Puppy Crypt 528

[jim3630]

installed manual frugal to ext4 pfix=ram. like the way the ff browser is configured. without java and the other extensions it's low drag high speed.

[DPUP5520]

the java plugin is actually a huge security risk in FF and well any mozilla browser which is why it is not there, as for the extensions that are in there simply using flashblock and imageblock make FF fly (theres no Flash in Puppy Crypt anyway, once again Huge security risk). The main reason for having imageblock in FF was because once you configure either JAP or Freedom and run FF through a proxy unless you use a paid subscription (I have a paid account with Freedom, securely and anonymously paid for of course) the browser will severely drag as JAP is limited to between 40-50kbit/s and Freedom at 64kbit/s. There are a few other ways in Linux to securely connect to the net that I haven't included cause they aren't as simple to set-up and also I will be removing the ISO I currently have up with a new one in a few hours with the version I had originally planned on putting out, the only difference is transmission is replaced with a bit-torrent client which allows for tunneling.

[DPUP5520]

Modified Puppy Crypt real quick and put out the version I was originally intending to, still has same name , is about 10MB bigger but you can now use proxy with bittorrent client (replaced Transmission with Tixati).
Also added in Enotes for creating encrypted notes/password lists.
Put up a quick tutorial for using Freedom and JAP programs on first post as well as reasons for using them or Elinks over the Also built-in Tor-Browser.
Also is the MD5sum for the ISO in the first post.

[Lobster]

I do not take responsibility for any wrongdoings done with Puppy Crypt

We blame Bugman (Puppy official scapegoat) for all wrongdoing.
It is not my way to encrypt. No secret bank accounts or illicit affairs with mermaids . . .
However for those security conscious I would remind that Puppy Phone can communicate peer to peer and encrypt the conversation.
Click on the red phone (on loan from Batman)
http://www.smokey01.com/menu/

This message will self destruct in 5 years . . .

[DPUP5520]

I actually took puppy psip out because I was having a hard time creating a secure connection with it. I'll retry after work and maybe add link to the first post for the pet to add back in.

[sgk]

@DPUP5520

You wrote on Sun., Oct. 23, "..... what I do recommend is not installing anything else which isn't included already as I have it set up to provide maximum security and any extra installs or modifications can override/screw up security settings that are in place."

First, let me say that I joined in Nov. 2006, tried dozens of Puppys as well as other distros since then, and was always disappointed in either their ease of use, security, or both. I like Puppy because it has a unique Save file, and is fast. Another reason, is that it can be easily remade into what you want by using Universal Installer. However, I was always wary, no reference to Wary Puppy, which gave me the most problems compared to Puppy 431, about running in "root." I don't want to get into a "root" discussion, so I'll leave it at that.

I am happy to see that someone, namely you, has decided to try to create a real safe Puppy puplet. I tried Puppy Crypts, but it did not impress me too much, but your remake is very interesting.

Now, my question, which comes off of your statement above. I understand your concern about not wanting to "break" Puppy Crypt-528 with new, or added programs, but what if someone, me, wants to add other PETs that I have been using in other Puppys over the years in order to get work done? What do I (or others) do? Submit a list of my (our) programs for you to test on Puppy Crypt-528 before we add them in?

I understand that you want to run a tight ship. I do share your fear of using Tor, but aren't all "proxy servers" a danger too? I use Tor, but less than I have been, and only for good reasons. Steve Gibson of "Security Now!" once said in his podcast, "There is no such thing as security..... only making something more secure than before." So, I understand the limits, and think that it's worth continuing to try to be "more secure than before."

I have been into Linux since 1993 ( as well as Windoze), and security is the biggest problem all of us have faced. It's too bad that most users think security (being more secure) is a joke.

I started the first off-campus Linux group in Philadelphia in the early 1990s. It was called PLUG (Philadelphia Linux Users Group) at the Highwire Gallery. The campus was LaSalle College, and the umbrella organization was PACS (Philadelphia Area Computer Society). I remember the transition from BBSs to the Internet. It was exciting, and your interest in making things safer keeps the excitement going! Thanks!

