Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Sat 19 Apr 2014, 00:40
All times are UTC - 4
 Forum index » Advanced Topics » Puppy Derivatives
Lighthouse 64 5.14.2 Beta 4
Moderators: Flash, JohnMurga
Post new topic   Reply to topic View previous topic :: View next topic
Page 9 of 17 [255 Posts]   Goto page: Previous 1, 2, 3, ..., 7, 8, 9, 10, 11, ..., 15, 16, 17 Next
Author Message
meeki


Joined: 23 Jul 2012
Posts: 123
Location: Portland OR

PostPosted: Thu 02 Aug 2012, 23:18    Post subject:  

well ive put it through a few paces.

It does not like me to make linux ext2 - 4 drives unless I use the entire drive option.
"device-mapper: reload ioctl failed: No such file or directory
Command failed"
Back to top
View user's profile Send private message 
Anniekin


Joined: 24 Feb 2009
Posts: 186

PostPosted: Sun 05 Aug 2012, 00:19    Post subject:  

subcribing
Back to top
View user's profile Send private message 
Q5sys


Joined: 11 Dec 2008
Posts: 1046

PostPosted: Sun 05 Aug 2012, 21:41    Post subject:  

meeki wrote:
well ive put it through a few paces.

It does not like me to make linux ext2 - 4 drives unless I use the entire drive option.
"device-mapper: reload ioctl failed: No such file or directory
Command failed"


I got that message the first time I loaded it. After a reboot though it went away.

_________________



My PC is for sale
Back to top
View user's profile Send private message 
RandSec

Joined: 10 Aug 2009
Posts: 81
Location: Austin, Texas

PostPosted: Tue 07 Aug 2012, 17:26    Post subject: Some Issues
Subject description: Pburn does not erase DVD, LiveDVD backup text
 

Hi tazoc!

1. This is an issue I first noticed in 5.12: Pburn fails when commanded to erase a DVD. That means I have to boot a 32-bit Puppy just to erase discs. Here are the error log results from my earlier comment:

(first, selecting a complete blank)
Pburn version 3.3.4

###################################################
COMMAND:
###################################################

growisofs -use-the-force-luke=notray -Z sr0=/dev/zero

###################################################
OUTPUT:
###################################################
:-( "sr0=/dev/zero": unexpected errno:No such file or directory



(next, selecting a fast blank)
Pburn version 3.3.4

###################################################
COMMAND:
###################################################

dvd+rw-format -force sr0

###################################################
OUTPUT:
###################################################
* BD/DVD±RW/-RAM format utility by <appro@fy.chalmers.se>, version 7.1.
- usage: dvd+rw-format [-force[=full]] [-lead-out|-blank[=full]]
[-ssa[=none|default|max|XXXm]] /dev/dvd


2. I operate solely and completely as a LiveDVD. When it comes time to copy a disc (for other computers, or as a backup, or just to reduce the number of sessions which load upon startup) I am used to making another .ISO disc, and then doing a Save to that disc. That works, at least when the ISO is the same. So I am questioning the instruction text which says:

"Please insert the Lighthouse64 live-CD/DVD media that you booted from...."

It should say something like "For a new backup copy of the whole disc, insert a new bare ISO, or to save the current session, insert the Lighthouse64 boot disc."

On the other hand, it should be reasonably easy for the computer to check if the Lighthouse64 media is already there, or is a new ISO, which could avoid having the novice user try to do something when nothing is needed.

I love Lighthouse64, and hope it continues!
Back to top
View user's profile Send private message Visit poster's website 
Ted Dog


Joined: 13 Sep 2005
Posts: 2051
Location: Heart of Texas

PostPosted: Wed 08 Aug 2012, 23:28    Post subject:  

growisofs -use-the-force-luke=notray -Z /dev/sr0=/dev/zero

simple typo Sad
Back to top
View user's profile Send private message 
RandSec

Joined: 10 Aug 2009
Posts: 81
Location: Austin, Texas

PostPosted: Thu 09 Aug 2012, 10:05    Post subject: more issues
Subject description: saving Retrovol settings, updating DVD icon label, AbiWord import types
 

A few days ago our audio-visual Windows PC died in the middle of showing a DVD, apparently a motherboard fail. It was past time to move on anyway. So I have a new box and have been swapping things in and out to get our entertainment back up.

