Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Mon 12 Nov 2018, 15:49
All times are UTC - 4
 Forum index » House Training » HOWTO ( Solutions )
Setup Puppy as a traditional, but updated operating system
Moderators: Flash, Ian, JohnMurga
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 1 [7 Posts]  
Author Message
clerk_gabel

Joined: 29 Aug 2018
Posts: 20
Location: norway

PostPosted: Wed 12 Sep 2018, 22:14    Post subject:  Setup Puppy as a traditional, but updated operating system
Subject description: install microlinux to HDD
 

The intention of Puppy is mainly to be a portable operating system. Though, a full install to HDD is possible and here a recipe for how to install Puppy booting an updated kernel and running a maintained browser, with easy cabling to mobile phones and space for storage of photos etc.

1) Download the 32 bit Slacko Puppy 6.3.2 iso from puppylinux.com and burn it as bootable to a USB stick (if burned to CD it might or might not boot, depending on hardware). Boot the USB stick and do immediately a full install to HDD, configuration can wait. Do not save configurations etc.under the installation aside saving the partition table that must be created with Gparted and installing the boot manager. Underneath is an example of a table with sda3 dedicated for storage of photos. Now shutdown, remove USB stick and reboot.

2) To make Puppy boot kernel 4.9.1 and run Firefox Quantum the files seen on the second image are necessary, where .txz archives was downloaded from Slackware repositories, the apulse library from a RedHat site and pets kindly provided by members of this forum, and to be found in various locations if browsing the forum. The 4.9.1 kernel is provided by Hesse James

http://www.murga-linux.com/puppy/viewtopic.php?t=80274&search_id=36531023&start=36

3) Kernel-4.9.124_Xenial64.tar.gz contain when unpacked several files where the file vmlinuz-4.9.124-xenialpup64 should be renamed to vmlinuz and the file kernel-modules.sfs-4.9.124-xenialpup64 to kernel-modules.sfs.
The kernel-modules.sfs can now be installed from the filemanager, and the native vmlinuz existing in the /boot folder be replaced with the Xenial vmlinuz compiled by Hesse James.

Following a reboot the attached spectre-meltdown-checker.sh script should confirm mitigation for Meltdown and Spectre v.1 processor issues.

4) to install Firefox Quantum the archive firefox-60.0.1-32-bit.tar.gz must be unpacked in the /opt folder (will unpack in /opt/firefox32), otherwise the MenuEntry pet will not work. Firefox Quantum is dependent of the gtk+3 archive, the CamPhoneTab app needs libgcrypt, apulse audio is a prerequisite of Firefox and openssl an updated security protocol for browsing.

With this setup two different mobile phones without problems connected to Puppy, where it just was to drag and drop folders from phone to the sda3 storage. Strange a 64-bit kernel works on a 32 bit system.

Link to rcrsn51's great CamPhoneTab:

http://murga-linux.com/puppy/viewtopic.php?t=102321

Edit: On this mixed-race Puppy the utilities SysInfo, PupSysInfo, PupKview and PupScan works but interfer with browsing.Their entrances in the menu may be disabled via the Meny Manager and later reenabled if a more appropriate 32bit kernel should appear. With Firefox the User-Agent is: Mozilla/5.0 (X11; Linux i686 on x86_64; rv:62.0) Gecko/20100101 Firefox/62.0
parttable.png
 Description   
 Filesize   29.47 KB
 Viewed   306 Time(s)

parttable.png

files.png
 Description   
 Filesize   24.66 KB
 Viewed   306 Time(s)

files.png

spectre-meltdown-checker.sh.gz
Description  courtesy of speed 47 (GitHub). Rename to spectre-meltdown-checker.sh
gz

 Download 
Filename  spectre-meltdown-checker.sh.gz 
Filesize  124.76 KB 
Downloaded  40 Time(s) 

Last edited by clerk_gabel on Sun 16 Sep 2018, 07:54; edited 2 times in total
Back to top
View user's profile Send private message 
rufwoof

Joined: 24 Feb 2014
Posts: 2625

PostPosted: Thu 13 Sep 2018, 19:33    Post subject:  

Thanks for the detail, however from a security perspective installing Puppy to HDD is worse than having concerns about using the latest patched up kernel. As is having data on the same system. Even save folders on the same system are security weak, as for instance a browser flaw that permits remote access can relatively easily elevate to root on Puppy and then modify the savefolder content for persistence purposes. Save files are only marginally better. The more optimal is CD/DVD boots with no local data, no saving other than immediately after rebooting clean and making config changes or updates before creating a new clean save image (i.e. later kernels can be installed/used). For browsing, a sfs of the latest version of Chrome/whatever also has you starting a session with the latest/clean/security-patched browser that can be updated relatively easily as later versions are released.