Keep up the good work!

[sgk2 (formerly sgk)]

The above post is mine. sgk is sgk2 (formerly sgk). I changed my e-mail address to a new one, and I got locked out. The easiest way for me to continue with the Puppy Forum was to re-register. This should avoid any confusion, I hope!

[DPUP5520]

I understand that you want to run a tight ship. I do share your fear of using Tor, but aren't all "proxy servers" a danger too? I use Tor, but less than I have been, and only for good reasons. Steve Gibson of "Security Now!" once said in his podcast, "There is no such thing as security..... only making something more secure than before." So, I understand the limits, and think that it's worth continuing to try to be "more secure than before."

While it is true that all "proxy servers" can be dangerous, most notably when you are not using a cascade as that single server that you are routing through would technically be able to read any information you pass through it , however when using a cascade such as which JAP (JonDo) uses that helps to nullify that problem.
As for adding programs into Puppy Crypt, as long as the programs have no access to the internet and don't modify anything already existing I don't see a problem or any real threat however if they do connect to the internet or modify any existing scripts built in you would be taking a risk on hurting the security of Puppy Crypt, I would basically say do so at your own risk in that case unless if you would want me to test it out id be more than glad to.

[jim3630]

As for adding programs into Puppy Crypt, as long as the programs have no access to the internet and don't modify anything already existing I don't see a problem or any real threat however if they do connect to the internet or modify any existing scripts built in you would be taking a risk on hurting the security of Puppy Crypt, I would basically say do so at your own risk in that case unless if you would want me to test it out id be more than glad to.

DPUP5520, adding another browser and giving it java privileges and light use on the net upon closing it will increase risk when use the built in armored ff?

[DPUP5520]

Depends on the browser, something like SeaMonkey, aurora (Firefox development) or anything based on Firefox/Mozilla then yes it will affect the security of the built in browser.
I'm not really trying to run a "tight ship" as sgk2 suggested but rather just giving suggestions on how to keep security tight on the distro as I said before it's main purpose is security and anonymity so realize that anything added to the distro which can connect to the net or modify any built in scripts is a threat to your being anonymous on the web and to the distro itself. For example when running with the built in Firefox through Freedom you are running a completely stateless session where cookies blocked and your header signature is scambled, there is also no http authentication data being sent.
What you can do is use Noscript to allow only certain sites that you trust to use the Java extension by "White-listing" them which would be more secure than installing a new browser.

[sgk]

@DPUP5520

BTW, I got my original ID, sgk, back, so I'll continue to use that.

I was going to gather up those programs that I wanted you to test if you could, but first I thought that I would try to use Your-Freedom. I read your "How to Setup Your-Freedom," and so I followed your steps beginning with Step 1.:

1.To use Your-Freedom, you must first sign-up. You can easily sign up using a throw-away email.

I went to Spamgourmet (https://www.spamgourmet.com/), and signed up for a "throw-away e-mail." Then, I went to the Your-Freedom web site (https://www.your-freedom.net/), and tried to sign on so I could then use the Your-Freedom program in Puppy-Crypt-528. The Your-Freedom web site rejected my whatever-name-I-used@spamgourmet.com e-mail address. I tried it a second time, and I was again rejected. There's nothing like "being rejected." It does little to boost the ego.

Can you suggest another "throw-away e-mail" site that the Your-Freedom site might not reject? I noticed only two more "disposable e-mail address" sites on Wikipedia (https://en.wikipedia.org/wiki/Disposable_e-mail_address), and they were Mailinator (http://www.mailinator.com/), and TrashMail (https://ssl.trashmail.net/), and I intend to try them, but I have a feeling that if Spamgourmet got the axe, those two might also get shafted.

