(OLD) (ARCHIVED) Puppy Linux Discussion Forum

[EBored]

I use bionic Puppy now.

Why puli is more hight secure ?
More secure for open banking, financial activity?
Secure, privacy - live usb/dvd lite distro ?
Level of intruders - sociopaths, criminal groups, surveillance of finances and sensitive target data.

How to prepare step by step ?


More details:
https://www.business-reporter.co.uk/2020/06/02/open-banking-and-the-need-for-a-new-approach-to-fraud-prevention/#gsc.tab=0

Open Banking ecosystem
https://www.forgerock.com/about-us/press-releases/forgerock-first-achieve-conformance-fapi-standard-open-banking-extends

Sandbox for Open Banking
https://www.linux.org/threads/sandboxing-with-firejail.27106/

Financial-grade API (FAPI) is an industry-led specification of JSON data schemas, security and privacy protocols to support use cases for commercial and investment banking accounts as well as insurance and credit card accounts. FinTech developers
https://fapi.openid.net

[musher0]

Solve the problem: pay cash!!!!

[EBored]

How use in puli distro ?
http://distro.ibiblio.org/fatdog/web/faqs/sandbox.html

[mikeslr]

Hi EBored,

Have you personally setup and run puli? read its thread? or preferably both? You should.

In answer to all your questions. Like all Puppies, Puli boots from all READ-ONLY files, with the exception of its analog to a SaveFile. What you can do with Puli is to boot into it from a USB-Key, then REMOVE THE KEY and still run every application which was loaded on bootup. The applications it uses are READ-ONLY SFSes, AppImages and debs-and-pets-which-are-only-installed-from-their-READ-ONLY packages on bootup. It's pretty hard to compromise Read-ONLY files. It's impossible to compromise them when they aren't even there.

You can setup most recent Puppies to do most of the above. Look for nic007's Utility Suite, one of whose components converts a SaveFile or SaveFolder to an adrv.sfs or a ydrv.sfs.

Two things distinguish Puli. The first is that you can not run Puli's equivalent of a Save (to preserve data or application settings) while connected to the internet. Your internet connect is automatically broken as soon as you initiate a Save routine, before anything is written to your storage medium. But more importantly, Puli always runs an intruder detection application. As I recall, there are 4 choices on how intruders are dealt with if detected, each choice having some advantages. My understanding is that under Puli's latest iteration, you can change the choice 'on the fly', i.e, without having to reboot. Obviously, if you are aware that an intrusion has taken place you would decline to Save anything. Puli also provides a way not to load its "SaveFile" analog if you think may have been compromised; and a way to delete it. Like running from a Multi-session CD, you can choose to use a prior "Save" or non at all.

In addition to its own versions of Web-browsers, Puli can use Mike Walsh's Google-Chrome SFS* (not the Chrome portable) and the Firefox Quantum pet. Both of these can be set up NOT ONLY to 'run-as-spot' but to actually honor the limitations Spot is supposed to work with: NOTHING CAN BE DOWNLOADED EXCEPT INTO THE SPOT FOLDER and Web-browsers so configured can not, themselves, access any folder other than their own Spot folder. Obviously, you can thoroughly examine the contents of Spot's Download folder and delete anything from that folder before moving anything out of that folder. On Shut-down/Reboot, the contents of Spot's Download Folder under Puli is wiped.

Additionally, Puli makes available a firejail. While I can attest to the efficacy of its other mechanism, I know nothing about how to setup, use or test firejail. But even without that, I can not think of any way Puli, properly setup and run, can be compromised.

* Mike no longer published updated versions. But I provided instructions on its thread on how to update his last version.