Setup Puppy as a traditional, but updated operating system

How to do things, solutions, recipes, tutorials
Post Reply
Message
Author
clerk_gabel
Posts: 24
Joined: Wed 29 Aug 2018, 15:13
Location: norway

Setup Puppy as a traditional, but updated operating system

#1 Post by clerk_gabel »

The intention of Puppy is mainly to be a portable operating system. Though, a full install to HDD is possible and here a recipe for how to install Puppy booting an updated kernel and running a maintained browser, with easy cabling to mobile phones and space for storage of photos etc.

1) Download the 32 bit Slacko Puppy 6.3.2 iso from puppylinux.com and burn it as bootable to a USB stick (if burned to CD it might or might not boot, depending on hardware). Boot the USB stick and do immediately a full install to HDD, configuration can wait. Do not save configurations etc.under the installation aside saving the partition table that must be created with Gparted and installing the boot manager. Underneath is an example of a table with sda3 dedicated for storage of photos. Now shutdown, remove USB stick and reboot.

2) To make Puppy boot kernel 4.9.1 and run Firefox Quantum the files seen on the second image are necessary, where .txz archives was downloaded from Slackware repositories, the apulse library from a RedHat site and pets kindly provided by members of this forum, and to be found in various locations if browsing the forum. The 4.9.1 kernel is provided by Hesse James

http://www.murga-linux.com/puppy/viewto ... 3&start=36

3) Kernel-4.9.124_Xenial64.tar.gz contain when unpacked several files where the file vmlinuz-4.9.124-xenialpup64 should be renamed to vmlinuz and the file kernel-modules.sfs-4.9.124-xenialpup64 to kernel-modules.sfs.
The kernel-modules.sfs can now be installed from the filemanager, and the native vmlinuz existing in the /boot folder be replaced with the Xenial vmlinuz compiled by Hesse James.

Following a reboot the attached spectre-meltdown-checker.sh script should confirm mitigation for Meltdown and Spectre v.1 processor issues.

4) to install Firefox Quantum the archive firefox-60.0.1-32-bit.tar.gz must be unpacked in the /opt folder (will unpack in /opt/firefox32), otherwise the MenuEntry pet will not work. Firefox Quantum is dependent of the gtk+3 archive, the CamPhoneTab app needs libgcrypt, apulse audio is a prerequisite of Firefox and openssl an updated security protocol for browsing.

With this setup two different mobile phones without problems connected to Puppy, where it just was to drag and drop folders from phone to the sda3 storage. Strange a 64-bit kernel works on a 32 bit system.

Link to rcrsn51's great CamPhoneTab:

http://murga-linux.com/puppy/viewtopic.php?t=102321

Edit: On this mixed-race Puppy the utilities SysInfo, PupSysInfo, PupKview and PupScan works but interfer with browsing.Their entrances in the menu may be disabled via the Meny Manager and later reenabled if a more appropriate 32bit kernel should appear. With Firefox the User-Agent is: Mozilla/5.0 (X11; Linux i686 on x86_64; rv:62.0) Gecko/20100101 Firefox/62.0
Attachments
parttable.png
(29.47 KiB) Downloaded 490 times
files.png
(24.66 KiB) Downloaded 496 times
spectre-meltdown-checker.sh.gz
courtesy of speed 47 (GitHub). Rename to spectre-meltdown-checker.sh
(124.76 KiB) Downloaded 163 times
Last edited by clerk_gabel on Sun 16 Sep 2018, 11:54, edited 2 times in total.

User avatar
rufwoof
Posts: 3690
Joined: Mon 24 Feb 2014, 17:47

#2 Post by rufwoof »

Thanks for the detail, however from a security perspective installing Puppy to HDD is worse than having concerns about using the latest patched up kernel. As is having data on the same system. Even save folders on the same system are security weak, as for instance a browser flaw that permits remote access can relatively easily elevate to root on Puppy and then modify the savefolder content for persistence purposes. Save files are only marginally better. The more optimal is CD/DVD boots with no local data, no saving other than immediately after rebooting clean and making config changes or updates before creating a new clean save image (i.e. later kernels can be installed/used). For browsing, a sfs of the latest version of Chrome/whatever also has you starting a session with the latest/clean/security-patched browser that can be updated relatively easily as later versions are released.

Personally I use sshfs for networking to my phone, and reverse sshfs from a OpenBSD box that acts as a data server (mounts one of its folders as a mountpoint on Fatdog whenever it detects it coming online). That data is backed up to a OpenBSD box folder that Fatdog has no access to. That way you can just use rox/whatever on those files/folders (mount points) as though they were local folders and wirelessly in the case of the phone. If I do have my usb phone/pc lead plugged in then I'll use MTP for its better transfer speeds - but only tend to do that if speed is of essence (mostly I transfer files in the background whilst doing other things).

