The Official Release of Lucid 5.25 (Lucid Five Twenty-Five)

A home for all kinds of Puppy related projects
Message
Author
nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#1121 Post by nooby »

At least one of us got totally fooled. I will not tell you whom though. Too embarrassing. :) I am a slacker but not so much into slackware
I use Google Search on Puppy Forum
not an ideal solution though

User avatar
rjbrewer
Posts: 4405
Joined: Tue 22 Jan 2008, 21:41
Location: merriam, kansas

#1122 Post by rjbrewer »

nooby wrote:At least one of us got totally fooled. I will not tell you whom though. Too embarrassing. :) I am a slacker but not so much into slackware
Nooby;

You haven't even started to "get" slack.

http://www.subgenius.com/

Inspiron 700m, Pent.M 1.6Ghz, 1Gb ram.
Msi Wind U100, N270 1.6>2.0Ghz, 1.5Gb ram.
Eeepc 8g 701, 900Mhz, 1Gb ram.
Full installs

RandSec
Posts: 82
Joined: Mon 10 Aug 2009, 18:33
Location: Austin, Texas
Contact:

#1123 Post by RandSec »

Sage wrote:
The firewall needs to be up by default before the first network transaction is allowed. (Originally, that would be me, RandSec.)
Not quite. Only if your machine(s) has/have already been cloned.
Those old network attacks were not simply a response to user error, but were actually able to reach in from the net and exploit issues that would otherwise have been hidden. At one time, the Microsoft Windows worms were a vast plague, which stopped dead with the release of XP SP2, where the firewall was enabled by default. Before that, the firewall had been available, just not enabled, and that made the difference.

The old tricks are being recycled all the time. And if somebody takes a particular dislike to Linux or Puppy for some reason, we could have problems. With modern malware techniques, it may be difficult for us to even see those problems. We depend upon the OS to report processes, files, and data content, but when malware runs it owns the OS, and lies to the user. (Malware LIES, imagine that! Now imagine it owning the OS.) Nowadays, in Microsoft Windows, it may not be possible to even see the malware files, or to see changes in those files, from within the owned machine. We want to avoid those games.
That is only likely if you've already done something stupid, eg like opening obviously bent emails from people you've never heard of, trying to buy V-i-a-g-r-a online (just when will the Yankies learn to institute a proper NHS service?!)or visiting porn sites (your wife knows about this?!). There are those around who are dumb enough to dual boot with other OS es.
Getting the user to open or even run a Trojan attachment is the way it used to be, and certainly is a continuing issue. On Windows, much of the recent problem has been .PDF attachment Trojans, but the attack of the day changes as any particular technique becomes ineffective. Recently, hundreds of thousands of otherwise ordinary web sites were subverted to take browsers to malware pages. Usually, the Firefox add-on NoScript offers good protection for this, but the OS is not much involved in that fight. One possible exception might be a recent trend toward exploiting Java, which is cross-platform and thus a significant risk even for Linux.

One of the larger lessons from malware in Microsoft Windows is that once infected, the OS needs to be re-installed. On a hard-drive system, infection changes boot and run-up data to restart the malware each time. So far, so good, since we might re-install just that. But when malware runs it contacts a botmaster who can do anything at all in the machine. Since it is not possible to know what the botmaster has changed, recovery in place simply cannot be guaranteed, and our old friend the OS is not what we knew before and cannot be trusted in any way. Thus, the motive for DVD booting, which essentially does re-install the OS on every session. But with modern malware we may not even know when we have been infected.

Anti-virus scanning for particular malware files is no longer effective for a range of reasons, but for one thing, modern malware can "encrypt" the infection files. Even if the infection-dropper is found, scanning will not be finding the real malware. When malware leaves something around for scanning to find, it has made a mistake. So, if we find anything at all, we need to re-install the OS. The real problem is that when done properly, we really do not have tools to show that a malware infection exists.

As an alternative to scanning, we can imagine checking each and every OS file for existence and correctness, necessarily from a different OS instance (since this one may have been subverted). By booting from CD, an appropriate program could check that every required OS file exists on the target drive, and that it produces the correct hash value. That would be just a first step, of course.
How many times? Buy a pair of caddies. HDs are cheap. One per user. If the other person screws up on their HD that's their problem. But, with Puppy, even that expedient is overkill - use one machine per person. People dispose of machines perfectly able to run Puppy. You don't need multi-cores, etc, etc. That's what this is all about. If you want bells, whistles and go-faster stripes you deserve all you get.
And stop bugging our clever developers to make this compact distro run the latest and greatest gadgets that don't even run on the supplied driver for you-know-who's OS.
I recommend each user have their own boot DVD+RW. That still does not get me out of maintaining each one in the house, and configuring for the wife.

