Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Fri 09 Dec 2016, 00:18
All times are UTC - 4
 Forum index » Taking the Puppy out for a walk » Suggestions
Criticism of woof-CE and of the people involved in it.
Moderators: Flash, Ian, JohnMurga
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 8 [118 Posts]   Goto page: 1, 2, 3, ..., 6, 7, 8 Next
Author Message
mavrothal


Joined: 24 Aug 2009
Posts: 2758

PostPosted: Mon 23 Nov 2015, 02:08    Post subject:  Criticism of woof-CE and of the people involved in it.  

In another thread, given the opportunity some "conserns" where expressed, so I thought to leave that thread alone and take it up here.

So to role the discussion here is some response to some rcrsn51 comments (not necessarily directed at him).

rcrsn51 wrote:
1. Many people complained about the icanhazip issue. The standard reply was "It's not a security problem. Don't worry about it."

The standard reply by many other people was the that for some time (years?) the default was not a security problem. And is not!
BTW did you ever notice what your browser is doing the first time you run it?

rcrsn51 wrote:
2. Eventually, the "compromise" was to add a checkbox, but set it ON by default. This struck me as petty and disrespectful of people's concerns.
Why is a compromise to offer the option And why only the people worrying must be respected, specially when it only takes a click to get their false sense of security.

rcrsn51 wrote:
3. Then suddenly, Iguleder added a line to woof that turned the checkbox OFF, and not a SINGLE person commented. Apparently, all the community members who had previously resisted any change had nothing to say about the final solution.

Two points, there is no "resistance" in anything, some have different views on the "functionality vs risk" equation. Second "no-one really cares enough" is the most likely reason for the lack of discussion on such a trivial issue (yes pinging a site like icanhasip is trivial when it comes to security).
The option is still there and it still takes a click to change it to your liking. If this discussion makes people "rediscover" it and complain the other way around may as well revert to "on".



(And here is the important part, at least for me)
rcrsn51 wrote:
Personally, this raises some questions about the decision-making process in woof and its transparency. But as I was once told, "Anything in woof is fair game."

How can you question the transparency when everything is up in s public repo, including the discussions.
But quite frankly very few people, besides the usual 3-4 suspects, offered any input or even watching what is happening. Are you actually following any of the discussions and what is happening in Github?

Now regarding "decision making process", woof is a puppy building infrastructure. Decisions are related on how to make this easier/better (see a relevant recent issue) though there are even "heated" debates on other issues.
However, the actual puppies and their content is the work of the puppy builder. AAMOF less than 2% of the code in a puppy comes from woof.
Regarding possible other non-technical decisions, see above about "community participation"...


So,
Although puppy/woof/linux/FOSS is mostly a doocracy and the standard response is "put your code were your mouth is", I think that no one was ever harmed by constructive criticism and suggestions, and if not, everyone enjoys once in a while a flame war Twisted Evil
Feel free to take this thread anywhere it goes Razz
Either way lets have it Very Happy


Latter: Edited grammatically (though I'm sure has few more issues Very Happy )

_________________
Kids all over the world go around with an XO laptop. They deserve one puppy (or many) too Very Happy

Last edited by mavrothal on Mon 23 Nov 2015, 09:24; edited 1 time in total
Back to top
View user's profile Send private message 
bark_bark_bark

Joined: 05 Jun 2012
Posts: 1809
Location: Wisconsin USA

PostPosted: Mon 23 Nov 2015, 09:00    Post subject: Re: Criticism of woof-CE and of the people involved in it.  

mavrothal wrote:
So,
Although puppy/woof/linux/FOSS is mostly a doocracy and the standard response is "put your code were your mouth is", I think that no one was ever harmed by constructive criticism and suggestions, and if not, everyone enjoys once in a while a flame war Twisted Evil
Feel free to take this thread anywhere it goes Razz
Either way lets have it Very Happy


Sadly, many people in this world think that they are above criticism.

