Distrowatch reviews Puppy 525

[nooby]

Luluc I do trust you know what you talk about but do they really lie to us?
idg.se which is our local version of PCWorld mag and their publisher company them also having IDG News service and the Swedes just translate it but unfortunate not always give the source just say it is IDG text.

They almost yearly describe how literally 100,000 sites and that is ordinary sites and not any rouge sites at all. Decent sites like a town homepage or Tourist or Pizza Bakery or Kebab or what ever? Shoesho locally anything, these 100,000 sites get infected in no time and it is named injection code and browsers are vulnerable to that and to be able to read the montly Mag or see the price of the Pizza you have to open up for Flash and there the injection code get in most likely or through Javescript and if you have to select among 20 different Javascripts as a newbie how do you know which one have the injection code?

One of our biggest Tabloid Expressen.se had an advertizer that had such bad codes and many got infected just because they wanted to read ordinary News text.

So it is not easy for us newbies.

Good you take up running Firefox as spot.

I have read this many times now. Bruce mention it and many others.

But in practice what am I suppose to do then to run it as spot? Should I first boot up normally and then being root.

Okay I see the desktop and so on. Then I want to check what is going on at John Murga Puppuy Forum. So I try to open FF.

Oops you ahve to be spot it say in read warnign text. So I ahve to log out to prompt and write log in as user spot password xxxx and then it show the desktop again. Okay I want to save a page from Puppy forum and then it says Spot has no such priv... you ahave to be root to save things on the HDD. So out again to teh Prompt and log in as root?

Or is it easier than that?

[Bernie_by_the_Sea]

The prefbar addon in Firefox/SeaMonkey allows easy toggling of javascript on and off, as well as flash on and off. It also has other features such as user agent to lie about what browser it is. Sometimes this works on some of those explorer-only sites.

[nooby]

Bernie that is good to know indeed. I ahve FF3.6.16 in one puppy and FF4.0 in another one does both know such tricks or only 4,0?

[bugman]

So turn off your javascript. Turn it off now. Turn it off right now. Turn it off and leave it off. Turn it off right in the middle of the sentence I am speaking to you now. Turn it off!

I want you to get up out of your chair, stick your head out the window and yell, I'm as insecure as hell, and I'm not going to take this anymore!

[James C]

So it is not easy for us newbies.

Good you take up running Firefox as spot.

I have read this many times now. Bruce mention it and many others.

But in practice what am I suppose to do then to run it as spot? Should I first boot up normally and then being root.

Okay I see the desktop and so on. Then I want to check what is going on at John Murga Puppuy Forum. So I try to open FF.

It's not hard to run Firefox or SeaMonkey as Spot, I just demonstrated how in a different thread.
Boot puppy normally.
Open the terminal.
enter "su spot" (no quotes) at the prompt.
enter "firefox" (no quotes) next.
When it launches, Firefox will be running under user Spot.
Link to screenshot
http://www.murga-linux.com/puppy/viewto ... 399#511399

Firefox will be running under user Spot while Puppy is still happily running along as root.I don't usually run that way,but it does work.

[nooby]

And being spot the intruder have to find out it's password first and that takes time? Can one notice through some activity if they try to find the password does it show up in Processes going? in logs.

Thanks for the description I try it tomorrow promise the first thing morning now to bed late at night.

[Bernie_by_the_Sea]

Bernie that is good to know indeed. I ahve FF3.6.16 in one puppy and FF4.0 in another one does both know such tricks or only 4,0?

Website says it works with SeaMonkey 2.0 to 2.1+ and Firefox 3.5 to 4.0+.

http://prefbar.tuxfamily.org/

[Pence]

I believe that Fatdog64 runs Firefox as spot.

[Luluc]

They almost yearly describe how literally 100,000 sites and that is ordinary sites and not any rouge sites at all. Decent sites like a town homepage or Tourist or Pizza Bakery or Kebab or what ever? Shoesho locally anything, these 100,000 sites get infected in no time and it is named injection code and browsers are vulnerable to that and to be able to read the montly Mag or see the price of the Pizza you have to open up for Flash and there the injection code get in most likely or through Javescript and if you have to select among 20 different Javascripts as a newbie how do you know which one have the injection code? One of our biggest Tabloid Expressen.se had an advertizer that had such bad codes and many got infected just because they wanted to read ordinary News text.

You make a very good point. The NoScript extension lets you open up Javascript to the sites you trust only, but indeed, one of the sites you trust could be infected. That danger is real.