Eventually we will need to get Windows up so we can stream Netflix. But we should be able to play DVD''s with really good video and full surround sound on Linux, and I really, really want a DVD-load format. Lighthouse64 has been by far the best choice, but issues remain:

3. DVD-write Save does not retain Retrovol settings (identifying which channels are active in 5.1 surround is trickier than one might think, because the text labels are deceptive)

4. Switching the Lighthouse64 boot disc out, and a 32-bit Puppy in (to mount and then review the saved directories), confusingly did not change the label text on the desktop DVD icon

5. We need AbiWord to have the available file-import plug-in or import filter to access our old archived WordPerfect files (typically .WPD). What sense does it make, really, to leave any of the import filters out of an editor package?

There was something else which I will no doubt remember as soon as I send this off.
Back to top
View user's profile Send private message Visit poster's website 
tazoc


Joined: 11 Dec 2006
Posts: 1157
Location: Lower Columbia Basin WA US

PostPosted: Sat 11 Aug 2012, 17:30    Post subject: Re: Some Issues
Subject description: Pburn does not erase DVD, LiveDVD backup text
 

RandSec wrote:
###################################################
COMMAND:
###################################################

growisofs -use-the-force-luke=notray -Z sr0=/dev/zero

###################################################
OUTPUT:
###################################################
Sad "sr0=/dev/zero": unexpected errno:No such file or directory
Did Ted Dog's fix work there?
Quote:
(next, selecting a fast blank)
Pburn version 3.3.4

###################################################
COMMAND:
###################################################

dvd+rw-format -force sr0

###################################################
OUTPUT:
###################################################
* BD/DVD±RW/-RAM format utility by <appro@fy.chalmers.se>, version 7.1.
- usage: dvd+rw-format [-force[=full]] [-lead-out|-blank[=full]]
[-ssa[=none|default|max|XXXm]] /dev/dvd
I'm confused here, is that the command Pburn generated or your own? I just use what Pburn gives and usually do a full erase if I recall.
Quote:
2. I operate solely and completely as a LiveDVD. When it comes time to copy a disc (for other computers, or as a backup, or just to reduce the number of sessions which load upon startup) I am used to making another .ISO disc, and then doing a Save to that disc. That works, at least when the ISO is the same. So I am questioning the instruction text which says:

"Please insert the Lighthouse64 live-CD/DVD media that you booted from...."

It should say something like "For a new backup copy of the whole disc, insert a new bare ISO, or to save the current session, insert the Lighthouse64 boot disc."

On the other hand, it should be reasonably easy for the computer to check if the Lighthouse64 media is already there, or is a new ISO, which could avoid having the novice user try to do something when nothing is needed.
If I'm understanding this situation it is in Multi-Session DVD, the experimental mode and you're saving your current session. BarryK wrote that script, essentially I just changed Puppy to Lighthouse. It will prompt you for a blank disc when the first one is full. It also assumes that the disc may have been replaced during the session and doesn't attempt to mount the current disc until you confirm it is the correct one. It isn't designed, I think to do what you have in mind... Maybe someone else could help with a re-write and testing?
Quote:
3. DVD-write Save does not retain Retrovol settings (identifying which channels are active in 5.1 surround is trickier than one might think, because the text labels are deceptive)
Is that also true when saving the session at shutdown/reboot, or only from the Save icon on the desktop?
Quote:
4. Switching the Lighthouse64 boot disc out, and a 32-bit Puppy in (to mount and then review the saved directories), confusingly did not change the label text on the desktop DVD icon
Yes, I've seen that also and am working on a possible fix to clear the blkid cache /var/cache/blkid at X startup. I didn't want to scan the CD/DVDs for a new disc label more often because it makes the drives spin up annoyingly and slows pmount and the desktop down to a crawl.
Quote:
5. We need AbiWord to have the available file-import plug-in or import filter to access our old archived WordPerfect files (typically .WPD). What sense does it make, really, to leave any of the import filters out of an editor package?
I thought I grabbed everything from Abiword out of Fatdog64 521, but I'll keep that in mind the next go-around. I usually use LibreOffice instead of Abiword.
-TaZoC

