Puli 32/64 bit

[gjuhasz]

Dear Puli users,

I grabbed a popular midi editor from https://www.midieditor.org then created the

midieditor_3101-amd64.pet

package by adding the required Qt5 libraries.

After testing with Puli 7.1, I uploaded it to my collection at

https://sourceforge.net/projects/puppys ... /packages/

Probably runs with the rest of the Xenial64 based puplets, too.


Have fun!

Regards,

gjuhasz

[gjuhasz]

Dear Puli users,

I found that most of the static TeamViewer packages (pet, sfs, etc) are incompatible with the earlier ones thus the remote instance refuses the connection.
So, for fun, I downloaded the latest TeamViewer plugin for the 64-bit Google Chrome, tailored for Puli 7.1, then created the TeamVplugin_14-64p.sfs package.

I tested it with with Puli 7.1. Available in my collection at

https://sourceforge.net/projects/puppys ... /packages/

It seems that it can connect even to ancient versions. It is recommended to register the controller machine (or its IP address) in the login window. (TeamViewer sends a confirmation email to the registered email address)

Please note that this plugin can be selected only in a normal (non-incognito) window of Chrome.
I am not sure whether it is visible in Chromium/Iron/Slimjet etc.

Probably runs with the rest of the 64-bit puplets, too.


Have fun!

Regards,

gjuhasz

[mikeslr]

Note the "Maybe" in the title of this thread. The described method of creating an ISO works. But, I've yet to test whether that ISO (a) is actually bootable; and (b) it preserves Puli's unique features.

Why an alternate method? LinuxLive USB Creator works fine. However, it creates a bootloader not easily modified. It also creates a single Fat32 formatted disk while Puppies have greater capabilities if booted from a Linux Formatted File system. Neither of those limitations are important if you are only going to use Puli as intended: on a USB-Stick you can remove after booting into it.

LinuxLIveUSB Creator is a program which runs under Windows and, AFAIK, LinuxLIve can't be run under Wine. Consequently, writing Puli to a USB-Stick can't be easily done from a running Puppy. There are ways, but they are not 'Newbie' friendly.

Having a secure operating system you can carry in your pocket when booting from 'chancy' locations and computers is Puli's objective. But there will be many times when neither the location nor the computer into which the USB-Key is plugged is not adequately secure. In the last couple of years the cost of USB-Sticks has plummeted. A 64 GB USB-Stick now sells for as little as $7.00. Why not have the convenience of both a secure operating system and another, albeit less secure but more feature rich operating system on the same USB-Stick.

Enter FrugalPup USB-Installer. Although there are other applications you can use under Puppies to install a different Puppy to a USB-Stick, gyro --with the help of bigpup, rcrsn51, foxpup and others-- has been working on an installer which can boot from either Bios or UEFI computers, creates a Fat32 boot partition and 2nd Linux formatted partition, and can be used to install more than one Puppy to the target USB-Stick. http://www.murga-linux.com/puppy/viewto ... 85#1005485. FrugalPup v15r can be installed into any (recent?) Puppy. I believe it may become a standard Puppy builtin. FrugalPup works with an ISO, as do most other Puppy installers.

Creating an ISO out of Puli's zip package is easy and quick:
(1) Download the zip package.
(2) Right-Click it and select UExtract from the popup menu. An extraction folder will be created.
(3) Optional, Recommended. Right-Click the extraction folder and from the popup menu select rename to rename it; for example Puli_7.1
(4) Open a terminal in "Puli_7.1"'s containing/parent folder: i.e, right-click an empty space next to the Puli_7.1 folder and select Window>Terminal Here.
(5) enter the command dir2iso NAME_of_Puli_folder, e.g.

dir2iso Puli_7.1

a iso will be created next to the Puli_folder; in the given example Puli_7.1.iso.

AFAIK, every recent Puppy includes the dir2iso module. Shinobar created a dir2iso pet, http://www.murga-linux.com/puppy/viewto ... 748#638748 which should work where dir2iso isn't a builtin.

