Letters

Shuffling Cards—Dave Taylor

I love your column, although I think you concentrate a bit too much on the application and too little on interesting bash tricks. Now I know these are hard to find, or perhaps what is trivial for one is new to the other. Perhaps the same also applies with the shuffling cards algorithm from your February 2015 column. There is this “well” known algorithm from Fisher-Yates. See Wikipedia for the details. It is embarrassingly straightforward once you understand it and, therefore, so clever. And, it's very easy to implement.

I'm looking forward to seeing an implementation in your next great column.


Hans

Dave Taylor replies: Thanks for your kind note, Hans! As you have no doubt figured out by now, I'm more intrigued by algorithms and implementations than I am by the weird corner-case tricks and shortcuts in the Bash shell. My logic is that obfuscated code might be neat, but it's not elegant and therefore also isn't maintainable. I hate reading someone else's undocumented shell script that requires hours to figure out. That's just not good coding. We're not in the 1960s where every kilobyte counts, after all!

I'll check out the algorithm, but truth be told, I'm heading down a different path starting with the column I owe LJ today—one that's tied to a project I promised my 11-year-old a while back, a program that can create word searches.

Shake Up the Content

I used to be an LJ subscriber for years and originally started reading your magazines somewhere in the mid-1990s. I used to enjoy reading and learning from your magazine. Over the years, however, I started noticing a repeated pattern in the articles and writers for the mag. In my opinion, it started to lack originality, and my interest faded until I didn't re-subscribe. I received a “get a free copy of the February issue” e-mail this morning and decided to check it out, but was disappointed that the same pattern existed since roughly the year had passed since my subscription dropped.

I want you guys/gals to succeed, and that's why I'm writing this feedback. I'd also note that I have no experience running a magazine, so feel free to take my feedback with a grain of salt.

Shake up the usual authors:

  • I remember when Dave Taylor's shell series began. I thought it was a good idea, but it has ran its course. While you may continue to learn bits from the article, the kind of problems being solved in the shell should be done in higher-level languages like Python/Ruby/etc. When I see the lack of appropriateness, I tend to just skip the entire article.

  • Try re-assigning the staff writers to new topics for a month or two. For example, kill Dave's shell series and ask him to start a new one with a new language with the same original premise that motivated the shell series: learning the basics of popular language X in this short 6-month series. (Don't drag it on for years.)

  • With a notable exception, I do think Kyle Rankin has a good variety of topics he covers.

Look for new ways to engage your audience:

  • What if you had an LJ Docker account, and every article had an associated Docker image that you could immediately pull down and play with and/or follow along in the article?

  • Looking for new/repeated topics? What about the most votes on Linux topics from SO (stackoverflow.com/questions/tagged/linux?sort=votes)?

  • Some Linux themes, however, do need to be repeated every 2–3 years or so. I'm thinking of that perfect radio station that strikes the balance between introducing new songs (topics) and repeating old favorites but not every hour. The kind of stuff I'd expect here would be compiling your kernel; shell scripting basics (I was too hard on Dave, wasn't I?); and Emacs and Vim improvements (the topic never dies, does it?).

  • Provide a “ransom for topic” feature where readers get to vote or even contribute $$ to see a particular topic thoroughly covered. I'm inspired by that SO link above in this case.

  • Become “the” women's Linux magazine. I see a lot of inequality mentions in my Twitter feed about the disproportionate lack of women's involvement in tech. Imagine the kind of new readership you'd gain by actively seeking out new female authors? Find one to join the repeated, monthly contributors as well as have a variety of guest women authors. Heck, kick it off by having a special all-woman-authored issue?

Get crazy, generate some new, fresh ideas. I'll keep checking in periodically to see how you all are doing. I hope to be back.


Jon Miller

Jon, thanks for the great feedback. Trying to come up with relevant, interesting and entertaining content is the ultimate goal for us here. Without feedback, we're just making educated guesses with our own nerdy intuition. Thanks again, and hopefully we'll see you back in the future!—Shawn Powers

RE: the Awesome Program You Never Should Use

Regarding Shawn Powers' UpFront piece in the November 2014 issue: if one's shell is Bash and has the HISTCONTROL variable set to ignorespace, then one can “mitigate potential damage” by prefacing the command with a space so your user name/password doesn't appear in your .bash_history file.

Having said that, sshpass is a horrible tool for all the reasons outlined in the review. I'm not endorsing the method or the tool, I'd rather err on the side of caution and just not use it and find a better way to accomplish my goal.

But, if one doesn't mind feeding credentials on the command line (ideally in a closed environment), then sshpass could be useful. And if people don't wish to have their user name/password appear in their history, at least there's a method for that.


Eric Frost

Eric, great tip, and thank you! I pondered a long time about including sshpass in the magazine. Like you, I see just how horrible the idea of putting user/pass on the command line can be. Still, there are occasions when I find myself using it, so I decided I'd rather talk about it than try to “secure” it with obfuscation or by ignoring it. Still, it does creep me out every time I use it!—Shawn Powers

A Very Thorough Article on SQL Injection

Shea Nangle's article on Drupageddon in the February 2015 issue was well researched and thorough. It was very useful to see the comparison of the legitimate SQL queries vs. the malicious SQL queries, and the output of each. One thing missing was a suggestion of the “best” place to research security vulnerabilities in Drupal. The official Drupal Security Team site (https://www.drupal.org/security) is pretty limited if I want to search for specifics. I don't see a way to “list only vulnerabilities for Drupal 7” or “show me only Highly Critical vulnerabilities”. There must be something better than paging through ten entries at a time.


Dan Stoner

Shea Nangle replies: Thank you for your kind words regarding the article! In terms of the Drupal Security Team Web site, I am, unfortunately, not aware of any way to query the site in the fashion that you mention. That said, the Advanced Search functionality of the National Vulnerability Database (https://web.nvd.nist.gov/view/vuln/search-advanced) allows you to do the sort of querying that you're referring to, at least for any vulnerabilities for which CVEs have been assigned.

Kernel Column

What happened to Zack Brown's diff -u kernel column in the February 2015 issue? This is first thing I read every issue! Do not ditch this!


Stephen

Don't worry—Zack's kernel column is back this issue. He was just too busy during the holidays to write that month. Glad you like the column!

Readers' Choice Awards and Raspberry Pi

How about having a category called “Best application for on-line reading of Linux Journal”?

Have you bought your Raspberry Pi 2 yet? I looked on the Radio Spares (I am in UK) site today and already they are on back order.


Roy Read

Thanks for the category suggestion for the next Readers' Choice Awards. We hope other readers will send ideas as well! Regarding your Raspberry Pi question: I have a few B+ models of the original Raspberry Pi, but I just don't have a need for the RPi 2 yet. I'm building an emulation machine for old console games, and I'll probably wish I had the faster model 2, but the B+ should be powerful enough. I love that the price is still $35!!!—Shawn Powers