_________________
lhpup.org Lighthouse 64 6.02
Back to top
View user's profile Send private message Visit poster's website 
tazoc


Joined: 11 Dec 2006
Posts: 1157
Location: Lower Columbia Basin WA US

PostPosted: Sat 11 Aug 2012, 17:39    Post subject: Flash update, mirror for lhpup.org  

Here is an update for Adobe Flashplayer:
http://www.lhpup.org/update/L64-514/Internet/Flash-11.2.202.236-x86_64.pet

Meeki has generously provided a mirror for the Lighthouse web site, for if and when lhpup.org is unavailable.

http://lhpup.puppytune.org

Thank you Meeki! Very Happy

-TaZoC

_________________
lhpup.org Lighthouse 64 6.02
Back to top
View user's profile Send private message Visit poster's website 
RandSec

Joined: 10 Aug 2009
Posts: 81
Location: Austin, Texas

PostPosted: Sat 11 Aug 2012, 21:38    Post subject: Re: Some Issues
Subject description: Pburn does not erase DVD, LiveDVD backup text
 

tazoc wrote:
I'm confused here, is that the command Pburn generated or your own? I just use what Pburn gives and usually do a full erase if I recall.

What you see is what I see, so I was as confused as you. This is the log referenced by Pburn when it returns fail. I assume that Pburn functions by generating commands which are then executed, and when they fail, error messages are logged. Are you saying that when you try to erase a DVD-RW or DVD+RW on your system, failure does not happen?

tazoc wrote:
If I'm understanding this situation it is in Multi-Session DVD, the experimental mode and you're saving your current session.

I have been using multisession mode EXCLUSIVELY for several years, across a range of Puppies. In my experience, the multisession DVD is unique among "LiveDVD" distributions and supports user updates whereas most other LiveDVD distros need the user to download a new .ISO version.

I suppose anything can be "experimental" if someone calls it so, but it seems more likely that, once having written "experimental" in the text, the text remains while the feature soldiers on. Calling any feature "experimental" for years on end seems more than a little contradictory.

tazoc wrote:
BarryK wrote that script, essentially I just changed Puppy to Lighthouse. It will prompt you for a blank disc when the first one is full. It also assumes that the disc may have been replaced during the session and doesn't attempt to mount the current disc until you confirm it is the correct one. It isn't designed, I think to do what you have in mind... Maybe someone else could help with a re-write and testing?

Surely you are in a better position than myself to know what the original purpose of the design might have been. However, I can say how it does operate, and thus wish that the associated text was updated to make it less confusing for the user.

In general, it will be important for the multisession user to make system copies. These are needed for backups, as copies for other users, and for maintenance, to compress an array of sessions into one. In general, this is done by creating a new .ISO disc, and then doing a Save onto that disc. While I do not know the limits of this (e.g., will it work with an updated .ISO?), I do know this to be very important for actual LiveDVD use.

tazoc wrote:
RandSec wrote:
3. DVD-write Save does not retain Retrovol settings (identifying which channels are active in 5.1 surround is trickier than one might think, because the text labels are deceptive)
Is that also true when saving the session at shutdown/reboot, or only from the Save icon on the desktop?

I cannot know, because I do not have a hard drive in my Puppy systems. Only in this way can I have a virtual guarantee against malware infection.

I never do anything other than Save from the desktop (except for the first session, where there is no Save icon), because I have experienced too many disastrous failures when saving at shutdown. The DVD save process occasionally fails, and then the system exits and powers off, despite the data having not saved. When I first started with Puppy, this Save failure was extremely irritating and very discouraging.

The actual problem is not in having an "experimental" system, but instead the nature of optical storage, which does not, and almost cannot, have the read-after-write checks of magnetic drives. A sector in a hard drive can be automatically swapped for another without significant intrusion, but a DVD session write must be repeated completely, which cannot be automatic within the drive without massive drive RAM.

