Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Sat 20 Apr 2019, 02:37
All times are UTC - 4
 Forum index » Off-Topic Area » Security
Self-introduction / security of this forum itself
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 2 [24 Posts]   Goto page: 1, 2 Next
Author Message
night flight

Joined: 19 Feb 2019
Posts: 10
Location: Northern Germany

PostPosted: Tue 19 Feb 2019, 17:20    Post subject:  Self-introduction / security of this forum itself
Subject description: no SSL certificate? my password plain text over the net?
 

Hello world,

I am Tobias from Germany. Still I am 56 years old.

More than a year ago I decided not to switch to Windows 10. You only need to read the Wikipedia entry about Windows 10. I'm not a sheep, am I? (Well, as a Microsoft Windows user I always have been a sheep. Mööh!)

I've been interested in Linux for a very long time, but I always thougth it was a secret science.

distrochooser.de helped me to decide and to find what kind of Linux fits for me. I like(d) the idea to use hardware ten years old and it all works. I don't need all of that newfangled stuff. Not at all.

Consequently, Puppy Linux is made for me.

Pen Drive Linux was my escape agent! An extremely useful software to "defect" from Microsoft Windows to Linux. It was so easy. And I also found my way around Puppy Linux immediately. Some things were familiar, some other ones I learned quickly and gladly. Under Microsoft Windows the command line is not for "housewives", under Linux soon it is your friend. As some German car advertising said many years ago: "Reduce to the max".

It took months to set up the software equipment under Linux (by the way, Slacko 5.7, 32 Bit) that I was used to from Microsoft Windows.

I'm still learning a lot everyday. It is very fascinating. Linux gives me the feeling that I can always choose myself, not just as a sheep running along on rails. Together with many millions of other sheep.

So I registered in this forum. I belong here. Over the past few months I have sought a lot of advice here, now I hope I can give more and more back.

It's all emotional. With Microsoft Windows there is no such thing. It is a correct operating system. Absolutely no more than that.

Now, what does the headline mean?

Maybe here in Germany we are very crazy about privacy. So I wondered how this forum (especially including the registration process) seems to run completely unprotected. My password was transmitted in plain text over the net. It's like having unprotected sex with an unknown person. May be fun, may destroy you as well.

I thought Linux people are particularly aware of this all.

So only my love for Puppy Linux and for this forum made me so reckless!

If you want me to donate you a certificate, let me know.

Last edited by night flight on Tue 26 Feb 2019, 16:40; edited 1 time in total
Back to top
View user's profile Send private message 
Galbi


Joined: 21 Sep 2011
Posts: 1077
Location: Bs.As. - Argentina.

PostPosted: Tue 19 Feb 2019, 19:17    Post subject:  

Hi Tobias, wellcome to the forums.

Nice words, they reflect exactly what we all have felt since using Linux, specially Puppy.

Why so crazy about privacy?
Are you going to tell me that someone has been spying, let's say, Frau Angela?

Mr. Green

Saludos.

_________________
Remember: "pecunia pecuniam parere non potest"
Back to top
View user's profile Send private message 
musher0

Joined: 04 Jan 2009
Posts: 13916
Location: Gatineau (Qc), Canada

PostPosted: Tue 19 Feb 2019, 19:22    Post subject:  

Hi Tobias.

Welcome aboard.

The reason this forum is so insecure, is that the whole gang here, we are
reckless risk-takers! Laughing

New to Linux and PuppyLinux, eh? It just looks insecure: Linux users do
not need as much "armor" as WhineDose users. You'll get used to it.

BFN.

