Everything can be Secured, "Centrally" in the home

[gcmartin]

There have been several events over the past several weeks that got focus from this community. Some of what was seen centers around current information and internet trafficking. These in and of themselves, are raising good and valid points highlighting a need to be able to visualize things better than we currently do. In addition, I received this request on the eve of Amazon's release of their personalized cash register known as The Amazon Fire Phone to the world.
Here is the request asked:

gcmartin - have you looked at Tizen at all?

Linux-based, Google-free, it's easy to port Android apps, 2,000 Tizen apps already posted & 100% profit to app posters for the first year ... what's not to like?

Probably should open a thread here on Tizen.

Tizen has its business model direction to start its own OS brand. Like Apple, Blackberry, Android, Chrome, and several others, they ALL are a derivative base of Linux/Unix.

Linux, ReactOS, Tizen, etc, all fall under the Open Source monocle, need industry players to survive. And, in doing so, they MUST come up with a healthy business model to move forward as they garner believers. Have you looked at their webpage or at their developer's conference deliverables?

For me, Puppy Linux much too much presently where it can become much more attractive to the world with some very simple steps.

Even though, Puppyland, has not taken a more business directed approach to using the Puppy version of Linux for its own, in home, products, it is uniquely poised to do so. When I say business, I mean in terms of roadmap layout...not profit motive.

I am hopeful that maybe, this year, some creative members will begin to migrate Puppy a little to become a more LAN centric home "authority" device such that it begins to evolve as, if not one of the, but "the" central controller for information flow within the home.

This is a missed opportunity, up until now. I think we are at the doorstep but it has not be articulated in a viwew that Puppy members can see. Yet, I think that when they do, Puppy Linux can and will become the shot heard "round the world".

For example: Let suppose for even a second, that someone delivered a PUP that could be the primary center for ALL traffic that comes and goes within the home. The problem, today, is that current members see traffic as data to/fro the Internet. But, suppose we opened our eyes even a little to see data as a sub-element of traffic, then we can begin to see the doorstep that's there. Once the doorstep is recognized, it becomes apparent that everything we do in our homes constitutes traffic that we manage to our benefit. This means that PUPPY Linux begins its migration from a personal tinkerers toy to a full practical center stage systems for managing all traffic and its elements to the home's advantage. So it starts with router functions and adds data collection functions to the point of giving a home owner a total picture of all activity of the home. The home collects this information in its home directory where a home owner now uses the information collected from all of the traffic to automate decision processes. Those of us in the network industry know what I refer as its been around formally for 2 decades and the architecture has had an X.xxx international definition formally for 34 years.

Only businesses have been doing this to you. Puppy can easily evolve from its personal roots, to the next 2 levels without ever losing its personal roots!

I'm hopeful that other members also see this and begin to help bring about the adjustment in the prism we see Puppy Linux thru to take advantage of the processing power members of this community have at their fingertips for in-home advantage. All of the information moving in/out of the home is lost for the most part. Some simple changes could make user lives much more crystal-clear with a significantly increased security force arrangement than is given us, today, by vendors. Where I sit, many of the components are already sitting in Puppyland ... just not seen for the centralized advantage they would give homes.

This is written in haste as I leave for the week, but, I hope the spirit is seen.

I believe with the steps members have taken, since WOOF-CE started, has already cast the stone in the smooth pond. And everyone of us knows the ripple effect that occurs.

[gcmartin]

Reserved for discussion of a project.

[Moose On The Loose]

For me, Puppy Linux much too much presently where it can become much more attractive to the world with some very simple steps.

Even though, Puppyland, has not taken a more business directed approach to using the Puppy version of Linux for its own, in home, products, it is uniquely poised to do so. When I say business, I mean in terms of roadmap layout...not profit motive.

I am hopeful that maybe, this year, some creative members will begin to migrate Puppy a little to become a more LAN centric home "authority" device such that it begins to evolve as, if not one of the, but "the" central controller for information flow within the home.

It seems to me that the location of the security should be the location of the router and server. This suggests that the router and server should be at the same location and at the least connected by cable if not actually the same machine.

There is software out there that can be used to make a PC into a router. This suggests to me a kit that could be put together to make a puppy box into a home server and router box.

[gcmartin]

YES!

