase from the US newsstand
price. Brazil is one of the world's biggest Linux and open-source bases
and still we pay a hefty price for valuable printed information.
Jose Melo de Assis Fonseca
I read with interest the article “First Beowulf Cluster in
the September 2005 issue of Linux Journal. However, I was surprised to
read, in his profile, that co-author Ian McLoughlin has been using Linux
since 1856! What kernel was he using then and what CPU was he running
He borrowed the Linux-powered time machine we use to set the publication dates on our Web site. —Ed.
I visited LinuxWorld Expo here in the San Francisco Bay Area (Moscone
I was very disappointed, nay, irritated to find the glitzy, high-roller
moneyed exhibitors on the first floor, with the .org exhibitors (for
example, Free Software Foundation, Debian, Fedora, Gentoo, Mozilla,
LTSP, Etherboot and so on) ghettoed onto the second floor.
These .org organizations are the heart and lifeblood of Linux and
deserve their places cheek by jowl (and, do I mean jowl!) with the
commercial stuff they enable by their existence and the hard work and
dedication of their supporters and developers.
Try working a show next to a vendor's loud T-shirt giveaway area, and you might start pining for the friendly “dot-org” area too. —Ed.
Marcel Gagné's instructions for setting up ndiswrapper leave out an obscure adjustment that is needed at least on the Fedora Core 2 distribution I am using. The problem may not occur in other Linux distributions, but it is the source of frequent networking failures at boot-up on FC2.
If your network card is a pcmcia device, the pcmcia driver has to be ready before the attempt to bring up wlan0. Unfortunately, in /etc/rc3.d, /etc/rc4.d and /etc/rc5.d, the pcmcia script has a much later sequence number (S24pcmcia) than the network script (S10network). Since these are merely symbolic links, the order can be changed with a minimum of risk. I moved the network link to S11network, and the pdmcia link to S10pcmcia in all three directories.
As Marcel would say, voilà!
I am having some problems with my Linux Journal. It has been showing up as if the US postal service has been reading my magazine. I receive every issue with dog-eared pages, front cover torn. It's a great magazine; I look forward to every issue!
We'll send you a replacement copy and ask the Postal Service to get their own. —Ed.
What is this, Parenting Magazine? You need to
make a separate section for all the pictures of babies/kids/stuffed
animals/pets and dedicate the Letters section to actual intelligent
I, for one, am sick of wading through all the “my daughter
sketched a penguin just...for...you!” nonsense so that I can <gasp> read
actual technical letters about Linux.
I subscribe to your magazine for Linux know-how
and articles; if I wanted family-friendly piffle,
I could send my dollars to Family Circle or
Our six-month-old daughter Guen loves Linux, as you can clearly see from this picture. She writes “ggggg [d.ddss 4449dlddd”, which I think means “Does this ultimate Linux box come with a baby-sized keyboard?”
Matthew and Karen Miller
To the everyday Canadian, French is probably as ubiquitous and familiar as Spanish is to us Southerners (I grew up in Florida where we learned “Cuban” in school—seven years of conversational Spanish—and I now live in Mexico II, aka Los Angeles). However, to the majority of English-speaking Linux enthusiasts who have any second-language experience at all, it is frequently Spanish, not French. This totally leaves us out of the joke.
I finally cracked this month and had another look; the mention of Damn Small Linux and a photo of a USB pen drive proved irresistible [August 2005], so I did a flyby and took one more look. I'm glad I did. Marcel seems to have lowered the language-barrier veil and made his excellent column accessible to us all, not just the French-speaking sector.
Con Mucho Respeto (your turn to look it up).
LJ's pages are full of smiling babies, but what about
the readers' parents? Take a look at my father riding
an armored car in 1947. Pingouin means 'penguin'
Photo of the Month gets you a one-year extension to your subscription. Photos to email@example.com.
I am a subscriber to your excellent magazine. Can I suggest you make a service that at the end of each year it would be possible to order a DVD with all the contents from 1994 to present day? That would be nice, and I for one certainly would order it each year.