_________________
musher0
~~~~~~~~~~
Je suis né pour aimer et non pas pour haïr. (Sophocle) /
I was born to love and not to hate. (Sophocles)
Back to top
View user's profile Send private message 
bigpup


Joined: 11 Oct 2009
Posts: 12016
Location: S.C. USA

PostPosted: Tue 19 Feb 2019, 20:18    Post subject:  

We the users of this forum have no control over how it operates.

We have raised the issue of making this a https web site.
The person that provides this forum is the one to change it.
He is paying for it!

So far no action has been done by him.

Basically, it is what it is. Rolling Eyes

I gues someone could get your log in password and log in as you.
But they could also just as easily make there own login.
Ha, that is my real name bigpup!

_________________
The things they do not tell you, are usually the clue to solving the problem.
When I was a kid I wanted to be older.... This is not what I expected Shocked
YaPI(any iso installer) http://www.murga-linux.com/puppy/viewtopic.php?t=107601
Back to top
View user's profile Send private message 
rufwoof

Joined: 24 Feb 2014
Posts: 2995

PostPosted: Tue 19 Feb 2019, 22:14    Post subject:  

Puppy running the browser as spot is as good as pointless. Running as a restricted userid has many holes through which a attacker can elevate to root. A single compromised system on a LAN jeopardises the entire LAN. Hosts can be attacked and the entire user/password database extracted. Much of security is a illusion (and governments like the weaknesses also).

For what matters, online banking etc. being able to boot a known clean system, as though just newly installed and configured, to then go directly to your banks web site with a clean browser, nowhere else before or after ... is about the best you can do. For most systems, installing freshly etc. is a lengthy process, with Puppy resetting to a clean setup can be very quick (typically the time it takes to reboot).

For other things, just accept that browsing around from your home 'secure' system is no more secure than if you were using a public library PC to do the same. For casual online spending (buying using a card), use a pre-paid card topped up to relatively small amounts, so if compromised the financial loss is relatively small and just accept that the world we live in has your personal details in effect being exchanged for 'free services', advertisers pay for the 'net', governments hate not being able to monitor. For a banking site, yes you want encryption between you and them. For posting/reading a public forum ... encryption is pretty much irrelevant.

If are concerned about security, then you should be doing many things, that most don't bother with. As just one example - something like the following (which assumes cwm window manager is installed (nice as it has no titles/tray etc) and you're running portable firefox (that is started with a ff script))...
Code:
Xephyr :1 -fullscreen -title FireFox -br -nolisten tcp -nolisten local &
sleep 3
DISPLAY=:1 cwm &
DISPLAY=:1 unshare -m capsh --drop=cap_sys_admin,cap_sys_boot,
cap_sys_chroot,cap_sys_ptrace,cap_sys_time,cap_sys_tty_config,
cap_chown,cap_kill,cap_dac_override,cap_dac_read_search,cap_fowner,
cap_setfcap,cap_setpcap,cap_net_admin,cap_mknod,cap_sys_module,
cap_sys_nice,cap_sys_resource -- ff

Capabilities names tend to vary, so you'd have to run capsh --print to see what names are allocated under your system. If you're not applying something like the above additional security measures then worrying about the forum having no encryption is just focusing upon one hole of many holes.

_________________
( ͡° ͜ʖ ͡°) :wq
Back to top
View user's profile Send private message 
rokytnji

Joined: 20 Jan 2009
Posts: 2288

PostPosted: Wed 20 Feb 2019, 17:32    Post subject:  

Plus being lucky enough once by wordpress to lock me out of a forum I admin at because some of my passwords were old and hacked on a few sites.

All I had to dig me out of a hole was find the sites hacked

https://haveibeenpwned.com/

Change some passwords. Move on with life. I have not logged in here in while and posted.
I be not afeared of lack of padlock.

Plus:

Down on the Mexcan border here. Very Happy

We don't need no stinking badges.
Back to top
View user's profile Send private message 
rufwoof

Joined: 24 Feb 2014
Posts: 2995

PostPosted: Wed 20 Feb 2019, 19:46    Post subject:  

Smile
s.png
 Description   
 Filesize   49.78 KB
 Viewed   365 Time(s)

s.png


_________________
( ͡° ͜ʖ ͡°) :wq
Back to top
View user's profile Send private message 
night flight

Joined: 19 Feb 2019
Posts: 10
Location: Northern Germany

PostPosted: Sat 23 Feb 2019, 06:31    Post subject:  

A thousand thanks for the warm welcome from all over the world. This is really a great community. The dangers I've written about can't spread from this forum to other areas of mine (but I shouldn't use passwords more than once…). So I will join your carelessness, because I want to be part of the gang. But with the German point of view I will come back again sometimes Wink
_________________
I use a Lenovo IdeaPad S10-2, built in 2009. I love it. My Slacko 5.7 (32 Bit) is on a 10 GB SD Card. So I can boot it everywhere (Smartphones excluded Razz ).
Back to top
View user's profile Send private message 
tallboy


Joined: 21 Sep 2010
