Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Sun 24 Mar 2019, 00:42
All times are UTC - 4
 Forum index » Advanced Topics » Puppy Projects
Fatdog64-720 and 721 Final [11 Jan 2018]
Moderators: Flash, JohnMurga
Post new topic   Reply to topic View previous topic :: View next topic
Page 24 of 30 [440 Posts]   Goto page: Previous 1, 2, 3, ..., 22, 23, 24, 25, 26, 27, 28, 29, 30 Next
Author Message
dcung

Joined: 13 Jul 2018
Posts: 230
Location: Down Under - 3rd rock from Sun.

PostPosted: Mon 27 Aug 2018, 05:41    Post subject:  

rufwoof wrote:
Ctrl-Alt-backspace works for me (run startx to restart again).


Thank you, rufwoof... Smile
Back to top
View user's profile Send private message 
rufwoof

Joined: 24 Feb 2014
Posts: 2915

PostPosted: Mon 27 Aug 2018, 06:15    Post subject:  

Anniekin wrote:
Very enlightening stuff!

X lack of GUI isolation is (very) well known.

I've been trial running fatdog gui/X as user and for the most part it works well. If you start two X sessions however (root and user) and run some things such as browsers running youtubes ... then it can become unstable. I was running gui as user and cli as root which worked very well, however on the basis that for puppy-like systems privilege elevation is relatively trivial I've since reverted back to running X as root. Booting a LiveCD (DVD) and multi-session saving any config changes (but more often just rebooting without saving (I have save session interval in event manager set to 0)) and loss/corruption of that is trivial (OS and configs are easily replaced). For data isolation I'm using sshfs mounts (old single core Celeron box running OpenBSD). Such that even if the fatdog system is breached/pawned then data remains secure (requires additionally breaking into the data server (OBSD box) at the root permission level). That OBSD data server is behind another router for further isolation/separation (I use Virgin as my ISP provider and fatdog is running from that, whereas I have a netgear router that also runs off the main hub/router and where the OBSD box connects off that netgear router).

Its good practice IMO to think of it as though the GUI/X system is weak/breached and plan data security with that thought train rather than a thought-train of 'my system is secure'. If you treat your desktop/gui system as though it were a public library PC/desktop then you're invaluable data is less vulnerable if/when a actual breach may occur.

I had been running OBSD both as a server and as a desktop, however OBSD as a desktop introduces additional security weaknesses if its to be used in any real-world realistic type manner. Using Fatdog liveCD is as-good a (maybe even better) choice for the desktop. Come to that, really it doesn't matter what you use if your invaluable data is relatively secure - provided whatever gui you do use doesn't blatantly open up data security weaknesses.

When it comes to online security that's relatively trivial, for any sensitive sites (such as online banking) use a fresh system/browser and only go directly to that site, nowhere else before or after (cold booting before and after). For partial sensitive - such as perhaps booking online cinema tickets that you might book using your everyday browser session, just make sure the credit card you use is a limited/disposable one (getting a credit card provider to keep your limit relatively low (hundreds) and not raise your limit into the thousands usually does involve having to telephone them as otherwise they more often automatically raise the limit relatively quickly).

_________________
( ͡° ͜ʖ ͡°) :wq
Back to top
View user's profile Send private message 
rufwoof

Joined: 24 Feb 2014
Posts: 2915

PostPosted: Mon 27 Aug 2018, 10:00    Post subject:  

I've attached a small script that might be used to 'mount' a remote sshfs directly from within Fatdog X. Not the best way (entering passwords etc. is best done from a ctrl-alt-fn console session), but easier to use i.e. can be a desktop icon or menu entry. Can also be run directly from the cli.

Near the top, you can use either a IP or a name (assuming the IP is associated/listed in /etc/hosts). Edit the file to change the userid, remote and local mount points as needed.

When run from within X the script prompts you to switch to xterm Secure Keyboard mode before entering the password, so less likely to be eavesdropped.