And my mistake, I took for granted my own particular behavior: I grant Javascript access to very few websites. I am someone who will actually WALK AWAY from sites that require too much scripting junk to work. I have given up on many magazines and newspapers because of that. I just go away. Another quirk of mine: I don't watch video on the Internet. I think videos take too much of my time. So I hardly ever need Flash. Heck, an advertisement run HERE, in the Puppy forum, made Firefox crash on lucid_256 until I installed the Flash Block extension. Javascript and Flash are junk.

But I am one very rare bird. 99% of people just really have to be able to view the content, so they will just enable all the junk and expose themselves to risk.

But in practice what am I suppose to do then to run it as spot? Should I first boot up normally and then being root.
Okay I see the desktop and so on. Then I want to check what is going on at John Murga Puppuy Forum. So I try to open FF.
Oops you ahve to be spot it say in read warnign text. So I ahve to log out to prompt and write log in as user spot password xxxx and then it show the desktop again. Okay I want to save a page from Puppy forum and then it says Spot has no such priv... you ahave to be root to save things on the HDD. So out again to teh Prompt and log in as root?

Check that Browser icon you have on the desktop area. Right-click it and select Edit. You should find this command:

/usr/local/bin/defaultbrowser

We should be able to replace it with:

su spot -c /usr/local/bin/defaultbrowser

But, like I said before, it is not working. Logging in as spot is not working at all. It must be some bug in 525, that I don't know how to fix.

It's not hard to run Firefox or SeaMonkey as Spot, I just demonstrated how in a different thread.
Boot puppy normally.
Open the terminal.
enter "su spot" (no quotes) at the prompt.
enter "firefox" (no quotes) next.
When it launches, Firefox will be running under user Spot.
Firefox will be running under user Spot while Puppy is still happily running along as root.I don't usually run that way,but it does work.

Please see my earlier comment in this same thread. I cannot su to spot. It is broken in 525.

So turn off your javascript. Turn it off now. Turn it off right now. Turn it off and leave it off. Turn it off right in the middle of the sentence I am speaking to you now. Turn it off!

I want you to get up out of your chair, stick your head out the window and yell, I'm as insecure as hell, and I'm not going to take this anymore!

Actually, that is absolutely correct. The widespread use of Javascript we see in web sites nowadays is a lot, a lot, a lot, a lot, a lot, a lot more harmful than running Linux as root. Absolutely no jokes there.

[James C]

But, like I said before, it is not working. Logging in as spot is not working at all. It must be some bug in 525, that I don't know how to fix.

It's not hard to run Firefox or SeaMonkey as Spot, I just demonstrated how in a different thread.
Boot puppy normally.
Open the terminal.
enter "su spot" (no quotes) at the prompt.
enter "firefox" (no quotes) next.
When it launches, Firefox will be running under user Spot.
Firefox will be running under user Spot while Puppy is still happily running along as root.I don't usually run that way,but it does work.

Please see my earlier comment in this same thread. I cannot su to spot. It is broken in 525.

Well, here I am in a fresh install of 525....just posted about it in the Lucid thread......and I'm posting this in Firefox running as user Spot. Don't know what's wrong with your install but it's working here.

[MinHundHettePerro]

Check that Browser icon you have on the desktop area. Right-click it and select Edit. You should find this command:

/usr/local/bin/defaultbrowser

We should be able to replace it with:

su spot -c /usr/local/bin/defaultbrowser

But, like I said before, it is not working. Logging in as spot is not working at all. It must be some bug in 525, that I don't know how to fix.

Code: Select all

# su --help
Usage: su [OPTION]... [-] [USER [ARG]...]
Change the effective user id and group id to that of USER.

  -, -l, --login               make the shell a login shell
  -c, --command=COMMAND        pass a single COMMAND to the shell with -c
  --session-command=COMMAND    pass a single COMMAND to the shell with -c
                               and do not create a new session
  -f, --fast                   pass -f to the shell (for csh or tcsh)
  -m, --preserve-environment   do not reset environment variables
  -p                           same as -m
  -s, --shell=SHELL            run SHELL if /etc/shells allows it
      --help     display this help and exit
      --version  output version information and exit

A mere - implies -l.   If USER not given, assume root.

hth / MHHP

EDIT:
Please, disregard these (and future) noobish posts of mine . Thanks, Luluc, for your corrective reply, six posts down this thread .