I have learned through hard experience to Save from the desktop when needed, AND to then mount the resulting DVD and look at the directory structure. Usually, the recent Save is apparent, but if not, I Save again. So far, that has always worked, but even if not, it is far, far better to have the system remain up than simply turn off. It is possible to Save the same session multiple times at modest DVD space cost, and with minimal load time effect.

tazoc wrote:
RandSec wrote:
4. Switching the Lighthouse64 boot disc out, and a 32-bit Puppy in (to mount and then review the saved directories), confusingly did not change the label text on the desktop DVD icon
Yes, I've seen that also and am working on a possible fix to clear the blkid cache /var/cache/blkid at X startup. I didn't want to scan the CD/DVDs for a new disc label more often because it makes the drives spin up annoyingly and slows pmount and the desktop down to a crawl.

Surely there must already be something which reads the label and saves it somewhere so it can be displayed upon X restarts, or maybe just re-reads each label upon X restart. Every distro must solve that somehow.

tazoc wrote:
RandSec wrote:
5. We need AbiWord to have the available file-import plug-in or import filter to access our old archived WordPerfect files (typically .WPD). What sense does it make, really, to leave any of the import filters out of an editor package?
I thought I grabbed everything from Abiword out of Fatdog64 521, but I'll keep that in mind the next go-around. I usually use LibreOffice instead of Abiword.
-TaZoC

Fatdog64 may not have all the import filters. Normally, we do not use Abiword, but want it available to access our archived work, and so want the minimum footprint on the DVD (well, compared to LibreOffice). I think this was one of the reasons the wife moved back to 5.2.5 from Lighthouse64, so it is at least that real. I cannot remember if we tried to import .WPD's in LibreOffice or not.
Back to top
View user's profile Send private message Visit poster's website 
Q5sys


Joined: 11 Dec 2008
Posts: 1046

PostPosted: Sun 12 Aug 2012, 23:03    Post subject: Re: Some Issues
Subject description: Pburn does not erase DVD, LiveDVD backup text
 

RandSec
Is there any reason you are opting to go with DVD media over another form of removable media?
I dont get what security benefit you are getting against 'malware' using a dvd. If you are burning save sessions to a new DVD, then you're not using a read only system... so you are still open to infections.

Is there any benefit you are gaining? Because it seems like you are dealing with a ton of headaches because of it.

_________________



My PC is for sale
Back to top
View user's profile Send private message 
RandSec

Joined: 10 Aug 2009
Posts: 81
Location: Austin, Texas

PostPosted: Mon 13 Aug 2012, 11:01    Post subject: Re: Some Issues
Subject description: Pburn does not erase DVD, LiveDVD backup text
 

Q5sys wrote:
RandSec
Is there any reason you are opting to go with DVD media over another form of removable media?

I think so, yes.

It may or may not help to give some of my background, and there is a lot on my site:

http://www.ciphersbyritter.com

I am basically retired, but even 10 years ago I was C programming as a consultant on embedded systems. For the past couple of decades I have been concentrating on security, first cryptography, and now malware. See my various malware articles at:

http://www.ciphersbyritter.com/COMPSEC/COMPSEC.HTM

Recently I have tried to advise the US Government on Bots:

http://www.nist.gov/itl/upload/Ritter_ADVISING-THE-GOVERNMENT-ON-BOTS.pdf

so basically I have some background in this area.

With respect to vulnerable store, the issue is less one of "removable" than it is "writable." Both hard drives and USB flash drives are instantaneously writable. Even in Puppy, these systems involve constant interaction with non-volatile store. In particular, it is common in these systems to access and rewrite disk "sectors," which are tiny fragments of files. These are easily read, modified for infection, and written, all in a fraction of a second. The infection process thus is just one more tiny flash of the activity LED among millions. The failure of indication is the failure of the last line of defense, because there are no tools which guarantee to find a hiding malware infection. Absent non-existent OS support, identifying all code which does bad things is theoretically impossible.

In contrast, a Puppy DVD-load system runs in RAM and DOES NOT ACCESS THE DVD in normal operation. Any malware actions to write the DVD thus become apparent and revealed simply by DVD activity. Since there are no DVD "sectors," infection apparently requires a very substantial effort to create a new DVD "session" (a new directory) on the DVD. And even malware cannot write to a DVD which is not in the slot.

Q5sys wrote:
I dont get what security benefit you are getting against 'malware' using a dvd. If you are burning save sessions to a new DVD, then you're not using a read only system... so you are still open to infections.