Remember that hackers have the advantage in that they just need a single flaw, whereas prevention requires near impossible effort and reliability (security bugs are just another bug (of which at any one time there will be many within the average system) that can be exploited in a way that compromises security). Rather than feeling safe, better to come at it from the opposite direction and ask what damage might be caused if someone was in control of root cli. In the past obscurity such as Puppy was a reasonable defence, however potential attack vectors used by hackers have become more refined and broad/deep. Fundamentally for most single user desktop type setups it will be (certain) data that is the most invaluable and as such likely would be the primary focus (anyone who has had their identity stolen will tell you just how devastating and inconvenient that can be), along with online banking activities (general/other online transactions can use a low value card/account to lower the risks).
Attachments
xscreenshot-20180914T004128.jpg
(58.62 KiB) Downloaded 674 times
[size=75]( ͡° ͜ʖ ͡°) :wq[/size]
[url=http://murga-linux.com/puppy/viewtopic.php?p=1028256#1028256][size=75]Fatdog multi-session usb[/url][/size]
[size=75][url=https://hashbang.sh]echo url|sed -e 's/^/(c/' -e 's/$/ hashbang.sh)/'|sh[/url][/size]

clerk_gabel
Posts: 24
Joined: Wed 29 Aug 2018, 15:13
Location: norway

#3 Post by clerk_gabel »

rufwoof - thank you for insight.I believe I understand what you say, that flushing the operating system when rebooting will keep it pristine, and documents are recommended to be stored externally. In that way Puppy probably is a horse head in front when it comes to security, compared to other operating systems, and might well be the future.
My perspective for a full install was the impression that with firewall, updated kernel and Firefox Quantum keeping itself up to date a full install of Puppy is reasonable secure, and that an individual in the unlucky case of e.g. identity theft could argue with these precautions if anything legal should follow.
Advantages of a full install is of course storage capacity, preserving browser updates and the boot up time. It is convenient with a fast boot when receiving a phone call and having to verify a booking number, and some educational videos stored on the hard disk was finally studied when recently our modem broke under a heavy thunder.
G-mail invite to save documents in the cloud, it may be the future for many. As you say, using low value cards for PayPal is a must.
Otherwise the full install works OK except from problems with Sys-Info and PupSysInfo, as mentioned above. The pet debbi-1.3 (also by rcrsn51) made it uncomplicated to install drivers for a wireless Brother printer, also Softmaker Office works fine on this small Linux.

User avatar
Mike Walsh
Posts: 6351
Joined: Sat 28 Jun 2014, 12:42
Location: King's Lynn, UK.

#4 Post by Mike Walsh »

There is of course the ultimate security solution, y'know.

There's this thing called a wall socket.

There's this thing called a plug.

You pull the one out of the other, and.....you never, ever put it back in!

Sorted!

----------------------------

You can spend so much time worrying about whether you're being hacked that you never actually use your computer for anything at all...... :lol:


Mike. :wink:

User avatar
rufwoof
Posts: 3690
Joined: Mon 24 Feb 2014, 17:47

#5 Post by rufwoof »

Mike Walsh wrote:There is of course the ultimate security solution, y'know. There's this thing called a wall socket. There's this thing called a plug. You pull the one out of the other, and.....you never, ever put it back in! Sorted!

You can spend so much time worrying about whether you're being hacked that you never actually use your computer for anything at all...... :lol:
You could stay indoors rather than taking the risks of going outside, most however accept the risks. In contrast many opine that they wont get hacked whereas the better stance is to appreciate anyone could get hacked at any time, and when so what would that entail. "Raising the bar" helps better protect you from the likes of identify theft - which can lead to years of strife. The likes of HP's bought in your name with the sellers pursuing you through courts; Debt agencies - who often have added sizeable fees/costs on top of recovery values by the time they come to knock your door in order to seize assets in lieu of recovery payments ...etc. Proving/arguing that you did do/buy x but not y can be a real nightmare, especially when it can sustain repeatedly for years. A initial attractor for further undesired focus is often something seemingly trivial such as casual disregard for on-line activities/security-procedures that open up easy initial access to some identity details. Once under that spotlight there's incentive to build upon that with more concerted efforts. If in contrast initially there are clear indications of regard for security-procedures/methods and little is gleamed from a cursory first pass inspection/detection, then the inclination is to move onto easier targets.

But yes there are also easier alternatives. Consider for example this thread/forum and some opting to use/reveal real names. A simple single transparent pixel image link included in a posting potentially reveals readers IP and geographic location - and with cross references its somewhat trivial to refine down to particular individuals. Then utilising the electoral register or whatever can further refine that down to a particular street/house. Registry office reveals birth/marriage details. A casual brush past might lead to credit card number. Car parked on the driveway reveals a registration number. Land registry reveals how long you've lived at that address ...etc. Way more than enough to get a identity thief well on the road to potentially making a killing.