Personally I use sshfs for networking to my phone, and reverse sshfs from a OpenBSD box that acts as a data server (mounts one of its folders as a mountpoint on Fatdog whenever it detects it coming online). That data is backed up to a OpenBSD box folder that Fatdog has no access to. That way you can just use rox/whatever on those files/folders (mount points) as though they were local folders and wirelessly in the case of the phone. If I do have my usb phone/pc lead plugged in then I'll use MTP for its better transfer speeds - but only tend to do that if speed is of essence (mostly I transfer files in the background whilst doing other things).

Remember that hackers have the advantage in that they just need a single flaw, whereas prevention requires near impossible effort and reliability (security bugs are just another bug (of which at any one time there will be many within the average system) that can be exploited in a way that compromises security). Rather than feeling safe, better to come at it from the opposite direction and ask what damage might be caused if someone was in control of root cli. In the past obscurity such as Puppy was a reasonable defence, however potential attack vectors used by hackers have become more refined and broad/deep. Fundamentally for most single user desktop type setups it will be (certain) data that is the most invaluable and as such likely would be the primary focus (anyone who has had their identity stolen will tell you just how devastating and inconvenient that can be), along with online banking activities (general/other online transactions can use a low value card/account to lower the risks).
xscreenshot-20180914T004128.jpg
 Description   
 Filesize   58.62 KB
 Viewed   481 Time(s)

xscreenshot-20180914T004128.jpg


_________________
( ͡° ͜ʖ ͡°) :wq
Back to top
View user's profile Send private message 
clerk_gabel

Joined: 29 Aug 2018
Posts: 20
Location: norway

PostPosted: Sat 15 Sep 2018, 05:55    Post subject:  

rufwoof - thank you for insight.I believe I understand what you say, that flushing the operating system when rebooting will keep it pristine, and documents are recommended to be stored externally. In that way Puppy probably is a horse head in front when it comes to security, compared to other operating systems, and might well be the future.
My perspective for a full install was the impression that with firewall, updated kernel and Firefox Quantum keeping itself up to date a full install of Puppy is reasonable secure, and that an individual in the unlucky case of e.g. identity theft could argue with these precautions if anything legal should follow.
Advantages of a full install is of course storage capacity, preserving browser updates and the boot up time. It is convenient with a fast boot when receiving a phone call and having to verify a booking number, and some educational videos stored on the hard disk was finally studied when recently our modem broke under a heavy thunder.
G-mail invite to save documents in the cloud, it may be the future for many. As you say, using low value cards for PayPal is a must.
Otherwise the full install works OK except from problems with Sys-Info and PupSysInfo, as mentioned above. The pet debbi-1.3 (also by rcrsn51) made it uncomplicated to install drivers for a wireless Brother printer, also Softmaker Office works fine on this small Linux.
Back to top
View user's profile Send private message 
Mike Walsh


Joined: 28 Jun 2014
Posts: 4356
Location: King's Lynn, UK.

PostPosted: Sat 15 Sep 2018, 08:20    Post subject:  

There is of course the ultimate security solution, y'know.

There's this thing called a wall socket.

There's this thing called a plug.

You pull the one out of the other, and.....you never, ever put it back in!

Sorted!

----------------------------

You can spend so much time worrying about whether you're being hacked that you never actually use your computer for anything at all...... Laughing


Mike. Wink

_________________
MY PUPPY PACKAGES | 'Thanks' are always appreciated!
--------------------------------------

Back to top
View user's profile Send private message Visit poster's website 
rufwoof

Joined: 24 Feb 2014
Posts: 2625

PostPosted: Sat 15 Sep 2018, 18:48    Post subject:  

Mike Walsh wrote:
There is of course the ultimate security solution, y'know. There's this thing called a wall socket. There's this thing called a plug. You pull the one out of the other, and.....you never, ever put it back in! Sorted!

You can spend so much time worrying about whether you're being hacked that you never actually use your computer for anything at all...... Laughing

You could stay indoors rather than taking the risks of going outside, most however accept the risks. In contrast many opine that they wont get hacked whereas the better stance is to appreciate anyone could get hacked at any time, and when so what would that entail. "Raising the bar" helps better protect you from the likes of identify theft - which can lead to years of strife. The likes of HP's bought in your name with the sellers pursuing you through courts; Debt agencies - who often have added sizeable fees/costs on top of recovery values by the time they come to knock your door in order to seize assets in lieu of recovery payments ...etc. Proving/arguing that you did do/buy x but not y can be a real nightmare, especially when it can sustain repeatedly for years. A initial attractor for further undesired focus is often something seemingly trivial such as casual disregard for on-line activities/security-procedures that open up easy initial access to some identity details. Once under that spotlight there's incentive to build upon that with more concerted efforts. If in contrast initially there are clear indications of regard for security-procedures/methods and little is gleamed from a cursory first pass inspection/detection, then the inclination is to move onto easier targets.

