What makes Linux safer than Windows?

For discussions about security.
Message
Author
User avatar
Pizzasgood
Posts: 6183
Joined: Wed 04 May 2005, 20:28
Location: Knoxville, TN, USA

#61 Post by Pizzasgood »

I'd be delighted if proper multi-user support got put back into Puppy.
I agree, which is why I did it - for 4.2.1 anyway. And I documented the process to the best of my ability so that if/when Puppy decides to adopt it they won't have to figure as much out on their own.
http://www.murga-linux.com/puppy/viewtopic.php?t=47409

The average paranoid user doesn't really need it, but proper multiuser support would allow Puppy to spread into other niches. Even just being used as a family PC. Sure, Puppy can do the multiple save file deal, which is nice, but that doesn't stop Jr. from deleting the savefile itself, or reformatting the harddrive.

Limited accounts would at least make it more difficult. He could still try booting from a live CD, and if you disable that he could try resetting the bios, or just pulling the drive and mounting it from another machine - but he would have to be very intentionally malicious to do those things. If he's just cranky or an idiot, limited permissions will stop him.



I have to admit, I'm pretty used to root. And for good reason, because during the beginning I spent large amounts of my time screwing around with Puppy's boot scripts, installing stuff, deleting things, etc. Running as other than root would have been impractical.

I haven't been doing anywhere near as much of that lately though, other than recently as I have been working on making my own distro. But when not doing that, I've mostly been working on applications and utilities, and less of the core systems type stuff. So now it would be possible for me to be a user on a regular basis.

When I get CheesyRamHog usable enough, I intend to do that. I need to get used to not being root, because one of the career paths I may wind up following is being a sysadmin. Like DMcCunney's friend found out, bad habits can get you into trouble.


Puppy at least has a firewall that I can activate in set up while neither Elive nor Antix had such and the one in ubuntu and Mint I totally failed to understand if it was active or not.
Linux basically has one firewall program. IPtables. There are many frontends that you use to configure it, but they all do the same thing.

To see what is currently configured, on any modern Linux, you just run iptables -v -L and it will output the configuration to the terminal. Understanding what it means is another thing, but you can at least see that something is set up. If nothing is configured, it will look about like this:

Code: Select all

# iptables -v -L
Chain INPUT (policy ACCEPT 2 packets, 252 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 2 packets, 252 bytes)
 pkts bytes target     prot opt in     out     source               destination 
If you get anything more complex than that, you probably have the firewall enabled.

As long as the particular firewall configuration doesn't rely on some weird module that the average kernel doesn't have enabled, it can be used on nearly any modern distro (has to support iptables at least). You can use iptables-save > firewall_file to save it to "firewall_file", and then drop that into the other distro and run iptables-restore < firewall_file to restore it. Of course, you would probably need to configure the new distro to re-use that same firewall each boot. How you do that is a function of the distro, but the support people for whichever distro would probably be able to help you.
[size=75]Between depriving a man of one hour from his life and depriving him of his life there exists only a difference of degree. --Muad'Dib[/size]
[img]http://www.browserloadofcoolness.com/sig.png[/img]

nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#62 Post by nooby »

Pizzasgood , I intended to thank Dennis and tell him to search for the member of this forum that there existed a description of how to implement it even in Puppy.

But I had forgotten that it was you who had a thread about it.

Very good you helped me out by reminding us about it.

Thanks for the description of the iptables. You are right that is how it looks in ubuntu, antiX and Debian Elive by default.

Not activated. Puppy after activation has Drop in the first one but accept in the other two.

That is as good as the default Windows XP and Vista and Win7 also have it.

should not Puppy be better than M$ :)

I am too much of a computer idiot to be able to set it up though. I tested the GUI of SuperOS (Ubuntu) and Linux Mint and Debian Elive and I did not understand if I was protected or not when I clicked on Deny.

did I deny any entry from outside or did I deny the firewall to be activated? Nothing explained it unless one is clever enough to think like the GUI developers way of thinking.

I am very spoiled by Puppy by being root. when I try out Debian or Ubuntu or some other distro I get stuck instantly by not being able even to mount my HDD to get to the text files I need to remember commands to use. Hahah

I wish Puppy to become the most attractive breed of distros there is. To at least being able to chose is better than to not chose.

