Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Sat 17 Nov 2018, 01:20
All times are UTC - 4
 Forum index » Taking the Puppy out for a walk » Suggestions
Is Puppy Tails possible?
Moderators: Flash, Ian, JohnMurga
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 1 [12 Posts]  
Author Message
jss83

Joined: 06 Jan 2015
Posts: 267

PostPosted: Thu 11 Oct 2018, 06:16    Post subject:  Is Puppy Tails possible?
Subject description: A derivative of Puppy based on Tails..
 

I would love to use a Puppy linux based on Tails with all its added privacy security features and applications. Tails itself is too big for me, the current iso size is 1.2 gb, which would expand more when installed,, I'd think..

I don't know if it is possible to shrink it down to have a Puppy Tails version of it but if it can be done, it would be very useful.
Back to top
View user's profile Send private message 
s243a

Joined: 02 Sep 2014
Posts: 1275

PostPosted: Thu 11 Oct 2018, 11:15    Post subject:  

Looking at wikipedia Tails is Gentoo based. I don't believe that Woof builds support Gentoo. We could try doing some kind of hybird. TazPup has a builder to do such a thing for Slitaz linux. Perhaps we could adapt it for a Gentoo based linux.

That said, we don't necessarily need to use the same binaries. The biggest advertised feature of Tails is that it forces all connection through Tor. This can be done using Tors transparent proxy.
https://trac.torproject.org/projects/tor/wiki/doc/TransparentProxy

Tails isn't necessary to do this. Here are some threads/posts on this:
rc.local, rc.firewall and Tor's Transparent Proxy
How to hide user ID and location while on the 'net?
Back to top
View user's profile Send private message 
s243a

Joined: 02 Sep 2014
Posts: 1275

PostPosted: Thu 11 Oct 2018, 11:37    Post subject:  

If we were going to do the hybird approach, like TazPup, Then we would probably want to start with a minimal version of Gentoo and then add whatever packages from tails that we thought are required. Here are some links I got when searching for minimal Gentoo:

Sakaki's EFI Install Guide/Creating and Booting the Minimal-Install Image on USB

Installation/Media#Minimal_installation_CD
Back to top
View user's profile Send private message 
scsijon

Joined: 23 May 2007
Posts: 1364
Location: the australian mallee

PostPosted: Thu 11 Oct 2018, 11:49    Post subject:  

Alternately ask and work with Barry and Easy and add tor to the containerset as containers do add security and can be set to limit access to the system areas?

Since tor is not 'suppose' to be on the same machine, theoretically tor could be isolated in it's own container and the user (non-root) be in another container, and if I understand how containers ~correctly work, that should be a possible isolation.

You could then maybe use an internal software gateway package between containers to handle what would otherwise need an extra ethernet type port (hardware but no physical connection) to transfer through???

just a thought
Back to top
View user's profile Send private message Visit poster's website 
s243a

Joined: 02 Sep 2014
Posts: 1275

PostPosted: Thu 11 Oct 2018, 12:03    Post subject:  

scsijon wrote:
Alternately ask and work with Barry and Easy and add tor to the containerset as containers do add security and can be set to limit access to the system areas?

Since tor is not 'suppose' to be on the same machine, theoretically tor could be isolated in it's own container and the user (non-root) be in another container, and if I understand how containers ~correctly work, that should be a possible isolation.

You could then maybe use an internal software gateway package between containers to handle what would otherwise need an extra ethernet type port (hardware but no physical connection) to transfer through???

just a thought


A tor container would be a good idea and as a plus one wouldn't need to use tor for every connection. Instead they would only use tor on the aps running in the tor container. One could also run several different tor circuits in different containers Smile
Back to top
View user's profile Send private message 
jss83

Joined: 06 Jan 2015
Posts: 267

PostPosted: Fri 12 Oct 2018, 12:57    Post subject:  

Yeah, I didn't mean to be exact replica of it but somewhat similar to it. But someone suggested me that one could have vpn set up as default and have better privacy than tor. So .. that sorts out the privacy thing and if we add some of the features/apps present in it then we're there.

https://tails.boum.org/doc/about/features/index.en.html
Back to top
View user's profile Send private message 
nosystemdthanks

Joined: 03 May 2018
Posts: 360

PostPosted: Fri 09 Nov 2018, 10:59    Post subject:  

you really shouldnt do this.