I guess I would say the difference is that your model of "read-only" vs. "writable" is too simple to capture the reality of the situation. This is, of course, similar to the model of the file system being protected by permission bits, when malware interprets those bits. It is also similar to the model of running as root, when the system is for just a single user anyway. The simple models often are imperfect substitutes for deeper understanding, and we often need to get beyond them.

There is, and can be, no perfect security. All security comparisons are necessarily relative. The usual disk-install Puppy system has a continuous interaction with the hard drive (or USB flash), with continued drive activity flashes, just like Microsoft Windows, and is similarly vulnerable. Malware infection of an intensely-used and easily-writable drive is just one tiny blip among many, which is no indication at all. In contrast, a Puppy DVD-load system has a quiet and dark DVD writer; attempted malware infection lights up what should be dark and so is obvious.

On the other hand, if Puppy would treat a USB flash drive similar to the way it treats a DVD, then we would have something! It would be a much faster load, and THEN WE WOULD REMOVE THE USB! I particularly would appreciate the DVD Save ability to keep multiple versions of files (in different directories), allowing one to go back to earlier article versions. That is what we could have, but it is not what we do have. We are necessarily forced to deal with what we have.

Q5sys wrote:
Is there any benefit you are gaining? Because it seems like you are dealing with a ton of headaches because of it.

First of all, I am unsure about this "ton of headaches" meme with respect to DVD-load operation. That certainly was true when I first started with Puppy, now several years ago, and it was very frustrating until I understood some of the problems and found solutions. Fortunately, all operations necessary to make DVD-load a practical mode are in fact available. These are not hard, or "headaches," just hidden. I use it all day, every day.

The benefit is to (*almost* absolutely) prevent infection, which simply cannot be done otherwise in current systems. Even Microsoft Windows 8, which supports or demands UEFI, seems unlikely to address the real problem. A correct response does not need signing or cryptography. The problem is that the current concept of "disk drive" does not include a protected area for the OS, which means that anything which can write to the disk (having first "owned" the OS), at least potentially can infect ALL FUTURE SESSIONS. We seek to prevent this *infection*.

It is important to distinguish *infection* from malware execution: Malware can *run* whenever it somehow gets through the "front end" protections, like router firewall, software firewall, browser, browser security add-on's, etc., or trojan email attachments, or infected USB flash, etc. Because the Web and our equipment was not designed to prevent malware from running, it may run, even in Linux. But "running" is not "infection."

*Infection* is whatever process brings the malware back for session after session. In Microsoft Windows systems, which are universally hard-drive based, malware adds or modifies something on the drive. A decade ago and more, malware would just drop some new files into the startup folder. Nowadays, malware may modify actual machine code in existing files, and then prevent normal file commands from seeing changes. In any case, something changes in start-up storage which somehow starts the malware.

The chances of running into malware in a normal browsing session, at least when actively avoiding danger, are small. The reason malware is an increasing problem is the *infection*, not the malware per se. If *infection* can be defeated, we can change malware from running during each full future session, to just the remaining session from the first encounter.

Puppy has an important and unique, yet unappreciated, facility. Merely by doing a DVD re-boot before online banking (or online investment, or online purchasing), any running malware can be ended. That is not the case for any hard-drive system.

And while many other "LiveDVD" systems exist, the ability to load the complete system into RAM, and thus remove the DVD and along with it even a slight DVD vulnerability, is rare.

But the really unique part is that DVD-load Puppy can do security updates to the existing programs without waiting perhaps months for somebody else. This is different from a hard-drive or USB update in that, if we do a reboot immediately before updating online and then a Save, we are quite unlikely to have malware running. We have no such assurance with a hard drive or USB flash system.
Back to top
View user's profile Send private message Visit poster's website 
tazoc


Joined: 11 Dec 2006
Posts: 1157
Location: Lower Columbia Basin WA US

PostPosted: Mon 13 Aug 2012, 19:00    Post subject: Re: Pburn does not erase DVD  

RandSec wrote:
What you see is what I see, so I was as confused as you. This is the log referenced by Pburn when it returns fail. I assume that Pburn functions by generating commands which are then executed, and when they fail, error messages are logged. Are you saying that when you try to erase a DVD-RW or DVD+RW on your system, failure does not happen?
Yes, although as Ted Dog noted earlier your drive needs to identified as /dev/sr0. This can be set up in Pburn -> File -> Preferences -> Burner device. Then click on your preferred burner and the corresponding device should appear in the entry box 'Burner device:'
Code:
/dev/sr0
In my case I'm using the second burner, which on my system is /dev/sr1. I did a 'Fast blank' on a DVD+RW, though it still took a while:
Code:
Pburn version 3.3.4

