Letters to the Editor

Various

Issue #50, June 1998

Readers sound off.

Attaching Files to Forms

Thank you for the article by Reuven Lerner. I have been using file uploads for some months to allow students to upload assignments to my site for marking. Since they already have accounts, I use their UNIX password to check who they are.

File upload is part of HTML 3.2 and should be available from every browser. However, the standard says this is a slightly obscure part and may not always be supported. Internet Explorer 3 is one browser that does not support it, for example. Instead of a file selection box, the user sees a text entry area, and only the file name is uploaded, not the contents of the file. You need to guard against such browsers both at the HTML end (“You should see a file selection box here”) and by checking the output at the server end.

—Jan Newmarchjan@ise.canberra.edu.au

Hmm, I have been using attached files for months with a variety of clients, and no one ever mentioned this. (I thought I had tried it with Internet Explorer. I know some of my clients use IE, but I guess they used Netscape or something when they uploaded files.) Thanks for teaching me something new.

—Reuven LernerReuven@netvision.net.il

S.u.S.E. Review

I regularly buy LJ here in Switzerland, and while in the USA recently I took the opportunity of buying Issue 46 a few days early as one of my particular interests is database design. While in general I found issue 46 was up to your usual excellent standards, it was unfortunately spoiled for me by the following throw-away remark made by Stu Green in his review of S.u.S.E. V5.0:

There are some minor errors in translation from the German, including the presence of some characters unique to that language being left as is, in particular in the names of individuals. These mistakes are easy to overlook.

Perhaps I have been living in Switzerland (a country with four national languages) too long, and I'm missing some ironic humour here. The alternative possibility, that Stu actually believes that people spelling their own names with characters from their mother tongue constitutes a mistake, is surely too insular even for Texas!

Given the international history of Linux (please note that most of the characters unique to German also exist in, for example, Finnish), it's a shame to see this Anglo-centric view of the world persist.

Perhaps the only crumb of comfort I can find in this situation is that software developers here in Europe and in Asia will continue to be able to market their products to several hundred million consumers with minimal competition from the English-speaking community.

—Paul Kennedy

Sybase Database for Linux?

In the February 1998 LJ's “From the Editor” under Databases, you said, “Sybase sells an official Linux version but refuses to support it.” I have spoken with several Sybase salespeople, and all of them told me that they do not sell any version of their SQL server for Linux.

I was wondering where you got this information, or better yet, who I might talk to in order to purchase a copy.

—James Pricejprice@dwwc.com

A system administrator, who was researching databases in order to buy one, made this statement to linux-list on-line. Since he was someone I know to be trustworthy, I believed it without checking. [Always a big mistake.] I have since learned that Sybase did have a client side freely available for a while, but work was stopped and the server side was not done. It is now being worked on once more. Our publisher Phil Hughes has been talking to the programmer doing the port. Sorry for the misinformation—Editor

Removing Files and Security

I'm writing in reference to the “Best of Tech Support” item entitled “How Do I Remove This File?” (March 1998).

The information given in response to the question is absolutely correct. However, beyond the basic information about how to delete such files, a warning should be added: discovery of such files is a bright red flag that your system may have been compromised by hackers.

Hackers will very often use file names and directories with such names as “. ”, “.. ” and “...”. These names are easy to ignore in a directory listing and are commonly overlooked by novice (and even experienced) users. Also, hackers will use directory names of legitimate applications, such as “.elm”, “.data” and “.tin”, because these directories don't show up in a normal ls listing and because they appear normal. Naturally, there are many variations on this basic theme, but if you spot such directories in unexpected places (or even in legitimate user directories), further investigation is definitely warranted.

Another warning flag is the presence of IRC files. The IRC is a seething hotbed of hacker activity these days, because it's so easy to become anonymous and because of the total lack of security controls inherent in the entire IRC system. So called “warez” channels provide an easy and totally anonymous way for hackers to exchange pirated software and hacking tools. If you start seeing “eggbot” files on your system, it's possible at least one of your user IDs is being misused. It's been my experience that many of these people want only to quietly misuse a stolen account for purposes of running their IRC bots, but some of them have attempted some really nasty attacks. In general, it's wise to cast a suspicious eye on any sort of unexpected IRC activity on your system.

Finally, another trick currently in use by hackers is to use lynx to download hacking tools. By storing their files on a web host and then using lynx to retrieve them, they can bypass the logging that often occurs with an FTP server and may be able to blend in more easily as a legitimate user.