a privacy-touting distro should be done with a serious attitude-- the exact sort of attitude that puppy users thumb their nose at.

puppy already has features that weaken tor, sooner or later youre going to get someone hurt or killed. i mean i was just talking about this hypothetically in another thread, before i realised someone was actually trying to do this.

jss83 wrote:
someone suggested me that one could have vpn set up as default and have better privacy than tor.


this is just unbelievably sad. im all for tinkering and screwing around, this is one time you should just do something else instead. no-- puppy tails isnt possible, its a terrible idea that will cause more harm than good-- and you wont even know. if you insist-- at least remove petget, ping, wget and curl. that will make it a little less likely for this terrible idea to hurt someone in china who wants freedom.

a love of older, infrequently updated binaries, scripts with no security experts looking them over and a general "who cares" approach is so wrong for a privacy distro. it should be done with great commitment and care.

just dont do it. if its been done before, it shouldnt be.

the only way tor (as a plugin or part of a distro) should ever be combined with puppy is with a big disclaimer that says "this is a toy, if you are relying on this for privacy or personal safety, please dont use this."

years ago (and again with xenial) i cleaned up a lot of what shouldnt be in puppy if youre going to use it with tor. thats progress-- but i still wouldnt trust it with this. it also only helps people who use my code to clean it. thats not many.

if this is safe enough for you, then youre only thinking of yourself. and thats no way to make a privacy based distro either.

finally, heres a similar idea: make a puppy app that helps you avoid pregnancy with an app like this one: https://www.engadget.com/2018/01/15/natural-cycles-app-unwanted-pregnancies/

it might cause more problems than good, but if it helps one person, who cares about the rest?
Back to top
View user's profile Send private message Visit poster's website 
s243a

Joined: 02 Sep 2014
Posts: 1275

PostPosted: Fri 09 Nov 2018, 13:14    Post subject:  

nosystemdthanks wrote:
you really shouldnt do this.

a privacy-touting distro should be done with a serious attitude-- the exact sort of attitude that puppy users thumb their nose at.

puppy already has features that weaken tor, sooner or later youre going to get someone hurt or killed. i mean i was just talking about this hypothetically in another thread, before i realised someone was actually trying to do this.

jss83 wrote:
someone suggested me that one could have vpn set up as default and have better privacy than tor.


this is just unbelievably sad. im all for tinkering and screwing around, this is one time you should just do something else instead. no-- puppy tails isnt possible, its a terrible idea that will cause more harm than good-- and you wont even know. if you insist-- at least remove petget, ping, wget and curl. that will make it a little less likely for this terrible idea to hurt someone in china who wants freedom.

a love of older, infrequently updated binaries, scripts with no security experts looking them over and a general "who cares" approach is so wrong for a privacy distro. it should be done with great commitment and care.

just dont do it. if its been done before, it shouldnt be.

the only way tor (as a plugin or part of a distro) should ever be combined with puppy is with a big disclaimer that says "this is a toy, if you are relying on this for privacy or personal safety, please dont use this."

years ago (and again with xenial) i cleaned up a lot of what shouldnt be in puppy if youre going to use it with tor. thats progress-- but i still wouldnt trust it with this. it also only helps people who use my code to clean it. thats not many.

if this is safe enough for you, then youre only thinking of yourself. and thats no way to make a privacy based distro either.

finally, heres a similar idea: make a puppy app that helps you avoid pregnancy with an app like this one: https://www.engadget.com/2018/01/15/natural-cycles-app-unwanted-pregnancies/

it might cause more problems than good, but if it helps one person, who cares about the rest?


Your negativity here isn't really helpful. We all for instance don't have the computing power to run Qubes OS and a lot of the features on puppy that you consider to "weaken security" help make things easier for new users. Finally since puppy is smaller / less complex it might avoid attacks that are based on having "feature x" installed.

The fact that puppy might be missing some feature that you think is essential for security is a learning opportunity. The puppy user can learn what this feature is, how to implement it and whether or not it is essential to them based on their threat model.

If one runs the tor browser with javascript disabled then it is pretty safe. You're right though that in China there are bigger issues because in China one has to conceal the fact that they are using Tor by using pluggable transports. They also might want to ensure that each application uses a new tor circuit to avoid correlation attacks.