Actually, it might be a REALLY GOOD IDEA to make some sort of translation interface that would allow drivers for Windows to be loaded and used efficiently in Puppy.
Last edited by RandSec on Fri 01 Apr 2011, 18:01, edited 1 time in total.

User avatar
rjbrewer
Posts: 4405
Joined: Tue 22 Jan 2008, 21:41
Location: merriam, kansas

#1124 Post by rjbrewer »

Sage wrote:
It's only happening on this Dell 700m; Luci-Lupu wifi are stable on
the PowerSpec pc.
et seq.

Not a new boy around here rj, so why are you still wasting your dosh on dodgy proprietary cr*p?! You know that Dellboy and his cohorts get up to all sorts of leverage trickery with their boxes to save a few cents and garner favour with the Beast of Redmond. Not enough proverbial six-year olds in your neighbourhood to build proper kit from eg NewEgg or Anand?

If you're stuck with junk HW, esp. if there are BIOS issues, you can try searching for the actual Chinese manufacturer of the board and flash to the generic BIOS. Works for me when I'm gifted with defective proprietary stuff.
???
What is all this blustery brewhaha?
The 700m is a laptop, not a pc.
It's an outstanding puppy machine.

Inspiron 700m, Pent.M 1.6Ghz, 1Gb ram.
Msi Wind U100, N270 1.6>2.0Ghz, 1.5Gb ram.
Eeepc 8g 701, 900Mhz, 1Gb ram.
Full installs

User avatar
playdayz
Posts: 3799
Joined: Fri 25 Apr 2008, 18:57

#1125 Post by playdayz »

Lucid Five Twenty-Five

A Five Digit Update from Lucid 5.2
The Ultimate Expression of the Lucid Vision

What we need is a quick sanity check. There are so few changes, just make sure it does the obvious, boots, installs, runs. Who's awake and online? Maybe we can have a release when the Aussies wake up!!!

In the first message. Thanks.

User avatar
James C
Posts: 6618
Joined: Thu 26 Mar 2009, 05:12
Location: Kentucky

#1126 Post by James C »

Barely awake...I'll see if I can get a download going...... :lol:

RandSec
Posts: 82
Joined: Mon 10 Aug 2009, 18:33
Location: Austin, Texas
Contact:

#1127 Post by RandSec »

01micko wrote:
nooby wrote: How can we duplicate that to USB for us that have no CD nor DVD player such as on Netbook Acer D250 10" sized mini laptops?

Why can not a usb be made safe that way? Or a frugal on the hdd install?
Well you can't really as the media is rw (though I guess with some clever code it could be done as rw :? ). However, if you can boot from an SD card they have the little switch on the side to make them read only (aka ro) . I read somewhere on the forum that this works as far as booting puppy and running in RAM, though this was awhile ago. I'm feeling a bit lazy so sorry no link! :P
I have installed to SD card many times. Ironically, it turns out that the little "switch" on a SD card is not really a switch after all, but just a plastic tab which the reader senses. That means we are not going to be changing that switch without removing the card, which is not allowed when we have booted from it.

I have also tried USB flash which has a write-protect switch. (In my case, the "Clip Flash Drive" from imation.) Changing that write-protect switch in place is tough, but possible. After that, the next problem is a need to be hyper-aware of exposure in the write-enabled state. Whereas the optical drive file system can be limited to updating only when the user commands, the flash drive is always enabled and frequently written automatically. So if the user goes one step too far, that cannot be reversed, and recovering security means starting from scratch.

The advantage of the DVD is to load the current system (which involves traversing multiple directories finding the latest file, and somehow learning to ignore those which have since been erased) into RAM. After that, the DVD drive stops and there is no activity. The DVD is not used in operation (unless commanded, of course). So if the DVD drive suddenly starts up and blinks, we have a clear indication of a problem.

In contrast, the USB flash always runs and often blinks. A malware attack in that environment is just one momentary blink among many. There is no clear indication of trouble, and of course no way to recover either.

I promote Puppy Linux LiveDVD to people worried about online banking and get a lot of negative feedback. For one thing, many machines no longer have DVD capability, so there are continued requests for a secure flash approach. Having tried this myself in several ways and reasoned it out, I currently recommend using an external DVD writer instead. Nobody likes that, but it is the best I can do with the Puppy we have.

User avatar
James C
Posts: 6618
Joined: Thu 26 Mar 2009, 05:12
Location: Kentucky

#1128 Post by James C »

playdayz wrote:Lucid Five Twenty-Five
What we need is a quick sanity check. There are so few changes, just make sure it does the obvious, boots, installs, runs..
Well, 525 boots,installs and runs on the old P3 test box. :)

Testing later,time for my breakfast........... :lol:

User avatar
tubeguy
Posts: 1320
Joined: Sat 29 Aug 2009, 01:04
Location: Park Ridge IL USA
Contact:

#1129 Post by tubeguy »

525 on Compaq Presario S4500NX
Athlon XP 3000+ @ 2GHz
1.5Gig ram

Frugal install to 20gig ext4

Only one thing, didn't connect to the internet straight away on first boot, got this error message when trying to download FF4 from Quickpet.