But yes there are also easier alternatives. Consider for example this thread/forum and some opting to use/reveal real names. A simple single transparent pixel image link included in a posting potentially reveals readers IP and geographic location - and with cross references its somewhat trivial to refine down to particular individuals. Then utilising the electoral register or whatever can further refine that down to a particular street/house. Registry office reveals birth/marriage details. A casual brush past might lead to credit card number. Car parked on the driveway reveals a registration number. Land registry reveals how long you've lived at that address ...etc. Way more than enough to get a identity thief well on the road to potentially making a killing.

Theft from a distance is on the rise. Recent US figures for instance indicate 17 million cases of identify theft (from across a 325 million population) in 2017 of which 60% were malicious (i.e. include online shopping and payment account fraud, email and social media fraud, and medical services, insurance and securities account fraud, and other identity theft). A record high, that follows prior years record highs. 1 in 20 could relatively quickly rise to 1 in 10. More so when you see a general sense of how many are so casual.

_________________
( ͡° ͜ʖ ͡°) :wq
Back to top
View user's profile Send private message 
rufwoof

Joined: 24 Feb 2014
Posts: 2625

PostPosted: Sun 16 Sep 2018, 19:23    Post subject:  

clerk_gabel wrote:
rufwoof - thank you for insight.I believe I understand what you say, that flushing the operating system when rebooting will keep it pristine, and documents are recommended to be stored externally. In that way Puppy probably is a horse head in front when it comes to security, compared to other operating systems, and might well be the future.

Hi Clerk. OpenBSD --current has a fresh version most days and is what many OBSD users track. 9MB bsd.rd file that you download to / (of a existing OBSD installation) and then boot (enter bsd.rd at the boot prompt). That pulls everything down over the net and installs in around 4 or 5 minutes on a modest speed link. Textual based install process, mostly just pressing ENTER. cwm is a popular window manger with OBSD users. No window titles, all very bland to look at, but very functional (once you get over the initial learning curve of a limited number of key bindings such as alt-? and type the first 2 or 3 characters of a program name to identify it, and press Enter to launch it; ctrl-alt-m to maximise a window; alt-tab to flip between windows; Alt left mouse to move a window, alt-middle mouse to resize a window). Well suited to predominately keyboard users (laptop), but with hot corners xlunch and skippy-xd it can be great for predominate mouse usage as well - gnome like. I have a script that I run at first boot after updating to the latest snapshot, which pushes the full install time up to around 8 minutes in total (but after launching that you can go off and make a cup of tea i.e. it pulls down a browser ...etc. and come back to a ready to go desktop (with all my personalisations/customisations etc.)

OBSD is one of the more secure choices, and you can keep current relatively easily as and whenever you desire or feel appropriate. Focuses you on activities rather than cosmetics. Not clean at every reboot, but breaking in in any meaningful way (root) is very difficult. The security is quite intense and as a whole i.e. no separate kernel as per Linux, but a complete OS that is all security audited as a whole (and that includes their own version of X, randomisation of kernel, inodes, PID's etc. and swap is sliced up and encrypted. Pledge monitors programs (stay within what they're expected to do/use), Unveil monitors disk usage. W^X (write xor execute - so hackers can't write to a memory area that can also be executed) ..etc. etc.).

Quote:
Advantages of a full install is of course storage capacity, preserving browser updates and the boot up time. It is convenient with a fast boot when receiving a phone call and having to verify a booking number

I'd just use the phone in such cases. The phone is also handy for the likes of google dictate for the initial creation of lengthier documents. Talk them out on the phone, copy across to your desktop to textually edit. My setup is that my data server is isolated but reverse sshfs's into my desktop system to expose a single folder for the desktop to use. I also have a sshfs session to my phone. That all connects/mounts automatically. So my setup is primarily just OpenBSD base system + browser + sshfs-fuse packages - and that generally serves most of my needs. When I do want something more specialist I tend to just pkg_add install it ... use it and pkg_delete it again afterwards.

_________________
( ͡° ͜ʖ ͡°) :wq
Back to top
View user's profile Send private message 
clerk_gabel

Joined: 29 Aug 2018
Posts: 20
Location: norway

PostPosted: Tue 18 Sep 2018, 00:19    Post subject:  

rufwoof - I have printed out your advice and will read them in detail later, as your thoughts and solutions on cybersecurity are inspiring but hard to understand.
I somehow connect openBSD with OS/2 and thought both systems had their prime a long time ago, but it is clearly a nice idea using not so well known tools and weapons in a defensive strategy. Society are probably entering an unknown territory of digital change where your experiences and ideas is an asset and probably should be considered not only by institutions but also by the "end user".
For practical purposes most use computers working in a more or less standardised way, and the weakest link in the chain is still the human factor. Thank you for reply, and good luck in further explorations in cybersecurity. Cool
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 1 of 1 [7 Posts]  
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » House Training » HOWTO ( Solutions )
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.1568s ][ Queries: 13 (0.0150s) ][ GZIP on ]