But my main reason to write to you is these damn patents. It was good they did not succeed in the EU (I am in Finland). It was only delayed—patents will be back on the agenda in a year, and we will have to live again through waiting for an axe to our neck. I have been thinking what a counterstrike would be.
There should be an organization that would take care of people's patents so that GPL software can use them gratis but others must pay. These moneys will be used to finance further patents, defend patents, buy patents to be used in GPL software and so on. I am sorry I don't have couple of millions to kick the show up.
Microsoft and others have been very keen to point
out that Linux uses some patented algorithms.
But this finger pointing has been—should I say—one-sided. All MS wares are closed source, so if the
source code were combed, I might think a lot of patented
things might be found.
I thought I'd share the following story that has some interesting angles and happened just over the past few weeks as I bought a new Acer laptop (Aspire 1674WLMi).
I bought the machine at a local (Dutch) consumer electronics reseller called MediaMarkt. I asked the salespeople if I could buy it without an OS, which, of course, was not possible. However, I could try contacting Acer themselves through the local importer, Acer Benelux, they said. I contacted Acer by e-mail, and indeed there was a restitution procedure. I couldn't believe my luck!
After supplying them with a serial number and a scanned copy of the receipt, I received the “agreement” in PDF. Unfortunately, this turned out to be a disappointment: the restitution would amount to EUR 30 (about the same in US$), but I would have to send the laptop to the Acer offices somewhere else in the Netherlands, where they would reformat the drive and send it back to me within five working days. Obviously, sending an expensive machine at my own risk and at my own cost would cost me far more than EUR 30, and during that time I could not use the machine. And, I'd have to reinstall again after getting it back. In fact, having installed Fedora Core 4 as soon as I arrived home after the purchase, already invalidated the agreement (how can you know beforehand?), although my contact at Acer did not specifically complain about it. So much for the restitution procedure.
The interesting angle is that Acer does have a
procedure, but it is constructed in such a way that it
is not profitable for the average consumer to exercise
it. Furthermore, when in my final message to Acer I
concluded that it was a financially uninteresting
proposal and asked if I could simply return the
Microsoft CDs and license (obviously, it's of no use
to me), they said that the procedure was the only
formal way, since Acer, being an OEM, was the owner
of the license. Then I decided I would give away the
Microsoft stuff to a friend and asked a befriended M$
employee how that works. He said that you can't!
The trick is to break up the “bundle” before you accept the license for the preinstalled software. Until you power up the machine, actually have a chance to read the license and click OK the license doesn't bind you (see www.linuxjournal.com/article/5628). —Ed.
Once again, you have more than justified the subscription fee! This issue [September 2005] contains a bunch of pearls....
The Open and Free Software aficionado in me was overwhelmed by the social-economic revolution report in the “identity metasystem” article....I crave the day when I will be able to explain fully to my die-hard capitalist friends the practicality of the grass-roots economy!
The embedded developer in me rejoiced in reading the story and the specs of the “First Beowulf Cluster in Space”.
And the average Linux user in me got up to speed on Syndication and Podcasting.
Keep the focus and motivation!
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- Ubuntu Online Summit
- Devuan Beta Release
- The Qt Company's Qt Start-Up
- Download "Linux Management with Red Hat Satellite: Measuring Business Impact and ROI"
- May 2016 Issue of Linux Journal
- The US Government and Open-Source Software
- The Death of RoboVM
- Open-Source Project Secretly Funded by CIA
- New Container Image Standard Promises More Portable Apps
- BitTorrent Inc.'s Sync
In modern computer systems, privacy and security are mandatory. However, connections from the outside over public networks automatically imply risks. One easily available solution to avoid eavesdroppers’ attempts is SSH. But, its wide adoption during the past 21 years has made it a target for attackers, so hardening your system properly is a must.
Additionally, in highly regulated markets, you must comply with specific operational requirements, proving that you conform to standards and even that you have included new mandatory authentication methods, such as two-factor authentication. In this ebook, I discuss SSH and how to configure and manage it to guarantee that your network is safe, your data is secure and that you comply with relevant regulations.Get the Guide