[s243a]

Note the "Maybe" in the title of this thread. The described method of creating an ISO works. But, I've yet to test whether that ISO (a) is actually bootable; and (b) it preserves Puli's unique features.

Why an alternate method? LinuxLive USB Creator works fine. However, it creates a bootloader not easily modified. It also creates a single Fat32 formatted disk while Puppies have greater capabilities if booted from a Linux Formatted File system. Neither of those limitations are important if you are only going to use Puli as intended: on a USB-Stick you can remove after booting into it.

LinuxLIveUSB Creator is a program which runs under Windows and, AFAIK, LinuxLIve can't be run under Wine. Consequently, writing Puli to a USB-Stick can't be easily done from a running Puppy. There are ways, but they are not 'Newbie' friendly.

Having a secure operating system you can carry in your pocket when booting from 'chancy' locations and computers is Puli's objective. But there will be many times when neither the location nor the computer into which the USB-Key is plugged is not adequately secure. In the last couple of years the cost of USB-Sticks has plummeted. A 64 GB USB-Stick now sells for as little as $7.00. Why not have the convenience of both a secure operating system and another, albeit less secure but more feature rich operating system on the same USB-Stick.

Enter FrugalPup USB-Installer. Although there are other applications you can use under Puppies to install a different Puppy to a USB-Stick, gyro --with the help of bigpup, rcrsn51, foxpup and others-- has been working on an installer which can boot from either Bios or UEFI computers, creates a Fat32 boot partition and 2nd Linux formatted partition, and can be used to install more than one Puppy to the target USB-Stick. http://www.murga-linux.com/puppy/viewto ... 85#1005485. FrugalPup v15r can be installed into any (recent?) Puppy. I believe it may become a standard Puppy builtin. FrugalPup works with an ISO, as do most other Puppy installers.

Creating an ISO out of Puli's zip package is easy and quick:
(1) Download the zip package.
(2) Right-Click it and select UExtract from the popup menu. An extraction folder will be created.
(3) Optional, Recommended. Right-Click the extraction folder and from the popup menu select rename to rename it; for example Puli_7.1
(4) Open a terminal in "Puli_7.1"'s containing/parent folder: i.e, right-click an empty space next to the Puli_7.1 folder and select Window>Terminal Here.
(5) enter the command dir2iso NAME_of_Puli_folder, e.g.

dir2iso Puli_7.1

a iso will be created next to the Puli_folder; in the given example Puli_7.1.iso.

AFAIK, every recent Puppy includes the dir2iso module. Shinobar created a dir2iso pet, http://www.murga-linux.com/puppy/viewto ... 748#638748 which should work where dir2iso isn't a builtin.

Thankyou mikeslr for the tip. I'll give it a try.

I've been considering trying puli for a while and I think that puli's security features will match up nicely with the changes I'm working on so that sc0ttman package manager (i.e. pkg) will suport signature checking for either metadata downloads and/or by looking in inside the deb. I think I'm close but I'll let people know when I get it working. See threads:
1 - Using gpg/pgp signatures in Package Managers
2 - Validating Package Archives and Metadata

I know that Puli isn't the only idea for a security based version of puppy (see thread), but so far its the one that has captivated most of my interest for such a distro although fatdog64 and easyos have some features that I would like to see included in Puli such as mulsti-save usbs, the option to remove the usb and easy containers.

P.S. I agree with you that some people might want to install puli alongside another version of puppy on the same USB stick. Whether or not this is acceptable, I suppose will depend both on their threat model and how much space that they have on the stick.

[rufwoof]

Having a secure operating system you can carry in your pocket when booting from 'chancy' locations and computers is Puli's objective. But there will be many times when neither the location nor the computer into which the USB-Key is plugged is not adequately secure. In the last couple of years the cost of USB-Sticks has plummeted. A 64 GB USB-Stick now sells for as little as $7.00. Why not have the convenience of both a secure operating system and another, albeit less secure but more feature rich operating system on the same USB-Stick.