Ideally if running under X the proper xterm (from gslapt) should be installed as urxvt AFAIK doesn't support secure keyboard mode. I haven't tested it, but suspect the script might still work if your xterm is a symbolic link to urxvt or similar (but the Secure Keyboard likely wont work).

The script self contains another script (browse at your leisure). I encoded it that way to save having to post two scripts. That other script simply enables telnet to time out, i.e. I've used telnet to validate the server is up as my OpenBSD box doesn't respond to pings.

Of course you'll need a ssh server to connect to. I'm running fatdog livecd multisession with no local disks and using this script to connect to a old single core celeron box running OpenBSD that serves as my data/documents server. I have a entry for celeron 192.168.1.1 type entry in /etc/hosts on fatdog for that, and the script default has userid set to 'user' that is used to login to the OBSD box. The settings have local fatdog /root/Music folder as the mount point for the OBSD /home/user/Music folder - change those to yours as appropriate.

After successful sshfs, the script invokes rox to show the local mount point folder content.

When done, simply run umount /root/Music ... or wherever you mounted it.

The way I have the OBSD /home/user/Music folder structured is that all files in that folder are owned by root, user just has read/execute authorities - so even if fatdog is hacked those files can't be changed/wiped. A sub folder however that I've called fatdog is owned by user, so I can wrx files in that folder from fatdog (as could a fatdog hacker). For sensitive documents ... I store them elsewhere (another folder), owned by root, so they're inaccessible even from fatdog - unless I ssh into the OBSD box and switch to root.

EDIT: ... xterm Secure Keyboard ... not so secure!!! Testing the following running under spot, and it sees root keystrokes both in normal and xterm Secure Keyboard modes. Mezathinking iza stick withza passwords via cli !!!
Code:
#include <X11/Xlib.h>
#include <stdio.h>
#include <stdlib.h>
#include <sys/time.h>
#include <sys/types.h>
#include <unistd.h>

/* Hmmm! xterm Secure Keyboard ... not so secure !!!                */
/* http://insecure.org/sploits/xsecurekeyboard_fequent_query.html */
/* compile using : gcc logger.c -o logger -lX11              */

int main(int argc, char **argv) {
   Display *disp;
   int i, changed;
   char *s;
   struct timeval shorttime;
   char keys[32];
   char lastkeys[32];
   
   shorttime.tv_sec = 0;
   shorttime.tv_usec = 10;
   
   s = getenv("DISPLAY");
   disp = XOpenDisplay(s);
   if (NULL==disp) {
      fprintf(stderr, "%s: can't open display %s\n", argv[0], s);
      exit(1);
   }

   
   for(i=0; i<32; i++) {
      keys[i] = 0;
      lastkeys[i] = 1;
   }

   while(1) {
      select(0, NULL, NULL, NULL, &shorttime);
      XQueryKeymap(disp, keys);
      changed = 0;
      for(i=0; i<32; i++) {
         if (keys[i] != lastkeys[i])
            changed = 1;
         lastkeys[i] = keys[i];
      }
      if (changed) {
         printf("Keyboard status:\n ");
         for (i=0; i<32; i++)
            printf("%02x ", (unsigned char)keys[i]);
         printf("\n\n");
      }
   }

   XCloseDisplay(disp);

   return 0;
}

EDIT: See also http://murga-linux.com/puppy/viewtopic.php?p=988944#988944
sshfsmount.gz
Description  fake .gz (rename without the .gz suffix)
gz

 Download 
Filename  sshfsmount.gz 
Filesize  5.72 KB 
Downloaded  32 Time(s) 

_________________
( ͡° ͜ʖ ͡°) :wq

Last edited by rufwoof on Mon 27 Aug 2018, 17:13; edited 2 times in total
Back to top
View user's profile Send private message 
rufwoof

Joined: 24 Feb 2014
Posts: 2915

PostPosted: Mon 27 Aug 2018, 14:22    Post subject:  