I don't think anyone in this community is still prancing about with their "heads in the sand" anymore. To recap some brief histologicals:

• Puppy got its start when many had 386/486 and 64MB RAM was the standard
• Systems that were brought to Puppyland by users had Win9x for the most-part, some had Win3.x
• We were, for many-many, still in the days of dial-up and ISDN at home
• Much of what we connected was via serial or parallel ports
• LANs for many were only wired for the most and running at 10Mb
• Most users ONLY understood Personal system; that is a single PC at home.
• Last and most important, many came to Puppyland (Linux) ONLY when a 2nd more powerful Windows/Apple PC was added to the home environment.

I am sure this community can think of others items that existed in Puppy beginnings almost decade ago.

Since then, what happened was:

• The connection to the outside world provided more options in the form of DSL, Cable and now Cell.
• Almost every PCs coming to Puppyland have LAN, audio and video on its motherboards
• Routers with multiple ports became popular with their built-in switches
• LAN speeds via the switch increased 10-100 fold
• Content sharing became a way of life and better understood
• Greater options for capturing/maintaining/distributing content from the internet occurred (some call this "cloud")
• Home PCs connections expanded with wireless become a defacto standard on laptops and inn all-in-ones.
• New personal devices began taking on some/much of what was being done on PCs
• All kinds of information began flying around the home from files, to structured documents, to music to video to security to etc.
• Almost EVERY household has 2 or more devices on their home networks.

If we just use the individuals who come to Puppyland to "test" distro use, there is not a single distro tester who has less than 2 devices in the home. Yes, Puppy has done so very much to make everything it does much much easier for user use and for system understanding for subsystem additions.

Like it or not; Acknowledge it or deny: we have become a multi-platform race of humans with multiple devices in our immediate vicinity that we can call on to do functional productive work.

In an evolutionary look we can see Puppy Linux's start as a single Personal-only PC with low-speed connection to, today, where we have several devices in our homes which have access to each other and the outside world.

In evolving, Puppy has grown;

• to now being able to use shared content, to now being able to distribute and share content (full SAMBA) with ANY LAN device built to talk to Windows or MACs,
• to now being able to provide an environment that allows other PCs on its LAN to boot directly from it without using any of their peripheral to run ("Netbooting"),
• to now being able to take advantage of any amount of RAM in either a 32bit or a 64bit PC (PAE or 64bit distros),
• to now being able to have several LAN PCs working as a Single Huge PC (Clustering),
• to now being able to, without installing ANY software to ANY PC on the home LAN to login to get a desktop on a central PUPPY PC (XRDP)
• to now being able to take advantage of the Virtualization features built-into PCs exclusive for Linux KVM use (QEMU's recent entry into Puppyland).

All of these technology advancements to Puppyland have all happened since 2011. And, many/most current Puppy users have already used one for more of these technologies for their personal needs thus far.

These evolutionary steps in the Puppy journey has come with much system maturity as well as a much speedier advancement among PC builders/vendors to keep Linux current with hardware advances.

Yes, Puppy has come a long long way since 2005.

Yet, the community continues for find increased ways of improving the Puppy behavior. In fact, each year I see innovation in Puppyland that exceed any wild expectation that any of us have about PUPs. Thus Puppy, itself, is not just being advanced, the development, test, and user use is evolving as well, with their "sighted" vision of Puppy needs. We have a smarter community, today, than we had a decade ago.

The signs are already there as Puppy people evolve in seeing a potential for Puppy Linux becoming a Central system for home control. We don't need to build anything new, per se, we only need to acknowledge that PUPPY IS A LAN SYSTEM than has its roots in a "Personal Easy to Use" coating. From this very simple understanding, it becomes immediately apparent to any one of us, the potential for how to review packaging it to our home use advantage!

I believe the Moose-on-the-Loose view is a great start for a Centralized LAN system corralling of secure, functional, productive home manager that is open-sourced and will be attractive as we march ever so fast into our future.

This does NOT necessarily need a distro, as it only needs packaging and documentation which can be added to the newer PUPs that are beginning to roll off the assembly line for expanding user consumption.

For example, suppose to support what he shared
we had an easy to use visual firewall which was capable of being a home DNS for local PCs while providing proxie services to all wired PCs on the LAN as a starting base. This could be connected to the path to the internet that many/most homes in the world either have or will have within the next 2 years. This can be used as an extra layer of security where it is capable of logging ALL entry/access/attempts in such a way that any PUPPY user can view and understand it external home use and access. No router vendor in the world, to date, is providing such for a home device or home user in a friendly easy to use interface. BUT PUPPY LINUX CAN! .... easily. And can do so while still maintaining its local "personal" service(s) to the home user who wants to use its desktop applications as well.

