Why is this strange IP address in Network connections?

[anikin]

Can we get proactive and expedite the process a little bit?

Currently, Woof uses the following donor distros to produce Pups: Debian/Ubuntu, Slackware and Arch Linux. We can ourselves, or through external assistance determine if any, or all of the named distros have the contentious "feature." If they do have it, we can have it too. If they don't, accordingly, Puppy will comply with the standards of the donor distros. Provided, of course, that standards is any guidance for the community. Users, in any case expect to have at least some of them implemented in Puppy. The reputation of the above distros and professional expertise of their developers, to the best of my knowledge, are indisputable.

With regard to the questions outlined in the above post:
a)
b)
as they are formulated have not even been raised in the discussion and are of no relevance.

The question is much simpler - the named scripts, that comprise the "feature" - are they of any usefulness, do they work in the best interest of the user, do they come close to, or cross moral/ethical lines. In any case, outside experts should be given a link to this thread, so that, they fully understand the issue.

And a technical question about firewall state:
Can we just manually replace the old binary with this new one and leave the old startup scripts in place?
Or, does the source need to be hacked again by Micko to accommodate pre Woof CE Pupps?
The icons are in the source - I saw them. If I knew, I could have manually added them to the pet - note taken.

[mavrothal]

With regard to the questions outlined in the above post:
a)
b)
as they are formulated have not even been raised in the discussion and are of no relevance.

Security, privacy and undisclosed usage are in the core of the issue.
Unless if by "no relevance" you mean that neither security nor privacy is affected and no undisclosed usage may be suggested.

The question is much simpler - the named scripts, that comprise the "feature" - are they of any usefulness, do they work in the best interest of the user, do they come close to, or cross moral/ethical lines.

But these are matters of opinion. There will always be people that find them useful or useless. Best interest the same. And moral lines are relevant to undisclosed usage. If privacy and security is not affected and any undisclosed usage can not be identified, no matter what someones says will always be differences in opinion. Will be like arguing if the pizza sauce should have oregano or not.

Can we just manually replace the old binary with this new one and leave the old startup scripts in place?

If you also provide the icons in the right path, yes.

[Atle]

Mavrothal

Just so we got all the facts omboard, think this first sentence is missing something important.

You say:

"As I understand an outside linux expert has been contacted to evaluate if 3 scripts by BK, tazmod and radky querying icanhazip.com for the external IP of the puppy and another one by BK ping'ing google to see if the network is working,"

Lets not forget there is also some confusion in the first page of this thread about Nugget Enterprises, San Antonio, Texas.

So the list is

icanhazip
google
Nugget Enterprises

Am i right? Are there anymore?

[mavrothal]

Lets not forget there is also some confusion in the first page of this thread about Nugget Enterprises, San Antonio, Texas.

I thought that this was cleared previously, (Nugget Enterprises is the host of icanhazip.com) but please feel free to include it.

[01micko]

Major Hayden got a bit peeved



It's a bit old but really. shows the bloke is human. I have recently contacted him on twitter and indeed Nugget is his host in San Antonio, TX.

Here is the exchange. (Excuse my stupidity saying "ISP" instead of "host").

[anikin]

Major Hayden got a bit peeved

It's a bit old but really. shows the bloke is human. I have recently contacted him on twitter and indeed Nugget is his host in San Antonio, TX.
Here is the exchange. (Excuse my stupidity saying "ISP" instead of "host").

... Deep sigh ...

Here we come again.
Let's not discuss the issue at hand.
Let's talk about what's peripheral to it.
Here's a fat, red herring for you - major hayden.

How creative of you ...

[mavrothal]

Let's not discuss the issue at hand.

After 11 pages there is little left to discuss I would think.
Let's wait for Atle's expert review and provide him/her with any info that (s)he may find relevant either way.

[Atle]

This expert view can only be there if I can get a grip on the actual facts and its hard to get them as I am confused on this issue as for now...

this is why i ask for a clarification on what is what...

I feel the entire thing is a bit confusing and unclear.

[jamesbond]

jamesbond, mavrothal.. (+ others knowledgeable in networking). What are your thoughts on this from a technical and moral perspective (moral as in from the user and the host, [eg a.root-servers.net] perspective) for use as a basic connectivity check ??

There are a lot of things we can check when it comes to basic connectivity. We can check whether a network interface has an IP address. We can check whether the machine has a default gateway. We can check whether the machine knows of a good nameserver assigned to it. All these can be checked, and all these checks are local - no connection to the outside world is needed.