I had been using video=800x600 kernel boot parameter to make the console font size more comfortable, I've just discovered the 'setfont big' console command however - and I like it. tmux and mc look really nice and if you set gpm active in - control panel, system, manage servers and services - the mouse also works in mc (handy when running the mc text editor).
_________________
( ͡° ͜ʖ ͡°) :wq
Back to top
View user's profile Send private message 
rufwoof

Joined: 24 Feb 2014
Posts: 2915

PostPosted: Mon 27 Aug 2018, 19:11    Post subject: fbcat - screen capture console  

Nice little cli tool - fbcat that includes fbgrab to capture screenshots of the console

Download from https://github.com/jwilk/fbcat, extract the zip and make;make install

I opened another tmux window and in that ran
Code:
fbgrab -s 5 /root/fb.png
to include a 5 second delay, and then switched to the mc tmux window and waited for the screen capture to complete.

Console command
Code:
setfont big
was run after logging in as root, hence the larger size font.
fb.png
Description  1440x900 full screen cap of console running tmux/mc/gpm mouse
png

 Download 
Filename  fb.png 
Filesize  23.12 KB 
Downloaded  91 Time(s) 
fb2.png
Description  Reduced the font (setfont) for wttr.in display
png

 Download 
Filename  fb2.png 
Filesize  13.31 KB 
Downloaded  42 Time(s) 

_________________
( ͡° ͜ʖ ͡°) :wq
Back to top
View user's profile Send private message 
jamesbond

Joined: 26 Feb 2007
Posts: 3284
Location: The Blue Marble

PostPosted: Tue 28 Aug 2018, 03:36    Post subject:  

Thanks for testing, feedback, and the good ideas Very Happy We may pluck some of them for inclusion in the upcoming Fatdog64 800.

As for X - X can be run as non-root, if you grant enough permissions to some /dev files and system/configuration files. But it also breaks a lot of implicit assumptions, so it requires a lot of testing to make sure things don't break.

_________________
Fatdog64, Slacko and Puppeee user. Puppy user since 2.13.
Contributed Fatdog64 packages thread.
Back to top
View user's profile Send private message 
rufwoof

Joined: 24 Feb 2014
Posts: 2915

PostPosted: Tue 28 Aug 2018, 05:16    Post subject: netsurf-fb  

Used video=800x600 kernel boot parameter ... installed netsurf-fb (that also requires libvncserver to be installed) from gslapt .., and running netsurf-fb in a console - as per the attached image (captured by ctrl-alt-F3 to another console cli and running fbgrab -s 5 /root/ns.png ... before ctrl-alt-f5 back to the netsurf frame buffer so as to capture that netsurf image).

Attached images were scaled down from 800x600 to 600 wide using mtpaint (more blurred than the actuals).

Surprised about yahoo pages - they loaded really really quickly (in Fatdog/X seamonkey yahoo news pages always seem slow to load).
ns.png
 Description   
 Filesize   96.98 KB
 Viewed   367 Time(s)

ns.png

ns1.png
 Description   
 Filesize   192.1 KB
 Viewed   368 Time(s)

ns1.png


_________________
( ͡° ͜ʖ ͡°) :wq
Back to top
View user's profile Send private message 
rufwoof

Joined: 24 Feb 2014
Posts: 2915

PostPosted: Tue 28 Aug 2018, 09:30    Post subject:  

jamesbond wrote:
Thanks for testing, feedback, and the good ideas Very Happy We may pluck some of them for inclusion in the upcoming Fatdog64 800.