This is the kind of capability that this community can address.

Barry has left the center stage. WOOF-CE is replacing WOOF with so many new improvements. There may not be another Puppy Linux from BarryK, but, there is no reason why an evolved Puppy Linux distro could rise to attract an increased number of participants from the world stage which something as simple as a "New Puppy Linux - A Speedy Personal system with Home centrals built-in". No one today is doing so. Yet, it is merely a packaging which can start and be expanded on for years to come without having to develop anything new. There are several deliverable approaches for a new PUPPY to surface that will attract new users to what may well prove to be and exciting platform.

You CANNOT buy a new OLD-PC anymore. If you buy a PC/smartPhone/smartTAB, it exceeds the sizes of all past 32bit PCs. Just as 286s/386s/486s no longer factor in any percentage of PCs in todays world, those, decade and half PCs will NOT factor in tomorrows world either. Puppy has already address the old PCs. And, Puppy has already addressed the PCs of the last decade, too. Puppy addresses PCs of today and will continue to build upon what it delivers to users. But, now that our heads are above ground, we see the direction, as others do, while providing attractions as we move into the future with our increased functionality to home environments. None of this requires new hardware, but, "head out of the sand", users are bringing new hardware to us for their desires and needs.

PUPPY LINUX makes a difference!

[Moose On The Loose]

For example, suppose to support what he shared
we had an easy to use visual firewall which was capable of being a home DNS for local PCs while providing proxie services to all wired PCs on the LAN as a starting base. This could be connected to the path to the internet that many/most homes in the world either have or will have within the next 2 years.

It may not even need to be the DNS. Imagine a box with two network cards sitting at the boundary when the internet comes into the home. Such a box could watch the traffic as it goes by. If an external DNS is used, the firewall function could still protect the home network from attack. Since the machine would be in the path, it can directly block evil packets.

[mikeb]

This reminds me of the lousy arrangement I used to have to use before getting a router...especially the proxie variety on windows.
I assume some people here are actually using Linux and use modern conection hardware?

Mike

[gcmartin]

Yes,that would work as well without the use of proxy. The advantage of this kind of approach is Puppy subsystem services are now under the control of Puppy users to adapt as they see necessary while providing centralized data for their review or programming.

Further, with a thread to support it, a secure approach can be easily accomplished with "wider"-spread understanding and information sharing.

This may even lead to a better PUPPY LAN subsystem management layer useful in any PUPs implementation is a home.

Next we need some pictorials to make it easy for members to visualize what is proposed.

[mikeb]

Well internet forwarding is nice and simple on linux though it seems to be less than obvious for new users as it stands....an option hidden away in the firewall wizard in puppy or 2 lines of bash for those who are familiar.

parental controls are also of interest as well as security measures.

mike

[gcmartin]

Puppy evolves. It is a single PUPPY PC which is a "Shepard-Dog" for the kennel.

Well maybe Puppy doesn't evolve (there may be members who reject change). Maybe the reference might become "The Home Kennel"

A simple picture of "The Home Kennel" depicting what @Moose and @Mike share:

+1

[Stripe]

hi all
@gcmartin that looks remarkably like part of my home network

to make sure I understand
puppy central is basically a router/firewall/gateway to your LAN(s) (depending if you want your wired/wireless LAN's separate)

on the gateway pc at the moment I am using virtualization with a router/firewall VM running on top of a base system.
I am also running several other VM's (servers) on that machine to provide services to the LAN (poor security I know)
I am looking at changing from a vm based system moving to a sandbox/lxc (chroot) solution (to reduce load on system resources and not having to allocate separate resources to each instance, also it allows each instance to have unlimited access to all system resources (ram,cpu cores),

is that the gist of the idea?

[mikeb]

Does not look anything like my network .

I used to share via one pc when I had a usb modem over 6 years ago courtesy of the worst ISP in the uk...hi kingston communications.
Used proxyplus on windows (awkward) and later on masquerade on linux (easy and fast).
I did in the end get a wired only usrobotics modem/router which was heaven.

I have had the joy of a wired/wifi modem/router since living in the deep south...thanks post office.

mike

[gcmartin]

hi all
@gcmartin that looks remarkably like part of my home network ... is that the gist of the idea?