###################################################
   COMMAND:
###################################################

dvd+rw-format -force /dev/sr1

###################################################
   OUTPUT:
###################################################
* BD/DVD±RW/-RAM format utility by <appro@fy.chalmers.se>, version 7.1.
* 4.7GB DVD+RW media detected.
* formatting .0.0%|/-\|/-\|/-\|/-\|0.0%/-\|/-\|/-\0.2%0.1%0.2%0.2%|/-0.0%\|/ etc...
The blank was successful.

-TaZoC

_________________
lhpup.org Lighthouse 64 6.02
Back to top
View user's profile Send private message Visit poster's website 
Q5sys


Joined: 11 Dec 2008
Posts: 1046

PostPosted: Mon 13 Aug 2012, 22:03    Post subject: Re: Some Issues
Subject description: Pburn does not erase DVD, LiveDVD backup text
 

RandSec wrote:
It may or may not help to give some of my background, and there is a lot on my site:

To be honest, its not important to me but always nice to know where someone is coming from. For me the merit's of the argument alone should be sufficient to decide whether the person is worth listening to or not. Smile As a person in the security field myself I'm always interested in the ideas and perceptions of others.

RandSec wrote:
With respect to vulnerable store, the issue is less one of "removable" than it is "writable." Both hard drives and USB flash drives are instantaneously writable. Even in Puppy, these systems involve constant interaction with non-volatile store. In particular, it is common in these systems to access and rewrite disk "sectors," which are tiny fragments of files. These are easily read, modified for infection, and written, all in a fraction of a second. The infection process thus is just one more tiny flash of the activity LED among millions. The failure of indication is the failure of the last line of defense, because there are no tools which guarantee to find a hiding malware infection. Absent non-existent OS support, identifying all code which does bad things is theoretically impossible.

But you can have non writable USB media. I can think of two examples off the top of my head. 1st is using a SD card with a USB adapter. Load your system onto it, slide the lock down to read only, and make sure your hardware supports read only (since its dependant on the host receiver) and there you are. That's what I do on my ASUS netbook that I can boot off a SD card. The card is set to read only, so the system cant write to it.
2nd option is to get a USB with a physical read-only switch on it. I have a few of the Kanguru flashblu drives which have this. Its great, and it is hardware based so its totally OS independant. It's actually what I have my old LHP 4.43 install on.
Both of these can be set to read only, thus eliminating the possibility of the host OS writing to them. If the tinfoil brigade is still after you, you CAN remove the drive from the system once its up and running as long as you are running a frugal install and choose to load EVERYTHING into ram (including your safe file)


RandSec wrote:
There is, and can be, no perfect security. All security comparisons are necessarily relative. The usual disk-install Puppy system has a continuous interaction with the hard drive (or USB flash), with continued drive activity flashes, just like Microsoft Windows, and is similarly vulnerable.

Agreed perfect security is not possible. But you can manage your risk. Which is exactly why I ONLY use frugal installs on removable media.

RandSec wrote:
On the other hand, if Puppy would treat a USB flash drive similar to the way it treats a DVD, then we would have something! It would be a much faster load, and THEN WE WOULD REMOVE THE USB! I particularly would appreciate the DVD Save ability to keep multiple versions of files (in different directories), allowing one to go back to earlier article versions. That is what we could have, but it is not what we do have. We are necessarily forced to deal with what we have.

As I stated above actually you can remove the USB after you boot the system if you have a frugal install. You choose to load everything to ram and then once its loaded you remove the drive. I've done it many times. Sure you get nice pretty RED errors when it tries to save every 30 minutes, but the system still runs.


RandSec wrote:
Q5sys wrote:
Is there any benefit you are gaining? Because it seems like you are dealing with a ton of headaches because of it.