At install one could be asked. Do you want to be an ordinary user like most Linux Distros are set up or do you want the freedom of being in complete control over everything but on your own risk? Yes protect me 1. or Yeah I am adventures or trust myself enough to be a 2.
I use Google Search on Puppy Forum
not an ideal solution though

User avatar
RetroTechGuy
Posts: 2947
Joined: Tue 15 Dec 2009, 17:20
Location: USA

#63 Post by RetroTechGuy »

DMcCunney wrote: I run Ubuntu as well as Puppy. Ubuntu is like any other mainstream distro. By default, you log on as an ordinary user. If you need to perform administrative tasks, you temporarily acquire administrative powers with su or sudo. I could set that up to always run as root, but don't. (I did create a separate password for root to enable me to run as root in another virtual console, but seldom use it.)
When testing software on such a system, I typically open a console window and do a normal login as root. Then with both the the user (me) and root (also me) logged in, I can test that "user" can see and run the programs installed. If not, root can tinker with things and try again.

But if you are truly the only user, that becomes fairly redundant (and occasionally tedious).
Fortunately, he was able to recover because the customer had made a complete backup just before he arrived to do his work.
This is a key point. Having a recent backup. You should do the same with Puppy, particularly before installing new software.

The really nice thing about Puppy, in frugal mode, is that it is incredibly easy to make a backup of the system (just copy the unmounted pupsave file). And it's so small, that it is also trivial.

Note also that making a "multi-user" machine isn't hard, with Puppy (I emphasize machine, as most don't care if it's an multi-user OS). Just copy your boilerplate pupsave over to a new username, and they then have their own system. Yeah, so you'll have to spend a few seconds performing a reboot to change users. Puppy is small enough that there isn't a real reason to leave it running when not in use, so the most likely scenario is that the user comes to the machine in the "off" state, and boots normally. Otherwise the 1st user will have to shut down, and the second reboot. No big deal.

DMcCunney
Posts: 889
Joined: Tue 03 Feb 2009, 00:45

#64 Post by DMcCunney »

jamesbond wrote:Thank you Dennis.
You're quite welcome.
Your posts are very clear, helpful, refreshing and educational. You give the context, and also the reasons in which running as root is a bad idea - this is in contrast to others who just say "because it's the best practice".
Hopefully wIth your posts and the Fear Not Root link, people running single-user desktop linux can then see whether or not these reasons apply them, and what additional security gains they get by running as non-root (and thus, whether root-vs-non-root is worthy of a heated debate).
I'm in the "don't run as root unless you must" camp, but I have a different perspective because I where I come from.

I first heard about Unix when the system I dealt with was an IBM mainframe, and Unix was AT&T Version 6, the first to see usage outside of AT&T. Single-user Unix systems effectively didn't exist, and installations were all multi-user.

My first "home computer" was a single-user Unix workstation. In the mid-80's, AT&T was still in the computer business, and issued the UNIX-PC and the 3b1. (I have a 3b1.) Both were attempts to compete with the IBM PC on the corporate desktop. They had a 10mhz 32 bit Motorola 68010 CPU (the first of that line with hardware memory management), a bit mapped GUI console, and would boot and run a port of AT&T System V Release 2 and perform useful work with acceptable performance in one megabyte of RAM. (Yes, you read that right. One megabyte, not one gigabyte.) Give it more RAM and it flew. (A client back then used a 3b1 with 3MB of RAM to support four simultaneous users and a printer, running a custom database application for distribution management. Users connected via dumb terminals using a character mode interface. Worked fine.)

The UNIX-PC had a root ID, but it wasn't what you normally used. You logged in as a normal user, and became root only as required to do system maintenance.

Most of the systems I've dealt with over 20+ years were multi-user, with many users on and working simultaneously.

So "Don't run as root unless you have to" is a conditioned reflex, acquired in the days when casually running as root was a Very Bad Idea indeed.