But if you want to know whether you have connectivity to the Internet, all these are *not enough*. You need to "connect" ("ping" or "wget") to a known end-point (=server) in the Internet; there is *no avoiding it*. It is *not* enough to ping the default gateway; it is *not* enough to ping the available nameserver. Both of these are unreliable tests because these endpoints are still within your machine/network or ISP's network - thus what you're testing is your connectivity to your own or at best ISP's network.

The only sure way to test for connection to "the cloud" is by contacting something which is absolutely known to live in "the cloud".

It is similar on how you test Skype installation/connection. Sure, you can test whether you microphone, speaker, or webcam works; this can be done locally without contacting anyone. But all these don't guarantee that you can make or receive calls. The *ultimate* test is to call the "Echo" Skype number - you connect to a well-known Skype server that will pick-your call, and records your voice and replays it back for you.

From privacy point of view - there is not much difference between using "ping" or "wget" to test connectivity - they both leak about the same amount of information. "ping" is probably a better to use because many endpoints have it enabled automatically; while for "wget" to be successful the endpoint must knowingly runs HTTP service; plus its overhead is smaller than wget (layer 3 operation vs layer 7 operation).

A ping or two to test connectivity when you're running network-setup wizard won't load an endpoint at all - so it's of no consequence.

The choice of the endpoint to use for testing is arbitrary (although some endpoints are more unpopular than others - as this thread obviously exhibits ); the main criteria being reliability (same IP address all the time; always on); so your choice of the root nameserver is wise. Of course, one can still debate that root nameservers are controlled by ICANN and ICANN is an American company and thus is beholden to the NSA ... but if we follow this kind of thinking till the very end then perhaps we all should disconnect the wire (or roll out our own Internet).

[anikin]

@Atle,
Just give them download links to any recent, pre-woof ce pups. Slacko, Precise, Upups, Dpups. Send them links to this and other threads. The experts don't need to have your opinion - they will make their own, based on test runs and reading this and other threads.

@Jamesbond,
I understand the technical side of what your're saying. However, I need to grasp the following: as my ISP's customer, I take it for granted, that I have fully paid for my internet connectivity. I don't need to worry about technical nuances. I can connect to anything - Skype, cloud, icanhazip and Google - no issues whatsoever. The connection is flawless, be it Windows, Mac or Linux. I pay them - they do the pinging. I will cautiously presume, that your explanation is about "professional" connectivity - ISPs, businesses, corporations. More importantly, your opinion will not be used to justify any questionable decisions.

[mavrothal]

@Atle,
Just give them download links to any recent, pre-woof ce pups. Slacko, Precise, Upups, Dpups. Send them links to this and other threads. The experts don't need to have your opinion - they will make their own, based on test runs and reading this and other threads.

Well said.
(I thought that this expert is identified, contacted and agreed to review. Isn't it the case? ?)

[jamesbond]

@anikin:
My write-up is a public response to Mick's public call for comment.

I understand the technical side of what your're saying. However, I need to grasp the following: as my ISP's customer, I take it for granted, that I have fully paid for my internet connectivity. I don't need to worry about technical nuances. I can connect to anything - Skype, cloud, icanhazip and Google - no issues whatsoever. The connection is flawless, be it Windows, Mac or Linux. I pay them - they do the pinging.

My write-up is not for arguing the need (or the lack thereof) for "checking internet connectivity". It is a statement of fact of what needs to be done *if you want to perform such checks* (that's what Mick asked).

More importantly, your opinion will not be used to justify any questionable decisions.

Most of the write-up are facts, they are not opinions. The only opinions there are:

A ping or two to test connectivity when you're running network-setup wizard won't load an endpoint at all - so it's of no consequence.

and

but if we follow this kind of thinking till the very end then perhaps we all should disconnect the wire (or roll out our own Internet).

In any case, please feel free to interpret them as you wish. Just remember that others may have a different interpretation than yours.

[anikin]

Most of the write-up are facts, they are not opinions. The only opinions there are:

I should have used a better word. The one I meant - "authority", by which I mean your explanations of various computing/technical aspects, like PAE, etc, etc., which everyone, myself included, take as gospel. A few posts back, I made a comment about having a look at donor distros, can you share your opinion on that one? Is that an acceptable approach?