_________________
What consenting adults do in their bedroom is none of your business so if you think there is something wrong with homosexuality and your bothered by it, then you're an idiot who needs to mind their own business.
Back to top
View user's profile Send private message 
Flash
Official Dog Handler


Joined: 04 May 2005
Posts: 12280
Location: Arizona USA

PostPosted: Mon 23 Nov 2015, 09:59    Post subject:  

I'll leave this thread for now, but warn that it could disappear or be edited. Bark_bark_bark's comment didn't advance the discussion much. Sad
Back to top
View user's profile Send private message 
cimarron


Joined: 30 May 2013
Posts: 293

PostPosted: Mon 23 Nov 2015, 10:19    Post subject:  

If I'm understanding the woof function correctly, it's a tool to help people build puppies. But it doesn't control the content of any pup that someone wants to build. The puppy builder can make any changes to the code he/she wishes before releasing it. If that's true, I don't see how those maintaining woof are doing anything but providing a helpful service to others.

I also know that any puppy can be remastered pretty easily. So if I don't like what the builder put into a puppy, I the user can permanently change it myself (as I have). And most of the code is easily accessible and changeable. The parts I couldn't figure out myself, I found help from more advanced coders here to make the changes I wanted.

Because of this, my experience is that Puppy is the most user-friendly and user-submissive OS I've encountered. Thank you to BK and all the maintainers who have stepped up to keep this project going and improving!
Back to top
View user's profile Send private message 
jlst

Joined: 23 Nov 2012
Posts: 509

PostPosted: Mon 23 Nov 2015, 12:55    Post subject:  

I don't like dogs, so basically that's my main issue with Puppy.

Puppy allows you total control, so I think: each to their own.

If you don't like the way it's done, modify it, hmm that's what I do, there is only one drawback: it takes too much time. But there is no knowledge that is not power (source)... With this same knowledge, mastering Arch Linux has been very easy.

But in order to make Puppy very popular, the LXPup derivative has taken the most user-friendly approach, of course, OpenBox+lxpanelx can be replaced with JWM and most bloat can be neutralized. ROX is borderline unusable, especially when you do everything with the keyboard. I mean, democracy takes into account what most people have to say. So basically a poll would a very a good idea.

I have my own Puppyy Derivative, I use only grub4dos menus for cds, hds, usbs, so basically a poll would be a good idea to know what exactly the users want...
Back to top
View user's profile Send private message 
musher0


Joined: 04 Jan 2009
Posts: 8928
Location: Gatineau (Qc), Canada

PostPosted: Tue 24 Nov 2015, 02:20    Post subject:  

@all, if it can be useful:
I'm sure there are others, but there's a good spell checker online at
http://spellcheckplus.com/. Also available for French and Spanish.
It's not GPL, but it's free for short texts.

On the subject at hand, I'll say that I might not be in agreement with
some of the "editorial choices" in woof-ce, but as some may have noticed,
lately, I've been keeping my comments to myself. I respect the hours of
work the main woof developers have invested in the project, even if I am
not in total agreement with each and every one of their individual choices.

Let's keep in mind Librepup, a wonderful example of what the process can
achieve. As well, this process yielded extremely good results in the past
(upupRaring, tahrPup), and I'm sure there will be others in the future.

That said, Puppy is a community, not a company run from the top down.
Typically, "directives" or "suggestions" (for lack of better words) in a
community go the other way, from the bottom up.

While it is desirable to have a central development hub for Puppy, such as
woof-ce, because Puppy is a community, development of Puppy will
continue outside this hub. Also, criticism (hopefully constructive) coming
from outside this hub will continue to be voiced. Although some feathers
may be ruffled occasionally, I think that this bottom-up process is on the
whole healthy.

My 2¢. BFN.