Read your blog the other day James - like it - a lot. First I'd really heard about FatDog 800. (BTW twm can be made to look/feel reasonable if you use colour themes)

With fbcat, tmux - along with a /etc/tmux.conf file ... and the console becomes a much nicer thing to use IMO. The keycodes I've settled on for tmux in fatdog are ...
Code:
bind = split-window -h
bind - split-window -v
bind 0 resize-pane -Z
unbind '"'
unbind %
unbind z

#hilite current window
set-window-option -g window-status-current-bg red
set-window-option -g window-status-current-fg yellow

bind-key -n F12 next-window
bind-key -n F11 new-window

unbind C-b
set -g prefix `
bind-key ` send-prefix

bind -T copy-mode-vi PageDown          send-keys -X page-down
bind -T copy-mode-vi PageUp            send-keys -X page-up

# tabs at top of screen
#set-option -g status-position top
# Nah! if at top then gpm doesn't work well with mc

F12 to step to next tmux window, F11 to add a new window is outside of the F1 to F10 that mc uses. Using 0, - and = (near the F11/F12 keys) for zoom pane, split pane horizontally or vertically, along with using the backtick key instead of ctrl-b ... makes it much more usable IMO. backtick and arrow keys also to navigate between the panes - has it all more or less left hand for backtick presses, right hand hovering pretty much over the ENTER key region.

Fatdog's setfont big console command results in a great looking console font, and with gpm activated the mouse also works in mc Smile Add netsurf-fb on top of that and the 'cli' is a much nicer and useful place to be (it is still somewhat early days for netsurf though, so the functionality/operation is limited). Over the last 6 months or so I've transitioned over to more or less writing docs in html using a basic text editor, and then viewing those with a browser and using the browsers print to PDF file, so I can access and edit docs using a wide range of choices (cli, X, other).

First time I've really used multisession LiveDVD. I had tried it in the past, but more just in passing. Using it more earnestly in fatdog however has introduced me to something I really like - especially when you use a DVD-RW disc that you can reburn freshly. I've been booting and then blanking/formatting and iso writing to the same disc I booted from, and then save-session to 'defragment' all of the save files (reduces many save session files down to the single save file). Have noticed that multiple layering (save files) does lead to some inconsistencies - same as always for multiple-sfs's/layering. So far however I've only 'defragmented' that once myself i.e. unsquashfs the savefile and mksquashfs a new one.

Thanks to you and all the rest of the Fatdog team. 721 is simply great.

_________________
( ͡° ͜ʖ ͡°) :wq

Last edited by rufwoof on Tue 28 Aug 2018, 14:41; edited 2 times in total
Back to top
View user's profile Send private message 
rufwoof

Joined: 24 Feb 2014
Posts: 2915

PostPosted: Tue 28 Aug 2018, 11:50    Post subject:  

With video=800x600 kernel boot parameter the LatArCyrHeb-16 font works well for me on a 1440x900 monitor. I've modified my /etc/shinit to have a different PS1 prompt and added a console detection section that sets the keyboard to uk and setfont to that LatArCyrHeb-16

Code:
### /etc/shinit - shell init file
# this is executed by shell - both login or non-login
# setup stuff for interactive shells only
case $- in
   *i*)
      # interactive configurations - prompt, history, etc
      # TERM, USER and LOGNAME is already set by login/su
      PS1="$USER$ "; [ $USER = root ] && PS1="\[\e[34;1m\]Pwd: \[\e[36m\]\w\n\[\e[31;1m\]\u@\h> \[\e[32m\]"
      HISTFILE="$HOME/.history"   # ensure all shells use the same history
      
      # aliases
      alias ls='ls --color=auto'
      alias grep='grep --color=auto'
      uset_title() { printf '\33]2;%s\007' "$*"; }
      uset_font() { [ $# -gt 0 ] && printf '\33]50;%s\007' "$*"; }
      aufs_reval() { busybox mount -i -t aufs -o remount,udba=reval aufs /; }
   ;;
esac
if [ ! $DISPLAY ]; then  # root/cli, then set uk keyboard layout
   loadkeys uk
   setfont LatArCyrHeb-16
fi
# run per-user shinit
[ -e $HOME/.shinit ] && . $HOME/.shinit


I've also tweaked the mc configuration to use the gotar theme and set the left pane to a tree view, right pane to show the filename, size, last modified time, with a bottom overview that shows the owner, group, permissions for the current selected/highlighted file.