Theft from a distance is on the rise. Recent US figures for instance indicate 17 million cases of identify theft (from across a 325 million population) in 2017 of which 60% were malicious (i.e. include online shopping and payment account fraud, email and social media fraud, and medical services, insurance and securities account fraud, and other identity theft). A record high, that follows prior years record highs. 1 in 20 could relatively quickly rise to 1 in 10. More so when you see a general sense of how many are so casual.
[size=75]( ͡° ͜ʖ ͡°) :wq[/size]
[url=http://murga-linux.com/puppy/viewtopic.php?p=1028256#1028256][size=75]Fatdog multi-session usb[/url][/size]
[size=75][url=https://hashbang.sh]echo url|sed -e 's/^/(c/' -e 's/$/ hashbang.sh)/'|sh[/url][/size]

User avatar
rufwoof
Posts: 3690
Joined: Mon 24 Feb 2014, 17:47

#6 Post by rufwoof »

clerk_gabel wrote:rufwoof - thank you for insight.I believe I understand what you say, that flushing the operating system when rebooting will keep it pristine, and documents are recommended to be stored externally. In that way Puppy probably is a horse head in front when it comes to security, compared to other operating systems, and might well be the future.
Hi Clerk. OpenBSD --current has a fresh version most days and is what many OBSD users track. 9MB bsd.rd file that you download to / (of a existing OBSD installation) and then boot (enter bsd.rd at the boot prompt). That pulls everything down over the net and installs in around 4 or 5 minutes on a modest speed link. Textual based install process, mostly just pressing ENTER. cwm is a popular window manger with OBSD users. No window titles, all very bland to look at, but very functional (once you get over the initial learning curve of a limited number of key bindings such as alt-? and type the first 2 or 3 characters of a program name to identify it, and press Enter to launch it; ctrl-alt-m to maximise a window; alt-tab to flip between windows; Alt left mouse to move a window, alt-middle mouse to resize a window). Well suited to predominately keyboard users (laptop), but with hot corners xlunch and skippy-xd it can be great for predominate mouse usage as well - gnome like. I have a script that I run at first boot after updating to the latest snapshot, which pushes the full install time up to around 8 minutes in total (but after launching that you can go off and make a cup of tea i.e. it pulls down a browser ...etc. and come back to a ready to go desktop (with all my personalisations/customisations etc.)

OBSD is one of the more secure choices, and you can keep current relatively easily as and whenever you desire or feel appropriate. Focuses you on activities rather than cosmetics. Not clean at every reboot, but breaking in in any meaningful way (root) is very difficult. The security is quite intense and as a whole i.e. no separate kernel as per Linux, but a complete OS that is all security audited as a whole (and that includes their own version of X, randomisation of kernel, inodes, PID's etc. and swap is sliced up and encrypted. Pledge monitors programs (stay within what they're expected to do/use), Unveil monitors disk usage. W^X (write xor execute - so hackers can't write to a memory area that can also be executed) ..etc. etc.).
Advantages of a full install is of course storage capacity, preserving browser updates and the boot up time. It is convenient with a fast boot when receiving a phone call and having to verify a booking number
I'd just use the phone in such cases. The phone is also handy for the likes of google dictate for the initial creation of lengthier documents. Talk them out on the phone, copy across to your desktop to textually edit. My setup is that my data server is isolated but reverse sshfs's into my desktop system to expose a single folder for the desktop to use. I also have a sshfs session to my phone. That all connects/mounts automatically. So my setup is primarily just OpenBSD base system + browser + sshfs-fuse packages - and that generally serves most of my needs. When I do want something more specialist I tend to just pkg_add install it ... use it and pkg_delete it again afterwards.
[size=75]( ͡° ͜ʖ ͡°) :wq[/size]
[url=http://murga-linux.com/puppy/viewtopic.php?p=1028256#1028256][size=75]Fatdog multi-session usb[/url][/size]
[size=75][url=https://hashbang.sh]echo url|sed -e 's/^/(c/' -e 's/$/ hashbang.sh)/'|sh[/url][/size]

clerk_gabel
Posts: 24
Joined: Wed 29 Aug 2018, 15:13
Location: norway

#7 Post by clerk_gabel »

rufwoof - I have printed out your advice and will read them in detail later, as your thoughts and solutions on cybersecurity are inspiring but hard to understand.
I somehow connect openBSD with OS/2 and thought both systems had their prime a long time ago, but it is clearly a nice idea using not so well known tools and weapons in a defensive strategy. Society are probably entering an unknown territory of digital change where your experiences and ideas is an asset and probably should be considered not only by institutions but also by the "end user".
For practical purposes most use computers working in a more or less standardised way, and the weakest link in the chain is still the human factor. Thank you for reply, and good luck in further explorations in cybersecurity. 8)

Post Reply