[nooby]

MHHP look in the end of this post

Good news I have run in FF as Spot. Sure it worked I could see a streaming video on our local TV station here in Stockholm.

But the very bad news is that it shut down the Sda3 which to me is mnt/home and I could not access the bookmark.html page from earlier puppies that I made as a backup.

But I guess that is the good news that the guy that break in is also in spot and don't know the password to get out of it? But I don't know the pass word either.

So for this to work spot needs to be more elaborated so one know what it can do and what one can not do in it. I need to go out in root and move the html file to the spot place so I can access it there then?

I tried to save a picture or an actress the Royal Theater lovely smile on her face but that could only be saved then in Spot small place

So I had to go out to root again and move it from spot to root.

I mean each time I do that then the script that the criminals have left in Spot read what I do to get out to root and then they do the same too?

MHHP
May I kindly ask you explain it a bit to us who are not that good at such things

[Luluc]

Code: Select all

# su --help
Usage: su [OPTION]... [-] [USER [ARG]...]
Change the effective user id and group id to that of USER.

  -, -l, --login               make the shell a login shell
  -c, --command=COMMAND        pass a single COMMAND to the shell with -c
  --session-command=COMMAND    pass a single COMMAND to the shell with -c
                               and do not create a new session
  -f, --fast                   pass -f to the shell (for csh or tcsh)
  -m, --preserve-environment   do not reset environment variables
  -p                           same as -m
  -s, --shell=SHELL            run SHELL if /etc/shells allows it
      --help     display this help and exit
      --version  output version information and exit

A mere - implies -l.   If USER not given, assume root.

hth / MHHP

MHHP, I have no idea what you are trying to tell me. Rephrase, please?

[01micko]

Luluc definitely a bug..

I think it comes from installing debs. I'm sure rcrsn51 uncovered some bug affecting CUPS due to permissions.

Take a look at this:

Code: Select all

# ls -l
total 32
-rw-r--r--  1 root root 1052 2011-04-02 12:11 DISTRO_SPECS
drwxr-xr-x 10 root root 4096 2011-04-01 19:55 mnt
drwxr-xr-x  2 root root 4096 2011-04-01 19:55 pup_ro1
drwxr-xr-x 18 root root  292 2011-04-02 12:13 pup_ro2
drwxr-xr-x  2 root root 4096 2011-04-01 19:55 pup_ro3
drwxrwxr-x  5 root root   72 2011-03-16 12:13 pup_ro4
drwxr-xr-x  4 root root   37 2011-02-16 17:33 pup_ro5
drwxr-xr-x  4 root root   49 2010-07-16 22:47 pup_ro6
drwxr-xr-x 10 root root  174 2011-03-30 20:25 pup_ro7
drwxr-xr-x  4 root root   38 2010-04-28 03:12 pup_ro8
drwxr-xr-x  2 root root 4096 2011-04-01 19:55 pup_ro9
drwx------ 16 root root 4096 2011-04-22 06:19 pup_rw
drwxr-xr-x  2 root root 4096 2011-04-01 19:55 pup_z
drwxr-xr-x  2 root root 4096 2011-04-01 20:41 tmp
# pwd
/initrd
# 

Hmmm.. permissions are screwed up on the pup_rw mount point. Ok, looking for a fix for that, then looking for a fix for installing debs. In PPM it calls "dpkg-deb -x $PACKAGE_NAME". if you type "dpkg-deb --help" there is a pretty strong warning against using "dpkg-deb --extract" for installation of files. Me guess this is why. This bug doesn't just affect Lupu, all woof pups are affected, since debs have been supported. As a work around for now you can unpack debs in a sandbox and merge the dirs manually for installing debs, actually something like that may end up being the fix.

[MinHundHettePerro]

MHHP, I have no idea what you are trying to tell me. Rephrase, please?

I just humbly hinted that you might try using the syntax

Code: Select all

# su OPTION USER

instead of

Code: Select all

# su USER OPTION

.
hth / MHHP

[Luluc]

MHHP look in the end of this post

Good news I have run in FF as Spot. Sure it worked I could see a streaming video on our local TV station here in Stockholm.

But the very bad news is that it shut down the Sda3 which to me is mnt/home and I could not access the bookmark.html page from earlier puppies that I made as a backup.

But I guess that is the good news that the guy that break in is also in spot and don't know the password to get out of it? But I don't know the pass word either.

So for this to work spot needs to be more elaborated so one know what it can do and what one can not do in it. I need to go out in root and move the html file to the spot place so I can access it there then?

