Letters

Commenting on Linux Journal Articles

One does not appear to be able to comment without "logging in". Here is what I had intended to say as a comment about Doc's post titled "A Line in the Sand". I do not use "social media". One consequence is that I cannot login with any of the pretty icons (below "LOG IN WITH"). I also do not want sites like DISQUS monitoring what I do or wanting to take away my ownership of my comments. I run my computer using the Qubes OS ("OS" for want of better terminology). So it should be fairly obvious which side of the line I stand on.

—John

Doc Searls replies: Hi John, and thanks for writing. I appreciate your comment. Glad to know what side of the line you stand on.

The reason we require a login for comments is that without one, we attract a torrent of spam. It's like opening a door into hell, and I'm not exaggerating.

The commenting system we use, Disqus, is the only choice on the publishing market that is both widely used and makes commenting easy. By default, it comes with exactly the kind of tracking we're fighting against, but it does have options that allow us not to participate in the tracking. Of course, you're still exposed through Disqus itself, although Disqus gives you the option of posting using another identity, such as your Twitter handle.

We've looked long and hard at alternatives. The best of those we've seen is Coral, an open-source commenting system developed originally by Mozilla. Unfortunately, Coral requires an administrator on the case, and we're too small to afford that.

The remaining choice is not to have comments at all. It's a possibility. Meanwhile, we're holding our nose and using Disqus, adjusted to minimize tracking. Disqus is widely used and easy, and also the only thing that has worked for us for managing spam.

Hope that helps.

Security Podcast

I read the security-related articles in the February 2019 issue with great interest. I found the various articles interesting. I would like to let other readers of Linux Journal, who may not be as technically advanced, know that there is a podcast that I found extremely useful while learning the more technical aspects of security. The podcast I am referring to is "Security Now" with Steve Gibson and Leo Laporte on the TWIT network. All of the podcasts can be accessed at https://twit.tv/sn, and full text transcripts are available on Steve's site.

Thanks for the great magazine.

—William Main

Password Manager Roundup

I love your magazine, and although I have to admit I don't read it as much as I would like, I always think about a good go when I have the time.

I just stumbled upon Shawn Powers' article about password managers from the the February 2019 issue, and I need to add a little bit of information that is really important and might switch some users.

I did similar research a couple months ago (it would have been great if this article was out before that!), and I arrived at similar results.

The one little piece of information is that Bitwarden was my choice, because it's a complete open-source project. Being open-source, you get the code, and it's not only the code from the clients, but also from the server. So, you can host your own Bitwarden server, and use ALL clients and browser plugins to connect to your own Bitwarden server.

That is a complete change for all "paranoid" users out there who don't want to have their data out of their control.

The "licensed" features function on both the cloud and hosted version. If you buy a license (that I did!), you can use it on their own cloud servers and at the same time your own server.

That also will give you all the storage you have free on the server for your vault, so you don't need to get extra storage on the license, because it's only for the cloud version.

The installation on your own server can be very awkward, because you have to get the source code and fiddle around with a lot of crap. There is a quick option to use Docker and use their script to deploy the solution on your Docker server without almost any issues.

Hope this helps some people out there.

—JB

Queen Bee with a Shell One-Liner

I enjoyed Reuven M. Lerner's article on cheating with Python ("Become Queen Bee for a Day Using Python's Built-in Data Types"), but you can solve the NY Times' Spelling Bee puzzle with one line in the shell:


egrep '^[eoncylt]{4,}$' /usr/share/dict/american-english 
 ↪| grep y

Here "eoncylt" are the possible letters, and the final grep command makes sure the words use the center letter "y".

Replace the {4,} to {7,} to see only words that are at least seven letters long—this finds the "pangrams" that use all the letters, but might also find a few words that don't. No pangrams show up for Reuven's example, so I'm guessing he didn't take it from an actual NY Times puzzle.

Reuven M. Lerner replies: It's true—grep would be a fine solution to this puzzle. My point was to show a few different ways to play with Python data structures, rather than to give the most efficient solution, which might indeed be yours! As for whether I used an actual puzzle for my examples, I promise you that I did; I wish I were talented enough to come up with one on my own.

Send LJ a Letter

We'd love to hear your feedback on the magazine and specific articles. Please write us here or send email to ljeditor@linuxjournal.com.

Photos

Send your Linux-related photos to ljeditor@linuxjournal.com, and we'll publish the best ones here.