[jamesbond]

Most of the write-up are facts, they are not opinions. The only opinions there are:

I should have used a better word. The one I meant - "authority", by which I mean your explanations of various computing/technical aspects, like PAE, etc, etc., which everyone, myself included, take as gospel.

As Bruce Schneier said it - "trust, but verify".

A few posts back, I made a comment about having a look at donor distros, can you share your opinion on that one? Is that an acceptable approach?

1. CentOS/RedHat - checks for updates at boot time and periodically.
2. Ubuntu - same thing. It was even worse - there was a period of time where every search query you put into their default dashboard (Ubuntu Dash) got sent directly to Amazon. Now that's a real concern!
3. Slackware - no updates checking by default, no contacting external servers by default at boot.
4. For Debian please check with pemasu or saintless; but I remember that some Debian derivatives do have updates checking.
5. Other large notable software pieces - libreoffice does update checking, Virtualbox too.
You can turn off all these but the *default configuration out of the box* is that they are all turned on.
I refer to "update checking" but the end result is the same - to perform update checking, it contacts a remote server (with all the consequences) to check whether updates are available.

[gcmartin]

As pointed out by the prior post, there are various OSes and subsystems that do presence checking for various reason. Most OS start their lives as LAN based and the internet is a necessary items for back-end operations. Because this is done, does NOT mean something malicious is active that is not in the best interest. Those developers intend to provide the best experience possible. In Puppy Linux case, the Prime developer started this approach to assist presence detection so the local PC user can have the best possible experience, recognizing that NOT EVERYONE has equal skills is system manipulation for presence. And, it makes easy to diagnose problems in some cases where the developers know that they are working with a system which operates as it does when evaluating a problem identified by a user. Since the prior detection method is/has been used across the board, I, personally, don't feel nor see, that there is/has been anything done to open PUPPY systems to exploit in today's world. ISPs have tended to operate with each's pool of IP addresses they own where static IP COST($) more to a user than the dynamic arrangement many of them use. Since many of us have a dynamic account with the ISPs, your current IP address on the internet does change from time to time, continuously.

FUD crept into this thread after the source reason was explained. In the request to "prove that others do it" is a continue to press a point.

A applaud the developers who have taken a look at this.

[James C]

4. For Debian please check with pemasu or saintless; but I remember that some Debian derivatives do have updates checking.

Vanilla Debian installs (KDE and Gnome) by default automatically check for updates at boot.Believe it can be disabled by the user though.

Updating Wheezy KDE as I type this.

Naturally, a link....
http://www.debian.org/doc/manuals/secur ... 10.en.html

Since Debian 4.0 lenny Debian provides and installs in a default installation update-notifier. This is a GNOME application that will startup when you enter your Desktop and can be used to keep track of updates available for your system and install them. It uses update-manager for this.

[mavrothal]

Actually a feature to check for puppy updates at boot may be a good idea specially for LTS puppies. If we could insert a script in the ibiblio puppylinux that could return the external IP if called (I do not know if this can be done without server access) could solve both issues at once.

[anikin]

1. CentOS/RedHat - checks for updates at boot time and periodically.
2. Ubuntu - same thing. It was even worse - there was a period of time where every search query you put into their default dashboard (Ubuntu Dash) got sent directly to Amazon. Now that's a real concern!
3. Slackware - no updates checking by default, no contacting external servers by default at boot.
4. For Debian please check with pemasu or saintless; but I remember that some Debian derivatives do have updates checking.
5. Other large notable software pieces - libreoffice does update checking, Virtualbox too.
You can turn off all these but the *default configuration out of the box* is that they are all turned on.

In other words, not a single one of the above distros, has the "feature" we are discussing. Why should we?

I refer to "update checking" but the end result is the same - to perform update checking, it contacts a remote server (with all the consequences) to check whether updates are available.

You don't mean to say, that Puppy contacts icanhazip to check whether updates are available?

[mavrothal]

You don't mean to say, that Puppy contacts icanhazip to check whether updates are available?

So at the end of the day the objection is that is
a) contacting some web site automatically for whatever reason
b) contacting icanhazip.com specifically or
c) that is getting the external IP of the machines (from any external site) ?

[James C]

It's a Puppy secret.....

https://scottlinux.com/2013/06/17/how-t ... with-curl/

Major Hayden has created the epic site icanhazip.com which will show your current IP address. There are a few more additions to know about as well. Here is the scoop!