musher0

_________________
musher0
~~~~~~~~~~
"The greatest of minds are the ones that never close." | "Les plus grands esprits sont ceux qui ne se ferment jamais."
(starhawk, Resident Philosopher | philosophe en résidence) Wink

Last edited by musher0 on Wed 25 Nov 2015, 11:50; edited 3 times in total
Back to top
View user's profile Send private message 
anikin

Joined: 10 May 2012
Posts: 816

PostPosted: Wed 25 Nov 2015, 11:21    Post subject:  

A quick question regarding Puppy pinging Google. In that thread, iguleder hinted, that was changed. Can you guys please, post a link and a brief description? One more, does Puppy's wget ping sourceforge or any other destination, if it does, why's that needed?
Back to top
View user's profile Send private message 
mavrothal


Joined: 24 Aug 2009
Posts: 2758

PostPosted: Wed 25 Nov 2015, 11:38    Post subject:  

Puppy needs to know that has an internet connection to perform different functions. ie access help pages, look for video drivers etc. So it pings a site that has a very high "up" rate to verify that is connected and inform the user to connect if it is not.
Google and sourceforge were used earlier and now replaced by duckduckgo.

https://github.com/puppylinux-woof-CE/woof-CE/commit/a83aaf913b91bf8198e0bea010fef4962c421c5a
and
https://github.com/puppylinux-woof-CE/woof-CE/commit/5732467783d736a7cefa995dbe99828aadebf1ac

_________________
Kids all over the world go around with an XO laptop. They deserve one puppy (or many) too Very Happy
Back to top
View user's profile Send private message 
bigpup


Joined: 11 Oct 2009
Posts: 8021
Location: Charleston S.C. USA

PostPosted: Wed 25 Nov 2015, 13:11    Post subject:  

Someone said:
"If two people agree 100% of the time, that means one of them is not needed"!

Disagreement is always good in the development of something.
However, at some point a final decision must be made.
Hopefully it will be agreed to by most involved.

Good example:
Cell phone charging.
Remember the 100 plus different charging connections there were for cell phones? People finally decided this was ridiculous.
Now we have one universal mini USB connection used by all.

Now, what do I do with all these different cell phone chargers Question Rolling Eyes

_________________
I have found, in trying to help people, that the things they do not tell you, are usually the clue to solving the problem.
When I was a kid I wanted to be older.... This is not what I expected Shocked
Back to top
View user's profile Send private message 
anikin

Joined: 10 May 2012
Posts: 816

PostPosted: Wed 25 Nov 2015, 16:04    Post subject:  

In my noobish view, the pings can be safely disabled. Puppy's core functionality won't be affected. Especially now, that the bone of contention is off. I recall Micko's answer in that old ipinfo thread, something like "they are on the chopping board" ... escaped the knife, though.
Back to top
View user's profile Send private message 
mavrothal


Joined: 24 Aug 2009
Posts: 2758

PostPosted: Wed 25 Nov 2015, 16:15    Post subject:  

The nice thing about woof is that everyone can build a puppy the way (s)he likes it, and this forum is hospitable enough to everyone that has something to offer. I'm sure that some puppy builder will trade whatever functionality these pings and searches offer for a "discrete" puppy.
_________________
Kids all over the world go around with an XO laptop. They deserve one puppy (or many) too Very Happy
Back to top
View user's profile Send private message 
anikin

Joined: 10 May 2012
Posts: 816

PostPosted: Thu 26 Nov 2015, 15:33    Post subject:  

Can we stick to the point at hand? If internet is up, Puppy will have a connection. If internet is down Puppy will not have a connection. Pings are irrelevant and not needed in this situation. I think (correct me if I'm wrong), Puppy can run those scripts linked in your post without any pings, Disabling icanhazip, while leaving the pings on makes absolutely no sense. Icanhazip is just a small part of malicious functionality which is spread across all those *pinging* scripts. You either remove it all, or you don't.
Back to top
View user's profile Send private message 
dancytron

Joined: 18 Jul 2012
Posts: 598

PostPosted: Thu 26 Nov 2015, 15:47    Post subject:  

Well, sticking to the point, what is the actual security risk from the present setup i.e. pinging duckduckgo?

Not some imagined risk. Something actually bad that can, even remotely, actually happen.
Back to top
View user's profile Send private message 
Keef


Joined: 20 Dec 2007
Posts: 777
Location: Staffordshire

PostPosted: Thu 26 Nov 2015, 17:28    Post subject:  

The Evil Emperor Ping will teleport down from Cyberspace and stare menacingly at a kitten. And the government will deny it ever happened. B@st*rds.
Back to top
View user's profile Send private message 
anikin

Joined: 10 May 2012
Posts: 816

PostPosted: Thu 26 Nov 2015, 17:36    Post subject:  

Pinging Google, icanhazip, DuckDuck per se is not a security risk. I'm talking about malicious functionality: Puppy maintainers are pinging sites of their choice from my computer without my consent and knowledge. This *feature* makes Puppy absolutely not usable with Tor Browser. Those footprints (your IP, time/date in server logs of above mentioned sites) are used for triangulation - literally, like in trigonometry to find out your location.
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 1 of 8 [118 Posts]   Goto page: 1, 2, 3, ..., 6, 7, 8 Next
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Taking the Puppy out for a walk » Suggestions
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0829s ][ Queries: 12 (0.0047s) ][ GZIP on ]