+1

Yes, your configuration supports the idea that a single PC can deliver home management with security services AND application delivery at the same time.

In fact, this could be a starting point for "The Home Kennel" mirrored after your setup where members here contribute to perfecting and strengthening an approach outside of vendor (corporations) control and delivery. The Puppy community can design and perfect a security model with easy implementation as well as perfecting a home management model for purposes most commonly used in the home....video streaming, audio streaming, pictures streaming, TV-radio signaling/streaming, smart device integration, lighting controls, heating/AC, and things we do in our homes today.

The beauty here, is that for most of this, all the work is already done. We are merely now looking to Puppy for its ability to easily integrate this into something which is easily understood and used.

The problem is that most members, until now, might not have considered this path for a PUP...."Puppy Home Controller" or "Puppy Home Kennel".

[gcmartin]

@MikeB offers a great idea in that he shows that a modem (not a router) provides direct attachment such that a PUppy PC could act as f/w, router, LAN DNS manager, and offer Proxy controls from a simple Home Host approach.

The biggest benefit to this kind of PC use, is that as LAN speeds increase, the horsepower of even a lowspeed motherboard is enormously faster than modem connections and LAN connections (even 10Gbe LANs). Further the home options for management exist in this very same PC can dynamically be adaptive as the future unfolds.

One idea, a PC without any peripherals that boots "Home" Puppy USB/DVD/PXE to sustain its position of home service delivery. (little power draw and tremendous home "Director" servicing)

[mikeb]

Well one machine is sort of being a headless file server at the moment. It runs slax.

If you want a machine to be the center of the universe then its a good idea for the system it runs to have a selection of servers as well as routing abilities... eg... SAMBA, NFS, SSH/SSHFS, HTTP, FTP VNC, PXE, DCHP and DNS would be good for starters. And of course the full set or unix/linux network tools...netstat..nmap and so on. Do any pups have that list?

Also it would be handy to have it as a wireless AP.... could be handy if a router is all thats available for ISP connection...the wifi on those is usually easily disabled.

Mainframe and slim clients arrangement almost.
Indeed such as NFS means clients could mount the system over the network so there is just one core source without having to transfer anything...LAN speeds are quite sufficient for that....do it quite often here. Makes updating a breeze.

mike

[gcmartin]

Over the past weeks, several ideas have surfaced for the beginning of a head-in Central Puppy Home machine.

One of the initial ideas have come from member(s) who this year have express a need for a "router" kind of system in a Puppy coat. As well as using a PUP as a kind of NAS with great/excellent data transfer/exchange within the home to smartdevices within the home's walls.

This would be a replacement to a home router OR it could be Firewall (which is a router) which sits behind the ISP modem-router.

If this does take a Centralization beginning, then the project would need a name. For now, let's call this beginning project "WATCHDOG". (Let's hear from Anyone who have any other suggestions?)

Puppy's WATCHDOG
This system could be almost any PUP distro which is tailored thru its REPO to provide the subsystems necessary for it to be the pathway to and from the internet thru the various types of approaches available. It could encompass a single path or it could bond multiple paths or it could backup a primary path or it could be adaptable to how ever many open paths it finds thru a bonding of those seen by the system for the in-home users.

The WATCHDOG would have a logging so that the home admin/owner could review to visualize traffic pattern that enter or leave the premises, electronically.

The WATCHDOG would have couple simple mechanism to spot and thwart attacks with reporting to the home admin of actions taken when spotting any events of such.

So this would provide an agile and secure use as a beginning of a Home Centralization system which could ultimate embrace multiple participants running in the home in the future.

The aim of Centralization is to put to productive use, systems that we have, to improve our lives at home thru some understandable integration of what Puppy has scattered about in the community, currently. And to put a Thread/Window up so that the community can clearly see what this adds and how its done.

Simple, clear, reasonable with little effort beyond some ease of understanding documentation of existing packaging.

This Centralization is NOT a re-invention. Its an integration of already present technology for any home user of Puppy Linux.
Edit: Punctuation: 1st sentence 3 paragraphs up

[Keef]

Not sure what to call it, but it does make me think of this:

[jamesbond]

Puppy's WATCHDOG

The only thing left to do now is to recruit the "developers". Anyone?

[gcmartin]

...recruit the "developers"

Might not need recruiting at all. They are already here.

