Why is this strange IP address in Network connections?

[James C]

I leave namedropping to others. I did not ask to give out the name of the person. But I will if there is anything more to talk about.

I am now reaching out to those that has skills and can prove or indicate any wrong doing. Thats all.

Can we assume that you have no knowledge of the GNU General Public Licence?

Might consider educating yourself before continuing to spread FUD.

Just for the record...anyone was free to inspect the code at any time from before the start of this thread.

[Atle]

Its a bit funny when you look at this thread, one might think that the issue is not the case on is discussing, but the WAY people are discussion.

Must be very impressive for newcomers to see the "style" and level...

And so solution oriented...

[Atle]

Its always to bring the topic away from the topic...

Try to read this and other related threads and it comes out clear...

[James C]

Its a bit funny when you look at this thread, one might think that the issue is not the case on is discussing, but the WAY people are discussion.

Must be very impressive for newcomers to see the "style" and level...

And so solution oriented...

Discussion and accusation of nefarious intent are a bit different........

[James C]

http://bit.ly/1m77j16

[Atle]

One moment its a bug, then its not... Sound perfectly normal to me;-)

[Atle]

Whats your age anyway James? That thing was funny like 5 years ago.

Do you think the average Puppy user is a law maker and a Open Software nerd or some one that likes to get away from Windows?

This GNU link of yours is SO unrelated to the thread.

Since your such a guru, you might tell me if its a bug or not?

[James C]

Whats your age anyway James? That thing was funny like 5 years ago.

Since some of you seem unable or unwilling to do a simple search for a few facts I felt it was appropriate.

D[o you think the average Puppy user is a law maker and a Open Software nerd or some one that likes to get away from Windows?

This GNU link of yours is SO unrelated to the thread.

Totally related......allows for inspection/modification/deletion/etc. of the code in question.

Since your such a guru, you might tell me if its a bug or not?

Since I've never claimed to be a "guru" I guess you're attempting to be sarcastic.Or insulting...... you'll need to do much better than that...
I'll defer to 01micko from here
http://www.murga-linux.com/puppy/viewto ... 016#751016

Now you distort things... the bug is in firewallstate, where it it is not really meant to connect until called, lets get the facts right!

[Atle]

Well.. its not a bug, but perfectly written clean code that does exactly as intended.

And that is the core of the problem.

Micko kan read and learn about bug HERE and then continue to claim its a bug:-)

If micko is right we need to contact Wikipedia and change reality.

[mavrothal]

Well, let's give it a rest.

As I understand an outside linux expert has been contacted to evaluate if 3 scripts by BK, tazmod and radky querying icanhazip.com for the external IP of the puppy and another one by BK ping'ing google to see if the network is working,
a) expose user identity and data, or bridge security,
b) connect to sites possibly known or suspected to utilize the specific kind of queries for other purposes
c) if this activity is hidden from the user
and I guess offer his/her opinion on if in addition to the transparency of the code the user should be explicitly asked if these connections should be made, before they are attempted.

The scripts are pretty simple and even the entire Puppy code base is pretty small. Should not take long.

[anikin]

Can we get proactive and expedite the process a little bit?

Currently, Woof uses the following donor distros to produce Pups: Debian/Ubuntu, Slackware and Arch Linux. We can ourselves, or through external assistance determine if any, or all of the named distros have the contentious "feature." If they do have it, we can have it too. If they don't, accordingly, Puppy will comply with the standards of the donor distros. Provided, of course, that standards is any guidance for the community. Users, in any case expect to have at least some of them implemented in Puppy. The reputation of the above distros and professional expertise of their developers, to the best of my knowledge, are indisputable.

With regard to the questions outlined in the above post:
a)
b)
as they are formulated have not even been raised in the discussion and are of no relevance.

The question is much simpler - the named scripts, that comprise the "feature" - are they of any usefulness, do they work in the best interest of the user, do they come close to, or cross moral/ethical lines. In any case, outside experts should be given a link to this thread, so that, they fully understand the issue.

And a technical question about firewall state:
Can we just manually replace the old binary with this new one and leave the old startup scripts in place?
Or, does the source need to be hacked again by Micko to accommodate pre Woof CE Pupps?
The icons are in the source - I saw them. If I knew, I could have manually added them to the pet - note taken.

[mavrothal]

With regard to the questions outlined in the above post:
a)
b)
as they are formulated have not even been raised in the discussion and are of no relevance.

Security, privacy and undisclosed usage are in the core of the issue.
Unless if by "no relevance" you mean that neither security nor privacy is affected and no undisclosed usage may be suggested.

The question is much simpler - the named scripts, that comprise the "feature" - are they of any usefulness, do they work in the best interest of the user, do they come close to, or cross moral/ethical lines.

But these are matters of opinion. There will always be people that find them useful or useless. Best interest the same. And moral lines are relevant to undisclosed usage. If privacy and security is not affected and any undisclosed usage can not be identified, no matter what someones says will always be differences in opinion. Will be like arguing if the pizza sauce should have oregano or not.