I tried to save a picture or an actress the Royal Theater lovely smile on her face but that could only be saved then in Spot small place

So I had to go out to root again and move it from spot to root.

I mean each time I do that then the script that the criminals have left in Spot read what I do to get out to root and then they do the same too?

MHHP
May I kindly ask you explain it a bit to us who are not that good at such things

Nooby, you just run the browser as spot from some command, and the browser should be the only thing that runs as spot. For everything else, you're still root. So, when you download something with your browser, it will be allowed to save inside /home/spot/SomeFolder ONLY. The spot user and the applications that spot runs cannot go outside of /home/spot. That is by design, it's for security.

However, you are still root for everything else. You can just launch your file manager, go into /home/spot and access the downloaded material from there directly. You can just open it or copy/move it elsewhere. You could even have a script go in there periodically and copy/move all downloads to another directory that belongs to root if you want.

About your bookmarks and preferences: you should copy/move them all to spot's corresponding configuration files/directories. They belong there now, root should have no reason to use a browser, much less have configuration files.

[Luluc]

MHHP, I have no idea what you are trying to tell me. Rephrase, please?

I just humbly hinted that you might try using the syntax

Code: Select all

# su OPTION USER

instead of

Code: Select all

# su USER OPTION

.
hth / MHHP

That order of options and arguments is not obligatory. Linux is not posix correct. I even tried the other order for the heck of it, it doesn't work. I cannot even simply run 'su spot'. Now I have to try and understand what 01micko told me... :-\

[Luluc]

Luluc definitely a bug..

I think it comes from installing debs. I'm sure rcrsn51 uncovered some bug affecting CUPS due to permissions.

Take a look at this:

Code: Select all

# ls -l
total 32
-rw-r--r--  1 root root 1052 2011-04-02 12:11 DISTRO_SPECS
drwxr-xr-x 10 root root 4096 2011-04-01 19:55 mnt
drwxr-xr-x  2 root root 4096 2011-04-01 19:55 pup_ro1
drwxr-xr-x 18 root root  292 2011-04-02 12:13 pup_ro2
drwxr-xr-x  2 root root 4096 2011-04-01 19:55 pup_ro3
drwxrwxr-x  5 root root   72 2011-03-16 12:13 pup_ro4
drwxr-xr-x  4 root root   37 2011-02-16 17:33 pup_ro5
drwxr-xr-x  4 root root   49 2010-07-16 22:47 pup_ro6
drwxr-xr-x 10 root root  174 2011-03-30 20:25 pup_ro7
drwxr-xr-x  4 root root   38 2010-04-28 03:12 pup_ro8
drwxr-xr-x  2 root root 4096 2011-04-01 19:55 pup_ro9
drwx------ 16 root root 4096 2011-04-22 06:19 pup_rw
drwxr-xr-x  2 root root 4096 2011-04-01 19:55 pup_z
drwxr-xr-x  2 root root 4096 2011-04-01 20:41 tmp
# pwd
/initrd
# 

Hmmm.. permissions are screwed up on the pup_rw mount point. Ok, looking for a fix for that, then looking for a fix for installing debs. In PPM it calls "dpkg-deb -x $PACKAGE_NAME". if you type "dpkg-deb --help" there is a pretty strong warning against using "dpkg-deb --extract" for installation of files. Me guess this is why. This bug doesn't just affect Lupu, all woof pups are affected, since debs have been supported. As a work around for now you can unpack debs in a sandbox and merge the dirs manually for installing debs, actually something like that may end up being the fix.

01micko, I don't understand what you mean. Let's compare:

Code: Select all

#~> ls -la /initrd/
total 44K
drwxr-xr-x 15 root root 4.0K 2011-04-05 07:40 ./
drwxr-xr-x 45 root root 4.0K 2011-04-21 00:43 ../
-rw-r--r--  1 root root 1.1K 2011-04-01 23:11 DISTRO_SPECS
drwxr-xr-x 10 root root 4.0K 2011-04-05 07:40 mnt/
drwxr-xr-x  2 root root 4.0K 2011-04-05 07:40 pup_ro1/
drwxr-xr-x 18 root root  292 2011-04-01 23:13 pup_ro2/
drwxr-xr-x  2 root root 4.0K 2011-04-05 07:40 pup_ro3/
drwxr-xr-x  5 root root   60 2010-04-13 14:19 pup_ro4/
drwx------  6 root root   71 2011-04-07 13:59 pup_ro5/
drwxr-xr-x  6 root root   71 2010-12-27 06:10 pup_ro6/
drwxr-xr-x  5 root root   60 2011-03-09 14:07 pup_ro7/
drwxr-xr-x  2 root root 4.0K 2011-04-05 07:40 pup_ro8/
drwxr-xr-x  2 root root 4.0K 2011-04-05 07:40 pup_ro9/
drwxr-xr-x 15 root root 4.0K 2011-04-21 00:43 pup_rw/
drwxr-xr-x  2 root root 4.0K 2011-04-05 07:40 pup_z/
drwxr-xr-x  2 root root 4.0K 2011-04-05 07:40 tmp/