I agree that Tor on puppy might not be recommended for a Chineese Tor user but I really don't think that it helps to make this a political issue. Rather it is better to discuss what additional steps someone from China might need to take and how easy/hard it is to do these on puppy.,
Back to top
View user's profile Send private message 
nosystemdthanks

Joined: 03 May 2018
Posts: 360

PostPosted: Sat 10 Nov 2018, 14:28    Post subject:  

Quote:
The fact that puppy might be missing some feature that you think is essential for security is a learning opportunity.


you are correct-- if it is treated as such.

Quote:
The puppy user can learn what this feature is, how to implement it and whether or not it is essential to them based on their threat model.


correct.

Quote:
I really don't think that it helps to make this a political issue.


it is a political issue. tor wouldnt exist unless this were a political issue.

Quote:
Rather it is better to discuss what additional steps someone from China might need to take and how easy/hard it is to do these on puppy.,


ok, i agree. but the problem is, that is not very likely to happen, though if it does happen, then you are absolutely right.
Back to top
View user's profile Send private message Visit poster's website 
musher0

Joined: 04 Jan 2009
Posts: 12975
Location: Gatineau (Qc), Canada

PostPosted: Tue 13 Nov 2018, 12:24    Post subject:  

Hi guys.

Sorry to barge in...

I would say that this is an issue for society at large rather that a question
of politics in the narrow partisan sense.

It should be a referendum question posed to all voters, and all political
parties in every country should make it a concern on their platform.

Because a society where every citizen has the technical means to spy on
everybody else is a sick society, regardless of one's political leaning.

To view the same idea from the other end of the looking glass, if every
citizen in society X feels the need to use TOR or a similar tool to protect
him|her|self from prying eyes, that means society X is sick.

If society X is sick, then protective technology will not be enough -- it is
even only a symptom of the illness.

Re-establishing trust at a normal level in all segments (personal life,
commerce, politics, health and justice systems) of society X will be the
real task to tackle, and that will be a long, arduous and winding road.
Beyond technology.

My 2¢.

_________________
musher0
~~~~~~~~~~
Je suis né pour aimer et non pas pour haïr. (Sophocle) /
I was born to love and not to hate. (Sophocles)
Back to top
View user's profile Send private message 
s243a

Joined: 02 Sep 2014
Posts: 1275

PostPosted: Tue 13 Nov 2018, 13:32    Post subject:  

musher0 wrote:


If society X is sick, then protective technology will not be enough -- it is
even only a symptom of the illness.

Re-establishing trust at a normal level in all segments (personal life,
commerce, politics, health and justice systems) of society X will be the
real task to tackle, and that will be a long, arduous and winding road.
Beyond technology.

My 2¢.


The point of a safegaurd is to have it in place and utilized before it is needed. Also society may not know what they need. It is better that society recognize the need for something like tor than to be completely manipulated into believing that they don't need something like tor. Besides people often don't know what they need to hide. If they did then sacrificing fart house members to the alter of political correctness wouldn't be such a sport to the outrage-click-bate twit-sphere.
Back to top
View user's profile Send private message 
musher0

Joined: 04 Jan 2009
Posts: 12975
Location: Gatineau (Qc), Canada

PostPosted: Tue 13 Nov 2018, 14:05    Post subject:  

Hi, s243a.

In your expression "outrage-click-bate twit-sphere",

I do understand
"twit-sphere" = a sphere (or collective) of twits; but that's about it...

"outrage-click" = some people start clicking when outraged. But on what?
"outrage-click-bate" = I have no idea what you mean by "bate". Or
perhaps you meant "bait"?

Thanks in advance for shedding some light.

I do agree with you that too many people get their kicks from playing a
psychological game of "Ain't It Awful"
http://www.ericberne.com/games-people-play/aint-it-awful
(aka known as "political correctness", IMO).

BTW, I am not excluding the use of protective technology, I am not naive.
I'm saying that it is not enough: IMO, we have to also try at the same
time to rebuild a general sense of trust within our societies.

BFN.

_________________
musher0
~~~~~~~~~~
Je suis né pour aimer et non pas pour haïr. (Sophocle) /
I was born to love and not to hate. (Sophocles)
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 1 of 1 [12 Posts]  
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Taking the Puppy out for a walk » Suggestions
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0999s ][ Queries: 12 (0.0043s) ][ GZIP on ]