I have a usb stick boot that loads up network and ssh connects to the ssh server I use, where that connection is validated by ssh keys - which mitigates (or rather flags) man in middle attacks. That also has kexec installed, so once booted it can boot any other Puppy - where that other Puppy can be stored on the same device, or even pulled down (downloaded). That's a good combination IMO.

Under insecure circumstances, I can set all traffic to flow through a ssh tunnel (socks5) i.e. the same one that was used for validation. As a alternative to using a third party ssh server to connect and route traffic through, you can set up a ssh server at home and use that instead. Basically a ssh tunnel between the 'unsafe' location to your home network, and then using that as though you were at home for accessing web sites/whatever.

I actually compile a native kernel for that, where everything is contained within the vmlinuz i.e. modules/firmware/initrd are all 'built-in'. Which includes running a checksum and filesize measure on the vmlinuz, so if the usb is plugged into a hostile system that attempts to 'change' things, those changes would be flagged. In my case that vmlinuz is <15MB in size, but that is machine specific (kernel compiled with localyesconfig). For portability (to plug/use other hardware) the size does rise to around 75MB (additional modules/firmware).

Sounds like bother, but in practice is just a case of relatively simple changes and once done is pretty much transparent (except if a issue is encountered). It's like a different bootloader, boots (in a few seconds) to network connected/ssh validated, then I have a script to boot the main fatdog system that I use - but that could be a menu for any other choice of main boot. I store that all of that on the same usb stick, including save files.

[gjuhasz]

A 64 GB USB-Stick now sells for as little as $7.00.

Thank you for your interest in Puli.

In my opinion, one of the main Puli features is that you can unplug the pendrive after the selected additional packages are installed but before the Internet connection becomes active. This way, the pendrive remains intact.

If the same pendrive also boots other systems, it can be infected by cyber attacks with negative outcome for the next boot with Puli.

I propose using a dedicated (cheaper) pendrive for Puli and another one for the rest of the (even better and more beautiful) world.


Have fun!

Regards,

gjuhasz

[rufwoof]

I propose using a dedicated (cheaper) pendrive for Puli and another one for the rest of the (even better and more beautiful) world.

Hi gjuhasz

I cross referenced a Fatdog post to your above post, so just referencing back here.

A dedicated 'clean boot' pendrive is a excellent proposal Thanks.

[mikeslr]

gjuhasz, of course you are right. The surest way to preclude contamination of your operating system is to isolate it by removing the USB-Key.

There's a Cary Grant-Rosalind Russel comedy, "His Girl Friday" well worth watching. One of the sub-plots revolves around the concept "production for use": that is, having produced it, it would be wasteful not to use it. A not-particularly-bright character is facing execution. Without malice, fore-thought or intent, but having somehow acquired a policeman's pistol, he used it, killing the policeman.

Not every idea is a good idea; not even mine . Discourse and experimentation are the best ways for determining the limits of an idea's value. I hope that the procedure for converting a zip file into an ISO will attract more users --those of Puppy and Linux in general-- to the benefits of Puli. I suspect that the embellishment --creation of a multi-boot USB-Key-- was a manifestation of the concept "production of use".

[s243a]

gjuhasz, of course you are right. The surest way to preclude contamination of your operating system is to isolate it by removing the USB-Key.

There's a Cary Grant-Rosalind Russel comedy, "His Girl Friday" well worth watching. One of the sub-plots revolves around the concept "production for use": that is, having produced it, it would be wasteful not to use it. A not-particularly-bright character is facing execution. Without malice, fore-thought or intent, but having somehow acquired a policeman's pistol, he used it, killing the policeman.

Not every idea is a good idea; not even mine . Discourse and experimentation are the best ways for determining the limits of an idea's value. I hope that the procedure for converting a zip file into an ISO will attract more users --those of Puppy and Linux in general-- to the benefits of Puli. I suspect that the embellishment --creation of a multi-boot USB-Key-- was a manifestation of the concept "production of use".