First of all, I am unsure about this "ton of headaches" meme with respect to DVD-load operation. That certainly was true when I first started with Puppy, now several years ago, and it was very frustrating until I understood some of the problems and found solutions. Fortunately, all operations necessary to make DVD-load a practical mode are in fact available. These are not hard, or "headaches," just hidden. I use it all day, every day.

Well personally I'd call it a 'Cliche' rather than a 'meme' but thats neither here nor there isnt it. Wink Actually the headache I was referring to is your problem getting the burning process to work properly. Using removable media like I explained above would negate all of these problems.

RandSec wrote:
Puppy has an important and unique, yet unappreciated, facility. Merely by doing a DVD re-boot before online banking (or online investment, or online purchasing), any running malware can be ended. That is not the case for any hard-drive system.

And while many other "LiveDVD" systems exist, the ability to load the complete system into RAM, and thus remove the DVD and along with it even a slight DVD vulnerability, is rare.

But the really unique part is that DVD-load Puppy can do security updates to the existing programs without waiting perhaps months for somebody else. This is different from a hard-drive or USB update in that, if we do a reboot immediately before updating online and then a Save, we are quite unlikely to have malware running. We have no such assurance with a hard drive or USB flash system.

Puppy's ability to run in ram, as well as saving every bit of information into a single save file is why I came to puppy in the first place. For me it was because of the forensic benefit of it. I can use a live system that allows me to keep changes, yet if needed I can issue one command which will wipe all settings and everything in the safe file, and then nuke the system so it has to be rebooted.

Have you ever looked into Liberte linux or TAILS?
You may get some really neat ideas from those two distros.

_________________



My PC is for sale
Back to top
View user's profile Send private message 
RandSec

Joined: 10 Aug 2009
Posts: 81
Location: Austin, Texas

PostPosted: Tue 14 Aug 2012, 10:07    Post subject: Re: Some Issues
Subject description: Pburn does not erase DVD, LiveDVD backup text
 

Q5sys wrote:
For me the merit's of the argument alone should be sufficient to decide whether the person is worth listening to or not.

I agree, and am willing to be judged at that level. There is, however, a deeper level: One may not even have to make the argument. The facts are what they are, and do not need my gloss on reality to rear their ugly heads. Anyone who addresses security in detail must encounter the same issues.

Q5sys wrote:
RandSec wrote:
With respect to vulnerable store, the issue is less one of "removable" than it is "writable." Both hard drives and USB flash drives are instantaneously writable.

But you can have non writable USB media.

I indeed do have both a USB flash with write-enable switch, and a USB card reader which I use with SD cards which have "switches." Neither is satisfactory for malware security.

Q5sys wrote:
I can think of two examples off the top of my head. 1st is using a SD card with a USB adapter. Load your system onto it, slide the lock down to read only, and make sure your hardware supports read only (since its dependant on the host receiver) and there you are. That's what I do on my ASUS netbook that I can boot off a SD card. The card is set to read only, so the system cant write to it.

While that may be true on your hardware, there is no such guarantee. The SD card write-enable "switch" is in fact just a plastic tab which is read by the reader. The effects of "write-enable" thus depend on the particular reader. Somewhere in discussions on the

http://krebsonsecurity.com/

site, one reader reported that while the OS appeared to respect the "write-enable" switch, *applications* were able to write the card anyway. Which of course means that malware could be expected to have similar or greater powers.

As bad as that is, it really is not the killer issue, which I expect to get to next.

Q5sys wrote:
2nd option is to get a USB with a physical read-only switch on it. I have a few of the Kanguru flashblu drives which have this. Its great, and it is hardware based so its totally OS independant. It's actually what I have my old LHP 4.43 install on.
Both of these can be set to read only, thus eliminating the possibility of the host OS writing to them. If the tinfoil brigade is still after you, you CAN remove the drive from the system once its up and running as long as you are running a frugal install and choose to load EVERYTHING into ram (including your safe file)

It seems to me that Puppy actually does insist that a flash boot-drive NOT BE REMOVED. (This would be a case of, as TaZoC would say: "It isn't designed, I think to do what you have in mind...") For the case where we boot from a flash drive which really is write-disabled, we CAN, nevertheless, expect to remove the drive without file structure damage, and I have in fact done this. So far so good, but that also means there is no saving to the Puppy save file, and no updates.