Posts: 1281
Location: Oslo, Norway

PostPosted: Sun 24 Feb 2019, 00:12    Post subject:  

The best thing is still to keep your secrets to yourself, and not using the forum as a diary! Laughing
bigpup wrote:
The person that provides this forum is the one to change it.
He is paying for it!

That person is John Murga, and his extremely impressive CV can tell us, that he has probably forgotten more about programming and computers than our combined brains can remember! So relax, this forum is in good hands! Very Happy

_________________
True freedom is a live Puppy on a multisession CD/DVD.
Back to top
View user's profile Send private message 
MrDuckGuy


Joined: 31 Jan 2019
Posts: 100
Location: Hermosa Beach, CA, USA

PostPosted: Tue 26 Feb 2019, 17:43    Post subject:  Self-introduction / security of this forum itself
Subject description: My Account is Locked - Email to Sysop Ignored
 

bigpup wrote:
The person ... John Murga, and ... this forum is in good hands! Very Happy
Shocked I tried to change my email address on my logon profile, the system froze, I got locked out of the account, and emailed the sysop - no answer to that email and another email to what I could gather was one of the administrators.

I had to create an entirely fresh account. How's THAT for security? Laughing B'H.
Back to top
View user's profile Send private message 
Makoto


Joined: 03 Sep 2009
Posts: 2185
Location: Out wandering... maybe.

PostPosted: Tue 26 Feb 2019, 22:51    Post subject:  

Which administrator did you PM? Your best bet would be Flash, as he's more likely to see it at some point throughout the day.
_________________
[ Puppy 4.3.1 JP, Frugal install | 1GB RAM | 1.3GB swap ] * [ Puppy Precise 5.7.1 JP, Frugal install ] * [XenialPup 64 7.5, Frugal install]
In memory of our beloved American Eskimo puppy (1995-2010) and black Lab puppy (1997-2011).
Back to top
View user's profile Send private message 
MrDuckGuy


Joined: 31 Jan 2019
Posts: 100
Location: Hermosa Beach, CA, USA

PostPosted: Wed 27 Feb 2019, 00:20    Post subject:  Self-introduction / security of this forum itself
Subject description: My Account is Locked - Email to Sysop Ignored
 

Makoto wrote:
Which administrator did you PM? ...
John Murga, ttuuxxx, and MarkUlrich. No answers from any of these after over three weeks, so I'm a bit demoralized.
Quote:
... best bet would be Flash, as he's more likely to see it ...
Thanks for the reply. I don't have the email address. I don't think the forum actually has contact info for any of the sysops set out in one page. I could be wrong though.

Kelikaku B'H.
Back to top
View user's profile Send private message 
Makoto


Joined: 03 Sep 2009
Posts: 2185
Location: Out wandering... maybe.

PostPosted: Wed 27 Feb 2019, 01:40    Post subject:  

(Note: Taken to PM.)
_________________
[ Puppy 4.3.1 JP, Frugal install | 1GB RAM | 1.3GB swap ] * [ Puppy Precise 5.7.1 JP, Frugal install ] * [XenialPup 64 7.5, Frugal install]
In memory of our beloved American Eskimo puppy (1995-2010) and black Lab puppy (1997-2011).
Back to top
View user's profile Send private message 
bigpup


Joined: 11 Oct 2009
Posts: 12016
Location: S.C. USA

PostPosted: Wed 27 Feb 2019, 07:29    Post subject:  

Anyone that is a registered member of this forum can be sent a private message(PM).
That is the best way to contact anyone.

Flash is the best person to contact if there is any problems with the forum.

At top of forum page is memberlist.
Click on that to go to a list of members.

Flash is #9 on the list.
Click on PM by his name.
That will open a PM input to be able to post a PM to him.

_________________
The things they do not tell you, are usually the clue to solving the problem.
When I was a kid I wanted to be older.... This is not what I expected Shocked
YaPI(any iso installer) http://www.murga-linux.com/puppy/viewtopic.php?t=107601
Back to top
View user's profile Send private message 
Flash
Official Dog Handler


Joined: 04 May 2005
Posts: 13207
Location: Arizona USA

PostPosted: Wed 27 Feb 2019, 09:45    Post subject:  

Well, if he couldn't log into the forum he couldn't send me a PM. And I don't make my email address public, so he couldn't send me an email.

It seems that if you change your email address, either the forum doesn't send a confirmation email or sends it to your old email address. Possibly the email gets put in a spam folder. I have no way of finding out what happens. At any rate, I've received lots of requests for help from forum members who send me PMs about others who have changed their email address but never got a confirmation email from the forum and so couldn't log into the forum.

What happens is, if you change your email address, the forum deactivates your account until it receives the confirmation reply from you. If you never get the email the forum is supposed to send, that can't happen.

All I can suggest is, if you plan to change your email address, try to send me a PM before you do it, so I can reactivate your account after the forum deactivates it.
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 1 of 2 [24 Posts]   Goto page: 1, 2 Next
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Off-Topic Area » Security
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0652s ][ Queries: 13 (0.0124s) ][ GZIP on ]