Not everyone has the same security requirements though. For instance, assume that one has a trusted Internet connection and sticks to safe sites. I like your idea but I qualified it above with "depending on one's threat model" for reasons noted above.

[mikeslr]

I agree with you. An alternate way of maintaining integrity to a large extent would be to run all web-browsers in the "other Puppy" as spot. But, do keep in mind:
(a) Puppies, including Puli, do run as Root;
(b) rufwoof's objection that there are techniques for circumventing the permission limitations; and perhaps, most importantly
(c) Puli's modules --mild, rigorous, crazy, lazy-- for dealing with intruders are all bash scripts which install to the top level of the file system and so could be easily located and compromised if permission limitations were circumvented.

Once you go beyond 'Nothing exists', everything becomes both possible and vulnerable. There will always be a trade-off.

[gjuhasz]

Puli's modules --mild, rigorous, crazy, lazy-- for dealing with intruders are all bash scripts which install to the top level of the file system and so could be easily located and compromised if permission limitations were circumvented.

Hm.

If you boot Puli in Lazy mode, and while the /bin folder is being renamed to, let's say, "Hарру_Nеw_Yеаr" or even to a more complex string, the toolset of a malicious intruder becomes very limited or unusable.

Have fun!

Regards,

gjuhasz

[mikeslr]

Hi gjuhasz,

It's been a while since I set up a USB-Key with Puli. So, thought it best to review the instructions.
III. For advanced users, Paragraph 2, regarding smartload, says "Puli seeks those referenced packages in the /packages folder of the boot device and auto-loads them during bootup". With Puli 7.1, no "packages" folder is within the zip file, nor created by 'unzipping'. Is its creation something for the user to do? Or has the need for it been discontinued. I sort of remember that in an earlier "Bark", smartload looked for files on the partition.

I noticed that among the SFS you've provided at SourceForge you have Iron, but not Opera. I'm sure opera will run under Puli 7.1 as it runs under Xenialpup64 (also Bionicpup64). I'm interested in Opera as it provides a free VPN. I wonder what your thoughts are about regarding its use under Puli.

[gjuhasz]

Dear mikeslr,

With Puli 7.1, no "packages" folder is within the zip file, nor created by 'unzipping'. Is its creation something for the user to do?

Thanks for the notification. Puli seeks the referenced packages in this folder by default. An (empty) /packages folder will appear in the zip file of the next updates.

I noticed that among the SFS you've provided at SourceForge you have Iron, but not Opera. I'm sure opera will run under Puli 7.1 as it runs under Xenialpup64 (also Bionicpup64). I'm interested in Opera as it provides a free VPN. I wonder what your thoughts are about regarding its use under Puli.

As you know, Google discontinued supporting hardware acceleration a few months ago causing extremely slow motion in my favorite WebGL sites like http://madebyevan.com/webgl-water/.

So, we have three choices to survive:

1) Use the current versions of the Chromium flavors (including Opera) with closed eyes while visiting slowmo sites.

2) Use earlier versions that enable h/w acceleration

3) Use Firefox or its relatives such as Pale Moon.

I try do my best to keep Puli compatible with the popular browsers. Consequently,

ad 1) You may download the current version of Chrome and/or the Chromium based ones such as Iron, Slimjet, Opera, Vivaldi. Puli can (smart)load and flawlessly run any of them, sharing your bookmark set for each. I don't see the advantage of mirroring these official packages in my SourceForge repo.

ad 2) In my repo however, you see an earlier 64-bit Iron version, the latest one which supports hardware acceleration - note that it is more vulnerable than the current one.

ad 3) As Mozilla does not provide .deb or .rpm package for Firefox, we Puppy fans should create pets that may or may not run in all puplets. I have a Puli specific Firefox pet file (nightly flavor, can be sandboxed with Firejail) among the 64-bit packages and try to refresh it regularly. Feel free to download and update its /opt/firefox folder from the current version then repackage it for yourself any time.