Sorry, I normally like to reduce down the size of posted images to 600 width, but the attached is full size (800x600) to show the full effect (actual console snapshot taken using fbgrap).
login.png
 Description   
 Filesize   605 Bytes
 Viewed   307 Time(s)

login.png

ht.png
 Description   
 Filesize   15.11 KB
 Viewed   310 Time(s)

ht.png

ls.png
 Description   
 Filesize   6.89 KB
 Viewed   313 Time(s)

ls.png

fn.png
 Description   
 Filesize   12.32 KB
 Viewed   321 Time(s)

fn.png


_________________
( ͡° ͜ʖ ͡°) :wq
Back to top
View user's profile Send private message 
rufwoof

Joined: 24 Feb 2014
Posts: 2915

PostPosted: Tue 28 Aug 2018, 14:12    Post subject: Not saving changes  

721 multisession. I've noticed a few times now that after burning a new iso image and then running save session - that some changes weren't always being saved. I guessed that it was not running snapmergepuppy (fatdog-merge-layers.sh) beforehand, such that any changes made in that session weren't being flushed/merged into the save.

Line 87 of /usr/sbin/save2session invokes
Code:
save_multisession not-shutdown

whilst line 153 of /usr/sbin/fatdog-save-session.sh (i.e part of save_multisession function)
Code:
   # 6. merge down so that next time the same info is not saved again - only for non-shutdown event
   [ -z "$shutdown_mode" ] && fatdog-merge-layers.sh "$SAVEFILE_MOUNT" "$MULTI_MOUNT"

... wont run a merge, so all recent changes aren't being flushed. Unless that is you also run another save at shutdown (I have event manager save interval set to 0, so only saves on demand, and after having burnt the iso, and then clicked on the save-session desktop icon, I don't usually run another save again during that session - just shut down without saving).

So it looks like my procedure of having save session interval at 0 (never automatically save, just on demand) and ...

booting
making some changes
blanking the DVD
format the DVD
burn the iso to the DVD
making some changes
run save-session desktop icon

and then considering I'd created a new version with just a single savefile ... is wrong. Those 'making some changes' are lost that way. Best practice it would seem would be to boot, blank, format, burn iso, save-session ... and then immediately reboot - before making changes and saving again.

I appreciate this is not a bug, just a procedural thing, but perhaps the code might be extended to include a /etc/eventmanager scan for RAMSAVEINTERVAL='0' and if so have line 87 of save2session run just save_multisession without any parameter so that changes are also flushed (???)

_________________
( ͡° ͜ʖ ͡°) :wq
Back to top
View user's profile Send private message 
rufwoof

Joined: 24 Feb 2014
Posts: 2915

PostPosted: Tue 28 Aug 2018, 16:29    Post subject: framebuffer  

You can use ffmpeg to record the console framebuffer ...
Code:
#!/bin/sh
ffmpeg -f fbdev -i /dev/fb0 -r 24 /root/streamcast.avi


or for a single screenshot
Code:
ffmpeg -f fbdev -frames:v 1 -r 1 -i /dev/fb0 screenshot.jpeg


Or in the most raw form
Code:
cp /dev/fb0 screenshot

that you can later copy back using
Code:
cp screenshot /dev/fb0


cp /dev/urandom /dev/fb0 loads the screen with random coloured pixels

Use mplayer
Code:
mplayer -vo fbdev video_file


View a presentation (installing fbgs)

fbgs [-l|-xl|-xxl] [pdf_file|ps_file]
fbgs is a simple wrapper script which takes a PostScript or pdf file as input, renders the pages using ghostscript into a temporary directory and finally calls fbi to display them.
fbgs is contained in fbi package