Otherwise OK, posting from FF4 now.
Attachments
noconnect600.jpg
(69.36 KiB) Downloaded 2876 times
[b]Tahr Pup 6 on desktop, Lucid 3HD on lappie[/b]

User avatar
rjbrewer
Posts: 4405
Joined: Tue 22 Jan 2008, 21:41
Location: merriam, kansas

#1130 Post by rjbrewer »

playdayz wrote:
What we need is a quick sanity check..
Did a quick sanitary check;

a spill in the 3rd floor stairwell,

janitor on his way to clean it up.

Is this version 04-01-2011?

Inspiron 700m, Pent.M 1.6Ghz, 1Gb ram.
Msi Wind U100, N270 1.6>2.0Ghz, 1.5Gb ram.
Eeepc 8g 701, 900Mhz, 1Gb ram.
Full installs

User avatar
James C
Posts: 6618
Joined: Thu 26 Mar 2009, 05:12
Location: Kentucky

#1131 Post by James C »

Internet was working here on initial boot...as was display and sound. Survived a reboot too. :lol:

User avatar
cowboy
Posts: 250
Joined: Thu 03 Feb 2011, 22:04
Location: North America; the Western Hemisphere; Yonder

lucid 5.2.5RC candidate initial

#1132 Post by cowboy »

downloaded and burned. Booted right to desktop, changed timezone and set numlock, rebooted to desktop. Created 256MB ext3 savefile on vfat USB stick and rebooted to desktop. Setup up internet through desktop "connect" button and used regular Network Wizard. Setup up WPA connection through my wireless USB WUSB54G Linksys through to router, a WRT54G linksys.

Clicked on Browser icon, then attempted to download Firefox 4. Had the same initial result as tubeguy above (though I've had this occur before). Clicked Firefox again, download started. Checked gmail, watched some youtube - John Cleese on "How to Irritate People."

Sound icon x-ed out in tray, but self-rights even on initial boot after about one minute and thirty seconds.

Looking good. Thinking of making a 525 "spirit tree" out of all the burned CD's in this release run.... :wink:
[i]"you fix what you can fix and you let the rest go.."[/i] - Cormac McCarthy - No Country For Old Men.

User avatar
playdayz
Posts: 3799
Joined: Fri 25 Apr 2008, 18:57

#1133 Post by playdayz »

Only one thing, didn't connect to the internet straight away on first boot, got this error message when trying to download FF4 from Quickpet.
Did it say it was connected (by icon in tray)? Was it wired or wireless connection?

nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#1134 Post by nooby »

Did a totally fresh frugal install and set it up exactly as luci-257 which have worked many many times without the nosmp which 256 and the other needed before

but lupu525 went instantly into kernel panic so rebooted with power button the only way to get out of it and wrote nosmp on the kernel line and it booted. Tested only to look at picture and to play a mp4 file which it did. All looked normal.

What could be changed that made it go into panic when 257 never did go into panic. is it totally random then or what?
I use Google Search on Puppy Forum
not an ideal solution though

User avatar
tubeguy
Posts: 1320
Joined: Sat 29 Aug 2009, 01:04
Location: Park Ridge IL USA
Contact:

#1135 Post by tubeguy »

playdayz wrote:
Only one thing, didn't connect to the internet straight away on first boot, got this error message when trying to download FF4 from Quickpet.
Did it say it was connected (by icon in tray)? Was it wired or wireless connection?
Wired connection. I ran the connection wizard, was fine then and also after reboot.
[b]Tahr Pup 6 on desktop, Lucid 3HD on lappie[/b]

scsijon
Posts: 1596
Joined: Thu 24 May 2007, 03:59
Location: the australian mallee
Contact:

#1136 Post by scsijon »

RandSec wrote: I have installed to SD card many times. Ironically, it turns out that the little "switch" on a SD card is not really a switch after all, but just a plastic tab which the reader senses. That means we are not going to be changing that switch without removing the card, which is not allowed when we have booted from it.

I have also tried USB flash which has a write-protect switch. (In my case, the "Clip Flash Drive" from imation.) Changing that write-protect switch in place is tough, but possible. After that, the next problem is a need to be hyper-aware of exposure in the write-enabled state. Whereas the optical drive file system can be limited to updating only when the user commands, the flash drive is always enabled and frequently written automatically. So if the user goes one step too far, that cannot be reversed, and recovering security means starting from scratch.