The attached screenshot shows that you can run more than one browser instances in Puli simultaneously, e.g., the current Opera, the earlier Iron, and a Firefox nightly version.

Have fun!

Regards,

gjuhasz

[mikeslr]

Hi gjuhasz,

I think I'm beginning to understand how to fully implement the advantages you've built into Puli. In part, that's a result of your recent guidance. But also, to a large extent I chanced upon a file you named readme-710.html at SOURCEFORGE.

There have been some changes since you started this thread in December 2014. A large part of my confusion resulted from my decision to read thru the thread from its beginning. I strongly recommend that you edit the First post to point to the readme-710.html file. Less strongly, perhaps you could include something like it in /root/my-documents [or /usr/share/doc] in future versions of Pul with perhaps a desktop icon or menu entryi: once setup a User wouldn't have to access the internet to find answers to many questions.

Sorry that I can't give you a url reference to it. As I wrote, I changed upon it and have had the devil of a time trying to find it again.

[6502coder]

http://smokey01.com/gjuhasz/readme-710.html

[gjuhasz]

Dear Puli users,

Happy New Year!

I am proud to announce the new, 64-bit Puli 7.2.

The main files are available at http://smokey01.com/gjuhasz/Puli-7.2_Jan2020/.

Installation instructions and detailed description of the new version can be found at http://smokey01.com/gjuhasz/readme-720.html and on the first page of this forum thread.

The latest Pulis are mirrored and many external 32/64 bit packages are regularly updated in the shared folder structure at

https://sourceforge.net/projects/puppys ... iles/Puli/.

Changes include a more flexible postXload feature:

- postXload is configurable from the smartload files
- the .sfs packages can be postXloaded

The new version contains updated references and bug fixes, too.

See the first page of this thread for details of Puli features and usage.

You can track the evolution of the Puli versions by browsing this forum thread and/or by comparing the readme files at http://www.smokey01.com/gjuhasz.


Have fun!

Regards,

gjuhasz

[gjuhasz]

Dear Puli users,

A Puli specific OpenOffice-417_64hup.sfs is downloadable from:

https://sourceforge.net/projects/puppys ... /packages/

You can see the current version of other office suites there, too:

- LibreOffice-6.3.4_64hu.sfs
- softmaker18-973_64hup.sfs

Tested with Puli 7.2 but probably run with many other puplets.

Have fun!

Regards,

gjuhasz

[gjuhasz]

Dear Puli users,

I received a couple of questions in a PM:

(1) Is there any way to change the security profile without file-browsing into the USB-Stick?
(2) Can the security profile still be changed without restarting-x or rebooting?

I created a small pet package that swithces between different security profiles. Compatible with the latest 32-bit (v6.0.2) and 64-bit (v7.1 and v7.2) Pulis. See attached.

After installed, you will see three options in the right-click -> Setup menu:

- Switch to Mild
- Switch to Rigorous
- Switch to Crazy

Be careful: select the profile that best matches with the environment and the visited site(s).

Have fun!

Regards

[gjuhasz]

Based on the inspirations of Mike Walsh at

http://murga-linux.com/puppy/viewtopic.php?t=117835,

I played with Cliqz browser in Puli 7.2, and I really like it. Cliqz is nice and fast.

The "factory default" .deb file can be smartloaded and runs well without any hiccup.

Have fun!

Regards

gjuhasz

[gjuhasz]

Dear Puli users,

Good news: WebGL support returned in the new Chrome 80 version. Tested with Puli 7.2.
I expect that Iron, Slimjet and other Chromium based ones will be updated soon.
Smartload the officlal google-chrome-stable_current_amd64.deb file and visit http://madebyevan.com/webgl-water/

Please don't forget to configure your environment according to your best interest, i.e., what to share or report while browsing.

Have fun!

Regards,

gjuhasz