In a standard console (not tmux), you can also run console vlc
cvlc some.mp4

Worryingly - using spot (X) I managed to grab a snapshot of the root framebuffer !!!
vid.png
 Description   
 Filesize   120.37 KB
 Viewed   258 Time(s)

vid.png


_________________
( ͡° ͜ʖ ͡°) :wq
Back to top
View user's profile Send private message 
rufwoof

Joined: 24 Feb 2014
Posts: 2915

PostPosted: Tue 28 Aug 2018, 19:24    Post subject: tmux.conf  

Experimenting with some tmux config tweaks ... (~/.tmux.conf)
Code:
# set control key to backtick but also send it i.e. if hit twice then prints the backtick
unbind C-b
set-option -g prefix `
bind ` send-prefix

bind -T copy-mode-vi PageDown          send-keys -X page-down
bind -T copy-mode-vi PageUp            send-keys -X page-up

# mc uses F1 to F10, so moved up to F11 and F12
bind-key -n F12 next-window
bind-key -n F11 new-window
#bind-key -n F3 kill-window

# Console tmux and this has - and | instead of ? for borders
# UTF-8 must be off
set-option -g terminal-overrides ',*vt*:enacs@:smacs@:rmacs@:acsc@'

# split panes using | and -
bind = split-window -h
bind - split-window -v
bind 0 resize-pane -Z
unbind '"'
unbind %
# keycode PageUp switches to Fatdog ctrl-alt-F4 i.e. X/gui
bind PageUp send-keys "chvt 4" Enter

## switch panes using Alt-arrow without prefix
#bind -n M-Left select-pane -L
#bind -n M-Right select-pane -R
#bind -n M-Up select-pane -U
#bind -n M-Down select-pane -D

######################
### DESIGN CHANGES ###
######################

## loud or quiet?
#set-option -g visual-activity off
#set-option -g visual-bell off
#set-option -g visual-silence off
#set-window-option -g monitor-activity off
#set-option -g bell-action none

#  modes
#setw -g clock-mode-colour colour2
setw -g clock-mode-colour yellow
setw -g mode-attr bold
setw -g mode-fg colour1
setw -g mode-bg colour18

# panes
set -g pane-border-bg colour0
set -g pane-border-fg colour19
set -g pane-active-border-bg colour0
set -g pane-active-border-fg colour9

# statusbar
# if at top, then gpm (mouse) doesn't work well (offset)
set -g status-position bottom
set -g status-justify left
set -g status-bg colour18
#set -g status-fg colour137
set -g status-fg white
#set -g status-attr dim
set -g status-left ''
#set -g status-right '#[fg=colour233,bg=colour19,bold] %d/%m #[fg=colour233,bg=colour8,bold] %H:%M:%S '
#set -g status-right '#[fg=colour137,bg=colour19,bold] %D/%M/%Y #[fg=colour137,bg=colour8,bold] %H:%M:%S '
set -g status-right '#[fg=colour249,bg=colour19,bold] %a %d %b #[fg=colour249,bg=colour19,bold] %H:%M '
set -g status-right-length 50
set -g status-left-length 20

setw -g window-status-current-fg colour1
setw -g window-status-current-bg colour19
setw -g window-status-current-attr bold
setw -g window-status-current-format ' #I#[fg=colour249]:#[fg=colour255]#W#[fg=colour249]#F '

setw -g window-status-fg colour9
setw -g window-status-bg colour18
setw -g window-status-attr none
setw -g window-status-format ' #I#[fg=colour237]:#[fg=colour250]#W#[fg=colour244]#F '

setw -g window-status-bell-attr bold
setw -g window-status-bell-fg colour255
setw -g window-status-bell-bg colour1

# messages
set -g message-attr bold
set -g message-fg colour232
set -g message-bg colour16

#hilite current window
set-window-option -g window-status-current-bg red
set-window-option -g window-status-current-fg yellow
tm.png
 Description   
 Filesize   11.64 KB
 Viewed   247 Time(s)

tm.png


_________________
( ͡° ͜ʖ ͡°) :wq
Back to top
View user's profile Send private message 
rufwoof

Joined: 24 Feb 2014
Posts: 2915

PostPosted: Wed 29 Aug 2018, 09:06    Post subject:  