Can we just manually replace the old binary with this new one and leave the old startup scripts in place?

If you also provide the icons in the right path, yes.

[Atle]

Mavrothal

Just so we got all the facts omboard, think this first sentence is missing something important.

You say:

"As I understand an outside linux expert has been contacted to evaluate if 3 scripts by BK, tazmod and radky querying icanhazip.com for the external IP of the puppy and another one by BK ping'ing google to see if the network is working,"

Lets not forget there is also some confusion in the first page of this thread about Nugget Enterprises, San Antonio, Texas.

So the list is

icanhazip
google
Nugget Enterprises

Am i right? Are there anymore?

[mavrothal]

Lets not forget there is also some confusion in the first page of this thread about Nugget Enterprises, San Antonio, Texas.

I thought that this was cleared previously, (Nugget Enterprises is the host of icanhazip.com) but please feel free to include it.

[01micko]

Major Hayden got a bit peeved



It's a bit old but really. shows the bloke is human. I have recently contacted him on twitter and indeed Nugget is his host in San Antonio, TX.

Here is the exchange. (Excuse my stupidity saying "ISP" instead of "host").

[anikin]

Major Hayden got a bit peeved

It's a bit old but really. shows the bloke is human. I have recently contacted him on twitter and indeed Nugget is his host in San Antonio, TX.
Here is the exchange. (Excuse my stupidity saying "ISP" instead of "host").

... Deep sigh ...

Here we come again.
Let's not discuss the issue at hand.
Let's talk about what's peripheral to it.
Here's a fat, red herring for you - major hayden.

How creative of you ...

[mavrothal]

Let's not discuss the issue at hand.

After 11 pages there is little left to discuss I would think.
Let's wait for Atle's expert review and provide him/her with any info that (s)he may find relevant either way.

[Atle]

This expert view can only be there if I can get a grip on the actual facts and its hard to get them as I am confused on this issue as for now...

this is why i ask for a clarification on what is what...

I feel the entire thing is a bit confusing and unclear.

[jamesbond]

jamesbond, mavrothal.. (+ others knowledgeable in networking). What are your thoughts on this from a technical and moral perspective (moral as in from the user and the host, [eg a.root-servers.net] perspective) for use as a basic connectivity check ??

There are a lot of things we can check when it comes to basic connectivity. We can check whether a network interface has an IP address. We can check whether the machine has a default gateway. We can check whether the machine knows of a good nameserver assigned to it. All these can be checked, and all these checks are local - no connection to the outside world is needed.

But if you want to know whether you have connectivity to the Internet, all these are *not enough*. You need to "connect" ("ping" or "wget") to a known end-point (=server) in the Internet; there is *no avoiding it*. It is *not* enough to ping the default gateway; it is *not* enough to ping the available nameserver. Both of these are unreliable tests because these endpoints are still within your machine/network or ISP's network - thus what you're testing is your connectivity to your own or at best ISP's network.

The only sure way to test for connection to "the cloud" is by contacting something which is absolutely known to live in "the cloud".

It is similar on how you test Skype installation/connection. Sure, you can test whether you microphone, speaker, or webcam works; this can be done locally without contacting anyone. But all these don't guarantee that you can make or receive calls. The *ultimate* test is to call the "Echo" Skype number - you connect to a well-known Skype server that will pick-your call, and records your voice and replays it back for you.

From privacy point of view - there is not much difference between using "ping" or "wget" to test connectivity - they both leak about the same amount of information. "ping" is probably a better to use because many endpoints have it enabled automatically; while for "wget" to be successful the endpoint must knowingly runs HTTP service; plus its overhead is smaller than wget (layer 3 operation vs layer 7 operation).

A ping or two to test connectivity when you're running network-setup wizard won't load an endpoint at all - so it's of no consequence.

The choice of the endpoint to use for testing is arbitrary (although some endpoints are more unpopular than others - as this thread obviously exhibits ); the main criteria being reliability (same IP address all the time; always on); so your choice of the root nameserver is wise. Of course, one can still debate that root nameservers are controlled by ICANN and ICANN is an American company and thus is beholden to the NSA ... but if we follow this kind of thinking till the very end then perhaps we all should disconnect the wire (or roll out our own Internet).

[anikin]

@Atle,
Just give them download links to any recent, pre-woof ce pups. Slacko, Precise, Upups, Dpups. Send them links to this and other threads. The experts don't need to have your opinion - they will make their own, based on test runs and reading this and other threads.

@Jamesbond,
I understand the technical side of what your're saying. However, I need to grasp the following: as my ISP's customer, I take it for granted, that I have fully paid for my internet connectivity. I don't need to worry about technical nuances. I can connect to anything - Skype, cloud, icanhazip and Google - no issues whatsoever. The connection is flawless, be it Windows, Mac or Linux. I pay them - they do the pinging. I will cautiously presume, that your explanation is about "professional" connectivity - ISPs, businesses, corporations. More importantly, your opinion will not be used to justify any questionable decisions.