The advantage of the DVD is to load the current system (which involves traversing multiple directories finding the latest file, and somehow learning to ignore those which have since been erased) into RAM. After that, the DVD drive stops and there is no activity. The DVD is not used in operation (unless commanded, of course). So if the DVD drive suddenly starts up and blinks, we have a clear indication of a problem.

In contrast, the USB flash always runs and often blinks. A malware attack in that environment is just one momentary blink among many. There is no clear indication of trouble, and of course no way to recover either.

I promote Puppy Linux LiveDVD to people worried about online banking and get a lot of negative feedback. For one thing, many machines no longer have DVD capability, so there are continued requests for a secure flash approach. Having tried this myself in several ways and reasoned it out, I currently recommend using an external DVD writer instead. Nobody likes that, but it is the best I can do with the Puppy we have.
I am wondering if by using something like Gparted, you could recreate a SD Card into two partitions. Then you should be able to make one readonly be removing rights at the root.

just an idea

User avatar
James C
Posts: 6618
Joined: Thu 26 Mar 2009, 05:12
Location: Kentucky

#1137 Post by James C »

Manual upgrade of the frugal install on the main Linux box from 522 to 525 RC........... other than the icons, no problems at all.Everything still working optimally. :)

# glxgears
15609 frames in 5.0 seconds
19142 frames in 5.0 seconds
18256 frames in 5.0 seconds
18468 frames in 5.0 seconds
18078 frames in 5.0 seconds
17203 frames in 5.0 seconds
18498 frames in 5.0 seconds
16703 frames in 5.0 seconds
18509 frames in 5.0 seconds


-Computer-
Processor : AMD Athlon(tm) XP 2400+
Memory : 1034MB (189MB used)
Operating System : Puppy Linux 0.52
User Name : root (root)
Date/Time : Fri 01 Apr 2011 03:46:10 PM CDT
-Display-
Resolution : 1440x900 pixels
OpenGL Renderer : GeForce4 MX 440 with AGP8X/AGP/SSE/3DNOW!
X11 Vendor : The X.Org Foundation
-Multimedia-
Audio Adapter : VIA8233 - VIA 8235

User avatar
cowboy
Posts: 250
Joined: Thu 03 Feb 2011, 22:04
Location: North America; the Western Hemisphere; Yonder

#1138 Post by cowboy »

playdayz wrote: Was it wired or wireless connection?
Playdayz, just for fun, I did a fresh boot and setup with a hardwired connection between my eth1 (Realtek 8139) and my Linksys router. Setup firewall, then internet connection with the regular Network Wizard. Clicked on Browser, then Firefox 4, and the download began immediately. With wireless, I had the issue, with wired, no problem. Could it just be funkiness from the repository (ibiblio?) on the request for Firefox?
After setting up the hardwired connection, I pinged google with no problem, before clicking on the Browser setup icon. Might try the ping thing on a new wireless run through and see what happens, if you need that.
Last edited by cowboy on Fri 01 Apr 2011, 21:22, edited 1 time in total.
[i]"you fix what you can fix and you let the rest go.."[/i] - Cormac McCarthy - No Country For Old Men.

User avatar
abushcrafter
Posts: 1418
Joined: Fri 30 Oct 2009, 16:57
Location: England
Contact:

#1139 Post by abushcrafter »

Shouldn't Lucid Pup threads be in: http://www.murga-linux.com/puppy/index.php?f=43?
[url=http://www.adobe.com/flashplatform/]adobe flash is rubbish![/url]
My Quote:"Humans are stupid, though some are clever but stupid." http://www.dependent.de/media/audio/mp3/System_Syn_Heres_to_You.zip http://www.systemsyn.com/

RandSec
Posts: 82
Joined: Mon 10 Aug 2009, 18:33
Location: Austin, Texas
Contact:

#1140 Post by RandSec »

scsijon wrote:
I am wondering if by using something like Gparted, you could recreate a SD Card into two partitions. Then you should be able to make one readonly be removing rights at the root.

just an idea
When we learn about the OS, we learn about the OS the way it was designed, which is not how it is when malware has control. After malware finds a way in, we cannot know what to trust about the subverted OS, if anything at all. The OS permissions are interpreted by code the malware can control or replace. That is what it means to be "owned."

We can trust hardware not to be subverted, and we do have flash drives with write-enable switches, but that is not enough either. We need a way to allow the user to control normal OS writes to the flash drive, just like writes to the DVD can be controlled. We need to be able to remove the flash as soon as the OS has booted.

I think we could get a significant security advantage from having a flash-drive file system organized like the DVD file system: We could plug in the flash, boot from it, THEN REMOVE IT. Alternately, we immediately do browser updates, save them, and THEN remove the flash (before doing anything hinky). And if we do end up with a bad driver or even suspicious files, we can remove the last "n" directories, just like on the DVD. That gets us back to a previously working system. Easy enough to say, but work to do.

Post Reply