Called a end to having fun with framebuffer, now setting things up to be more secure.

spot is a member of the video group, so can simply watch /dev/fb0 i.e. see whatever root might be viewing on the framebuffer console. Easiest way to drop that is to not run a framebuffer console and the easiest way to do that is boot with nomodeset (XVesa). You lose functionality with that, acceleration, certain video modes etc. XVesa is suggested as being less secure than Xorg, however Xorg security is weak anyway, anyone who can connect to X can view keystrokes and screens of others (a recent test I ran indicates spot can even see root's keystrokes even when xterm Secure Keyboard is activated).

So I've set it up so that boot auto logs into root cli, with no X running, no kms (i.e. nomodeset kernel boot parameter). A isolinux.cfg append line for my liveDVD multisession boot of ...
Code:
append rootfstype=ramfs nomodeset pfix=nox basesfs=ram:device:sr0:/fd64.sfs savefile=direct:multi:sr0::0

I've created a userid user that I'll run X under. After booting to cli I have a twin script that loads several tmux windows of which one is a user cli, so running xwin in that tmux window starts up X (running as user). This is the current content of my /root/twin ...
Code:
#!/bin/sh

# start a tmux session, detach
# then send commands to that before reattaching to it
# Note that C-m is carriage return (enter)

# create a tmux session called work, and deattach so we can send keys to it
# Create the first window and load htop into that ...
tmux new -s work -d
# we leave that first window as a sh type window

# Add another window and load mc
tmux new-window -t work
tmux rename-window -t work mc
tmux send-keys -t work 'mc' C-m

# Add another tmux window and load htop
tmux new-window -t work
tmux rename-window -t work htop
tmux send-keys -t work 'htop' C-m

# Add yet another tmux window that we run X from as userid user
# i.e. logged in as user, ready to run xwin
tmux new-window -t work
tmux rename-window -t work xwin
tmux send-keys -t work 'su - user' C-m

# and finally select which window to show first and attach to the tmux work session
tmux select-window -twork:0
tmux attach -t work

That has ctrl-alt-F1 as the tmux (multiple windows) and ctrl-alt-F4 as the X session (user). No framebuffer, so console (tmux) is all standard VGA type text content look/feel (still as colourful as my earlier tmux screenshots).

I'm also intending to drop using DVD-RW discs in favour of write once only DVD-R's as they're inexpensive enough to be wasteful in return for better security i.e. the disc's content cannot be changed.

Seems to be working well from what I've tested/used so far. There are tweaks I still have to make such as X still showing functions/programs that prompt for the root password, such as mounting the DVD or running a save-session ...etc. i.e. that tempt you to enter the root password in a X window - that could be eavesdropped - those all need to be moved over so the root password is only ever entered in the console. The more usual way would be to drop user from group wheel so it can't run su type activities at all, but fatdog doesn't use wheel group control.

As I've said before, I store all data on a separate OpenBSD box that I use ssh and sshfs to access, so the LiveDVD is just for OS and OS configuration changes. When used in that manner having event manager save interval set to 0 (never auto save, only save on demand) is a good choice. Its also good practice to only ever freshly reboot and make changes and then save ... i.e. before running anything else, such that the base + save layers remain relatively clean/pristine (more usually a session involves booting, doing stuff and then shutting down without having saved).

_________________
( ͡° ͜ʖ ͡°) :wq

Last edited by rufwoof on Thu 30 Aug 2018, 10:35; edited 1 time in total
Back to top
View user's profile Send private message 
jamesbond

Joined: 26 Feb 2007
Posts: 3284
Location: The Blue Marble

PostPosted: Wed 29 Aug 2018, 12:42    Post subject:  

Quote:
spot is a member of the video group, so can simply watch /dev/fb0
Or you can take spot out of video group, or close access to /dev/fb0 (using udev rules or simply chmod 0600 /dev/fb0 in rc.local).