—Dave Lutzdlutz@smith.edu

Thanks for GPIB Article

First I want to express my appreciation for the article “GPIB: Cool, It Works with Linux!” by Timotej Ecimovic, March 1998. I have worked with HPIB and GPIB, and I appreciated his treatment of that standard and Linux. I felt a special appreciation for what I perceived as his “spirit of Linux” or “spirit of GNU”. He appeared to me to express profound respect for the efforts of others. He also impressed me with his technical honesty in that he did not attempt to portray Linux as the perfect solution for all situations.

Now a minor critical remarks—I believe that the “About the cover:” is in error in that the screen displayed on the cover is a snapshot of FVWM95, not FVWM (or FVWM2).

Linux Journal is one of the few magazines I not only hold onto, but actually do go back to past issues for reference. Keep up the excellent work—even your advertisements are of superior quality. Linux Journal is a “strange beast” for me as I almost never read advertising in a publication, yet I find myself reading just about all of the ads in LJ.

—Bill Leachbleach@BellSouth.net

KDE Comment

First of all, I would like to thank you guys for providing such an excellent publication. In regards to your March 1998 issue, I was surprised to see there was no article on KDE. I've used virtually all of the window managers that are available on the Internet and believe that KDE is the future of window managers. Why? KDE provides the ease of use of those other operating systems while at the same time utilizing the power of Linux/UNIX. Anyone who uses X should give KDE a try. Find it at http://www.kde.org/.

—Jeffrey Lojylo@ucdavis.edu

We did get a KDE article for March, but it was one of the last to arrive and the issue was already full. We will publish it in the near future. In the May issue of LJ there will be a short Linux Gazette column reviewing KDE and GNOME. Miguel de Icaza is writing an article about GNOME for us—Editor

Red Hat 5.0

I can't believe just how bad Red Hat 5.0 truly is. I've used Linux since about kernel 0.99 and have used Red Hat since version 4.0 and never have I come across such a terrible release. The bug list is incredible (check the errata page on their web site), and worse still, there aren't fixes for all of them yet. Rather than just post the patches, Red Hat seem intent on forcing RPMs down your throat by making users download multi-megabyte files rather than small patches that users could apply to the source code on the second CD and build themselves.

Well, Red Hat, this is a very Microsoft-like effort from you. Your own standards (RPM, AnotherLevel—heavily bugged) forced upon users, and an operating system that will be a commercial success but a technical failure. On a final note, why won't you answer my e-mail for technical support when I'm a registered user who purchased the package?

—Simon Mauricemaurices@mpx.com.au

Setting Up E-mail

My hat is off to Jonathan Walther for an extremely useful article on Linux home e-mail. I had wondered for years how this was done. In the past I would start a PPP connection to my ISP, then use telnet to log in to the ISP in order to use their Pine to read the mail. Printing an e-mail involved exporting to a file on the ISP's server, dropping the TELNET connection, using ftp to transfer the file to my machine and, finally, printing the file.

But no more—thanks to Jon for turning on the lights. The whole process took less than an hour and went exactly as outlined in the article. Everything came up the first time I tried it; no problems with anything. And this e-mail is coming to SSC from my Pine on my machine in my house!

—Bill Cunninghambwc@coastalnet.com

Linux in Colleges

I just wanted to say how much I enjoyed March's article “Linux Means Business: Colleges Using Linux” by Don Kuenz. I'd like to see this view of colleges using Linux become a regular column—one for businesses and one for education and research. I know a lot of people would be interested in this type of article. For example, our school is very big on Linux. Our system is the COE Mosaic Linux Tile program which uses Linux machines connected to our existing AFS system. More information can be found at http://linux.uncc.edu/.

I consider this to be pretty impressive and something that other schools may like to see and try. At the same time I think we could learn a lot about other schools' implementation of Linux in the curriculum and for work purposes. We are very active with Linux at our school. Our newsgroup uncc.Linux is one of the most popular at the University, and we have a Linux users group that includes our trusty penguin mascot at each meeting. I enjoyed the article and hope to see more like it in the future.

—Brandon Perkinsbdperkin@uncc.edu

Issue #44, Worth Its Weight in Gold

For nearly a month I agonized and procrastinated over my need to develop a web site consisting of hundreds of pages that were similar and related. Creating a few pages is easy and fun, but anything more becomes tedious and boring. When I turned to the article “Industrializing Web Page Construction” in the December 1997 issue (#44), I learned that tools have already been developed to solve such problems. I installed the software and created 60+ pages in hours. Thank you LJ and Pieter Hintjens.

—Richard Parryrparry@qualcomm.com