I would think that a outfit like Your-Freedom would want to work with a "disposable e-mail address" site to further enhance our desires to maintain the most security for ourselves, unless they suspect Spamgourmet of being up to no good, or Your-Freedom would rather want to know who we really are by us giving away our well known e-mail providers' addresses to them. That doesn't sound too cool, or am I jumping the gun, so to speak? What do you think?

Thanks.

[P123]

There are a few disposable email extensions or apps for Google Chrome or for Chromium.

For example Instant Email Address or TrashMail.net.

[jim3630]

tend to think any email address such as something@yahoo.com could be a throw away if you use it only once.

[sgk]

@P123

Thanks.

I'm familiar with TrashMail, but the second one that you mentioned, I am not, so I'll try that one too.

[P123]

Does anyone how if there is a pet file to create a multiboot cd/dvd? I did a search for multiboot cd http://murga-linux.com/puppy/search.php & there was only 457 posts that matched this. Just searching for multiboot gives the same results.

I am hoping to create a cd/dvd with PuppyCrypt, PupRescue, Wary, R.I.P. Linux & Linux Mint or Ubuntu Rescue Remix.

[sgk]

@jim3630

Thanks for your input too, jim3630.

[P123]

I just did a quick search for "Disposable E-mail addresses" & there is none available for Firefox 7.0.1.

[DPUP5520]

I usually use Hotmail, yahoo, and Gmail for disposable email addresses. As for a multboot program there is one called sardu I think, and puppyluvr has one but I can't remember the name of it.

[P123]

I did see a few posts about sardu (look like a lot of reading) & I will check puppyluvr's posts later.

[sgk]

I thought I might share some of my findings on "Disposable E-mail Addresses." I used the search engine, DuckDuckGo, and found "Top 6 Disposable Email Address Services" at About.com. I copied the part of the page as follows:

=======================

Top 6 Disposable Email Address Services
By Heinz Tschabitscher, About.com Guide

If you give web sites and new contacts a disposable email address instead of your real one, you can selectively disable a disposable address as soon as you get spam through it, but continue using all other aliases.
All disposable email address services provide this basic functionality, but some have other neat features that make life with email less spam and more fun.

(Updated May 2011)

1. Spamex: - http://www.spamex.com/
Spamex provides a solid, useful, and almost feature-complete disposable email address service.

2. Spamgourmet: - https://spamgourmet.com/
Before you choke on all that spam, try the feature-rich and flexible disposable email addresses from Spamgourmet for protection.

3. E4ward.com: - https://www.e4ward.com/
E4ward.com is a down-to-earth and very useful disposable email service that makes it easy to prevent spam to your real email address with easily erasable aliases. You can use your own domain with E4ward.com, but address masking in your replies is a bit cumbersome and auto-expiring aliases are not offered.

4. GishPuppy: - http://www.gishpuppy.com/
GishPuppy is a disposable email address service that shines with simplicity and functionality. Unfortunately, GishPuppy's functionality does not encompass replacing your real email address with the appropriate alias in replies.

5. Mailinator: - http://www.mailinator.com/
Mailinator lets you use any email address @mailinator.com and pick up the mail at their site. Since there's no connection to your real address, you sure won't get spam from using Mailinator addresses. Keep in mind that all mail sent to Mailinator is made public.

6. Yahoo! Mail Classic: - https://mail.yahoo.com/
Yahoo! Mail Classic is a comfortable, reliable and secure email service with unlimited storage. A pretty good spam filter (including disposable email addresses) keeps the junk out.
Note that disposable addresses are deleted when you cancel your Yahoo! Mail Plus account.

What You Need to Know About Disposable Email Address Services - located at the following web address: http://email.about.com/cs/disposableadd ... e_addr.htm

=======================

I hope that those who are interested in disposable e-mails can find something in the list above. The site is at - http://email.about.com/od/disposableema ... osable.htm.

I would also like to say that I managed to set up JonDo , and it works well on Puppy Crypt-528 on my Acer netbook.