Quote:
(a recent test I ran indicates spot can even see root's keystrokes even when xterm Secure Keyboard is activated).
That's interesting to know Shocked

Quote:
721 multisession. I've noticed a few times now that after burning a new iso image and then running save session - that some changes weren't always being saved. I guessed that it was not running snapmergepuppy (fatdog-merge-layers.sh) beforehand, such that any changes made in that session weren't being flushed/merged into the save.
Can you tell me how your save= looks like (when you did this test?).

Explanation: Fatdog has an independent RAM-layer and multisession-layer. You can enable both at the same time by specifying save=ram:multi (instead of save=direct:multi).

With one exception, RAMSAVE_INTERVAL only affects "saving" of the RAM layer to the layer beneath it. The layer beneath it can be the usual save layer (savefile, savedir, etc), or the "multisesion" layer. Now, this multisession layer is actually also another RAM-backed storage, but it is separate from the normal RAM layer. This multisession layer is never saved periodically, it is only saved when you press the "save session" (ie. run save2session), or at shutdown time (if RAMSAVE_INTERVAL != 0).

So, by using multisession, you already get the benefit of a RAM-layer, with no periodic saving. But you can also run multisesion with RAM-layer, in which case your changes goes through two places before getting committed to permanent storage.

save2session does exactly what its names is - it saves the current session (the current mulisession layer) to disc. It has no business to pull updates from the RAM-layer. To persist updates from the RAM-layer to the multisession layer then you click the "save RAM layer" (=run save2flash).

If you run both RAM-layer **and** multisession, then you need save2flash + save2session to make sure changes are persisted. Otherwise, just stay with multisession without RAM-layer and things should work as expected.

Note that if you set RAMSAVE_INTERVAL=0, you are indicating that you absolutely don't want to save anything unless you told the system to do so. So no automatic save2flash, no automatic save2session, in fact no automatic save of any kind during running or at shutdown.

Hope that clarifies.

_________________
Fatdog64, Slacko and Puppeee user. Puppy user since 2.13.
Contributed Fatdog64 packages thread.
Back to top
View user's profile Send private message 
rufwoof

Joined: 24 Feb 2014
Posts: 2915

PostPosted: Wed 29 Aug 2018, 13:54    Post subject:  

Thanks James, I'd missed that save structure. I originally changed my kernel savefile parameter to savefile=direct:multi:sr0::0 and have stuck with that since, so that was what was in use at the time. I coded it that way to better highlight the last value being the number of prior saves to skip as I did slip up in one case using savefile=direct:multi:sr0:1 thinking that would skip the last 1 session, i.e. missed a : (which screwed up the saves/disc). I've been setting up cli versions for the likes of saving, blanking/formatting/burning a boot disc, shutdowns ..etc. i.e. to run from root cli so your notes are very helpful. Thanks.

I did trial run with /dev/fb0 set to root only access (I used chmod go-wrx /dev/fb0) so no access by spot, but after trying nomodeset and seeing things work relatively well, I more prefer the textual console look and feel, and vesa simply flies (less memory usage also i.e 67MB first boot (no X running) rising to 450MB odd when X and seamonkey loaded/running). If that doesn't work out I might alternatively try using a dual head with /dev/fb1 wr by root only and for the console purposes, /dev/fb0 left as is for other usage.

Yet another alternative might be to turn the fb console off
Code:
echo "0" > /sys/class/vtconsole/vtcon1/bind
along with other steps as per https://www.mjmwired.net/kernel/Documentation/fb/fbcon.txt line 158 onwards.
_________________
( ͡° ͜ʖ ͡°) :wq

Last edited by rufwoof on Wed 29 Aug 2018, 14:02; edited 1 time in total
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 24 of 30 [440 Posts]   Goto page: Previous 1, 2, 3, ..., 22, 23, 24, 25, 26, 27, 28, 29, 30 Next
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Advanced Topics » Puppy Projects
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.2918s ][ Queries: 13 (0.0043s) ][ GZIP on ]