Hope you will contribute too. Especially your knowledge of DNSMASQ.
If there anyone in the community who knows the importance of that, its you. Of course, this is coming from someone who has used or tested just about everything @Jamesbond has produced. Without his demonstrations and knowledge in the past, I could never be envisioning the larger role I see PUPPY about to deliver for our future.

Here to help

[gcmartin]

Anyone know how to setup Puppy Linux to provide the following inhome services: this request comes from 2 observations by different members over the past few months.

Assumption - Your Home LAN network

• Puppy Linux is booted on a LAN where there is a router.
• The router provides DHCP services to the LAN and is the LAN's gateway to the internet

Configuration 1
Puppy Linux has both a wired LAN adapter and a wireless LAN adapter discovered by Puppy at boot-time.

• Request 1
  Is there a thread, document or a recommendation to have Puppy be an "Extender" for the LAN? (An Extender is where PUPPY has a wired LAN connection and provides a pathway for wireless devices to go thru PUPPY to get to LAN services.)

Configuration 2
Puppy Linux has 2 wireless LAN adapters (I repeat 2 physical devices) built-in or attached. At boot-time, one of these adapters is used to connect to the home LAN, WIRELESSLY.

• Request 2
  Is there a thread, document or a recommendation to have Puppy be an "Repeater" for the LAN? (A Repeater is where PUPPY has a wireless LAN connection and provides rebroadcasting over the 2nd wireless adapter for wireless devices to go thru PUPPY to get to LAN services.)

Summary
These are 2 items which can begin the use of a Central PUPPY Home system and addresses couple earlier items alluded to which can provide benefit in in-home applications and PUPPY service(s). I sure most everyone can think of how Puppy's ability to do these, benefit us.

Would anyone of this community's members offer any pathway for using PUPPY in the home for these 2 senarios? Much of this is already built-in, but needs something to bond them to allow these to run in our homes.

Thanks in advance

P.S. None of this diminishes the use of the PUP to continue desktop use as we do today. Nor does this have ANY major/negative impact by providing this service in the home.

[mikeb]

Heres a copy of my ref for internet sharing... not sure how relevant it is...

I just double checked both methods and they work fine. I stumbled across an even easier way to set it up without a fire wall {like in the link I provided}. Just enter these 2 lines in /etc/rc.d/rc.local :
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward
It works everytime. I boot up, dial in and my connection sharing is good to go. Supposedly if you have cable or DSL you can substitute eth0 {or whatever eth your cable or dsl is connected to} for the ppp0 entry.


First- Set up your server machine{the one with the modem and either the firewall enabled sharing or the modified rc.local}.
Second- Fire up your client machine and go to the network wizard. Click on eth0{or whatever your eth is designated}. Click on static IP.
Enter your IP address = I use 192.168.0.10 for the laptop. This will be the IP address of your client machine...click ok. Enter your netmask = should pop up 255.255.255.0 automatically..click ok. Enter your default router = the IP address of your server machine. I have a very simple home network so mine is 192.168.0.1...click ok. Enter the IP address of a nameserver for resolving DNS names = the primary DNS IP of your internet service provider...click ok. That's it. Go to googling!
In my case I use att worldnet. I typed worldnet primary dns into google and the DNS numbers popped right up in the search. You can find most DNS numbers by going to your ISP's support webpage or simply call them and ask.
Whew..It took me longer to type this than it did to get the computers connected.

Connect Another LAN (or two or three or ...)

Sometimes you have need of connecting the router to another LAN. Maybe you want to hook up a group of friends temporarily, or you're a neat freak and want to section off different groups of computers, or you're just really really bored. Whatever the reasons, extending the router to other LAN networks should be pretty straightforward. In the following examples, I will assume that this new network is connected via a third ethernet card, namely eth2.

First you need to configure the interface. Just take the instructions in the 4.1 code listing and replace eth0 with eth2 and 192.168.0 with 192.168.1.

Then you need to tweak dnsmasq to service the new interface. Just edit the /etc/conf.d/dnsmasq file again and append -i eth2 to DNSMASQ_OPTS; using -i multiple times is OK. Then edit /etc/dnsmasq.conf and add another line like the dhcp-range line in the 5.1 code listing, replacing 192.168.0 with 192.168.1. Having multiple dhcp-range lines is OK too.

Finally, see the rules in the 5.2 code listing and duplicate the rules that have -i ${LAN} in them. You may want to create another variable, say LAN2, to make things easier.

mike