What does that mean? I don't know. Can that be fixed?

[01micko]

Well I guess it can be fixed but your results are different to mine, so the puzzle goes on.

Here's the same command on a brand new frugal, and spot is working:

Code: Select all

# ls -l
total 52
-rw-r--r--  1 root root 1052 2011-04-02 12:11 DISTRO_SPECS
drwxr-xr-x 10 root root 4096 2011-04-22 07:03 mnt
drwxr-xr-x  2 root root 4096 2011-04-22 07:03 pup_ro1
drwxr-xr-x 18 root root  292 2011-04-02 12:13 pup_ro2
drwxr-xr-x  2 root root 4096 2011-04-22 07:03 pup_ro3
drwxr-xr-x  2 root root 4096 2011-04-22 07:03 pup_ro4
drwxr-xr-x  2 root root 4096 2011-04-22 07:03 pup_ro5
drwxr-xr-x  2 root root 4096 2011-04-22 07:03 pup_ro6
drwxr-xr-x  2 root root 4096 2011-04-22 07:03 pup_ro7
drwxr-xr-x  2 root root 4096 2011-04-22 07:03 pup_ro8
drwxr-xr-x  2 root root 4096 2011-04-22 07:03 pup_ro9
drwxr-xr-x 14 root root 4096 2011-04-22 07:15 pup_rw
drwxr-xr-x  2 root root 4096 2011-04-22 07:03 pup_z
drwxr-xr-x  2 root root 4096 2011-04-22 07:15 tmp

Maybe that's not the problem with spot, I don't know, but going by the error message permissions are screwed up somewhere

The hunt continues...

____________________________

Later..

Ok, in my previous message I mentioned this spot bug is caused by installing deb files, well that's a theory, no concrete evidence yet. Do you have a backup from before you installed any debs? Maybe then we can pinpoint where and why this happens.

_____________________________

Even later...

I fixed my foobarred install. It was my permissions on pup_rw. Buggered if I know how to fix yours Luluc as it appears a different problem. Your permissions on pup_rw look fine. Spot is now working for me. Here's my output now.

Code: Select all

# ls -la /initrd/
total 40
drwxr-xr-x 15 root root 4096 2011-04-02 09:39 .
drwxr-xr-x 49 root root 4096 2011-04-22 07:51 ..
-rw-r--r--  1 root root 1052 2011-04-02 12:11 DISTRO_SPECS
drwxr-xr-x 10 root root 4096 2011-04-01 19:55 mnt
drwxr-xr-x  2 root root 4096 2011-04-01 19:55 pup_ro1
drwxr-xr-x 18 root root  292 2011-04-02 12:13 pup_ro2
drwxr-xr-x  2 root root 4096 2011-04-01 19:55 pup_ro3
drwxrwxr-x  5 root root   72 2011-03-16 12:13 pup_ro4
drwxr-xr-x  4 root root   37 2011-02-16 17:33 pup_ro5
drwxr-xr-x  4 root root   49 2010-07-16 22:47 pup_ro6
drwxr-xr-x 10 root root  174 2011-03-30 20:25 pup_ro7
drwxr-xr-x  4 root root   38 2010-04-28 03:12 pup_ro8
drwxr-xr-x  2 root root 4096 2011-04-01 19:55 pup_ro9
drwxr-xr-x 16 root root 4096 2011-04-22 07:51 pup_rw
drwxr-xr-x  2 root root 4096 2011-04-01 19:55 pup_z
drwxr-xr-x  2 root root 4096 2011-04-01 20:41 tmp

It's got me stumped how the permissions can be changed on any of the ro mount points. My pup_ro4 for example and your pup_ro5

[bugman]

Absolutely no jokes there.

there are what i call 'true jokes' - additional layer beyond sarcasm

in other words, we are in total agreement

[they call me mister php]