The reason we demand a boot flash write-enable is to handle the case of malware having entered during the session and running in memory. We have no particular reason to imagine that we could detect such a thing. So the problem is that we wish to protect our secure non-volatile store from infection. We do that with a write-enable switch. But as soon as we flip that switch for whatever reason, all our security bets are off.

As soon as we flip the write-enable switch, the flash drive becomes a hard drive equivalent, and can be infected just like a hard drive. Amidst thousands of tiny data-write LED flashes, there is no way to distinguish a few malware infection operations. Nor is there anything about the resulting data which necessarily imply infection. We do not collect a list of changes made to storage, but only the results, and malware hides amidst a deluge of insignificant change.

In contrast, a DVD update "session" appears as a separate directory, and all changes are distinguished and encapsulated there. Any malware infection will be there, and that session can be invalidated.

Q5sys wrote:
Agreed perfect security is not possible. But you can manage your risk. Which is exactly why I ONLY use frugal installs on removable media.

But that only works if you never flip the write-enable.

Q5sys wrote:
As I stated above actually you can remove the USB after you boot the system if you have a frugal install. You choose to load everything to ram and then once its loaded you remove the drive. I've done it many times. Sure you get nice pretty RED errors when it tries to save every 30 minutes, but the system still runs.

Just do not flip the write-enable.

Q5sys wrote:
Actually the headache I was referring to is your problem getting the burning process to work properly. Using removable media like I explained above would negate all of these problems.

The "burning process" works the way one should expect from the physical characteristics of a single helical track versus storage sectors. The "problem" is that our expectations are set by random-access drives which are inherently vulnerable to instantaneous and hidden malware changes. The problem I reported with erasing a DVD in Lighthouse64 does not exist in the 32-bit Puppies, where Pburn "just works." My contribution was to report a bug.

Q5sys wrote:
Puppy's ability to run in ram, as well as saving every bit of information into a single save file is why I came to puppy in the first place. For me it was because of the forensic benefit of it. I can use a live system that allows me to keep changes, yet if needed I can issue one command which will wipe all settings and everything in the safe file, and then nuke the system so it has to be rebooted.

It seems to me that "keeping changes" really means "possibly keeping malware." Nothing which executes, or is even potentially executable, can be saved with security, if malware is active. And there is no way to know when malware is active, *unless* one has just done a reboot from non-writable (or difficult-write) store, with simple program updates from trusted sources. A Puppy save file would seem to have limited application in that context.

I worked hard trying to make Puppy on flash acceptable. I installed it and had it running multiple times. I tried various form of write-enable, and investigated their issues. I understand very well that someone might prefer the speed and convenience of a flash. In the end, though, I had to give it up, because I prize security more.

It seems to me that once we get past issues of speed and size, the supposed advantage is an assumed ability to erase the flash. That was possible with old-style flash controllers which did not have to balance usage for multi-level analog storage. Yes, flashies can seem to be erased, but internally the information may not be, and it may be recoverable. So erasing a flash may not be as good as it sounds. At least one can break a DVD.
Back to top
View user's profile Send private message Visit poster's website 
gcmartin

Joined: 14 Oct 2005
Posts: 3630
Location: Earth

PostPosted: Tue 14 Aug 2012, 13:15    Post subject: Viruses  

I respect all that each has reported on viruses, here. But this is about LH64 versus in-depth virus discussion. And, thus far, I am not aware of any reports where LH64 has been influenced by malware (although I am aware that just because it hasn't been reported does not mean that its presence doesn't exist.)

That being said. I will make a one-time weigh-in (and then weigh-out) on this virus subject in LH64.

Hope the link is met with understanding. And, it offers a wider appeal to getting answers-views at that thread than we would get here on this thread.

Here to help

_________________
Get ACTIVE Create Circles; Do those good things which benefit people's needs!
We are all related ... Its time to show that we know this!
3 Different Puppy Search Engine or use DogPile
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 9 of 17 [255 Posts]   Goto page: Previous 1, 2, 3, ..., 7, 8, 9, 10, 11, ..., 15, 16, 17 Next
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Advanced Topics » Puppy Derivatives
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.1893s ][ Queries: 13 (0.0077s) ][ GZIP on ]