There are places where it is the norm, but they tend to be specialized. For example, my recently deceased Linksys WRT54G router used a Linux 2.4 kernel and Busybox. You never saw Linux if you used the stock firmware, because you dealt with an HTML based GUI that let you configure the router. But because it was Linux based, it was open source, and various developers grabbed the source and hacked, producing an assortment of replacement firmware. I ran one called Tomato, and I could telnet or ssh to the router and get a command line. (My SO was bemused to see me running vi on the router to edit scripts.) I was logged on as root because multiple users made no sense in that context. It was an embedded application with a specific purpose, and not a general usage device.

As mentioned, Puppy gets away with always running as root because it's explicitly a single user system, and I recall seeing a post stating Barry was originally working to create an embeddable distro, similar to the Linux implementation. It's no worse than MS-DOS or earlier versions of Windows which also assumed the logged on user was he administrator with all powers to change the system.

But systems where you can have other users can be useful.

For instance, back in the MS-DOS days, I ran the MKS Toolkit. The Toolkit was a collection of DOS versions of all of the standard Unix utilities that made sense in a single-user, single-tasking environment, including a very complete implementation of the Korn shell that had everything except asynchronous sub-processes (because DOS was single-tasking, and didn't do sub-processes.)

If you installed in full Unix compatibility mode, the Toolkit replaced COMMAND.COM as the boot shell with INIT.EXE. Boot, and init would run, and print a Login: message on your screen. Enter an ID and optional password, and init called login, which checked the ID you entered against an /etc/passwd file. If it found a match, it changed to whatever directory was specified as that ID's home diorectory, and ran whatever was specified as that ID's shell. Exit the shell you were logged into, and init regained control and put up another Login: message.

I found this incredibly useful. I could change environments without rebooting. Stuff common to all IDs, like mouse, ramdisk, and disk cache drivers got loaded in CONFIG.SYS. Everything else happened at the ID level.

I had IDs to run vanilla COMMAND.COM, the shareware 4DOS command com replacement, the MKS Korn shell for a Unix like environment, and the DesqView mulit-tasking environment. I could switch without rebooting - just log off and log back on with the right ID.

The setup stayed in place when Win 3.1 came around. In Win 3.1, the default "shell" was Program Manager, but an assortment of replacements existed. I used custom IDs handled by init, which modified the Windows SYSTEM.INI file to point to the shell I wanted to use before calling Windows. When Win95 hit the streets, switching was painless for my SO, because I normally used a replacement shell that already had the stuff Win95 brought to the table, like desktop icons.

If I have the option on a *nix system, I often create custom IDs intended for specific purposes, with a login profile and environment designed around that purpose. Switching is a matter of logging off and logging on again with a different ID.

I'd love to do that in Puppy, but can't, because Puppy doesn't support it. Someday...
______
Dennis

DMcCunney
Posts: 889
Joined: Tue 03 Feb 2009, 00:45

#65 Post by DMcCunney »

RetroTechGuy wrote:
DMcCunney wrote:I run Ubuntu as well as Puppy. Ubuntu is like any other mainstream distro. By default, you log on as an ordinary user. If you need to perform administrative tasks, you temporarily acquire administrative powers with su or sudo. I could set that up to always run as root, but don't. (I did create a separate password for root to enable me to run as root in another virtual console, but seldom use it.)
When testing software on such a system, I typically open a console window and do a normal login as root. Then with both the the user (me) and root (also me) logged in, I can test that "user" can see and run the programs installed. If not, root can tinker with things and try again.

But if you are truly the only user, that becomes fairly redundant (and occasionally tedious).
It's not redundant at all if you normally run as a regular user. I usually log on twice in different virtual consoles: once as root, and once as the user, and can hop back and forth with Ctrl-Alt-<number> to switch between them (and if necessary, killed the normal user login from root.)

Tedious? Maybe. But testing is by nature somewhat tedious.
Fortunately, he was able to recover because the customer had made a complete backup just before he arrived to do his work.
This is a key point. Having a recent backup. You should do the same with Puppy, particularly before installing new software.
The customer was a doctor's office, and the system he wiped contained patient records. The consequences if the customer hadn't had an up-to-the-minute backup don't bear thinking on. I suspect the employer we worked for would have been put out of business by the resulting lawsuit.
The really nice thing about Puppy, in frugal mode, is that it is incredibly easy to make a backup of the system (just copy the unmounted pupsave file). And it's so small, that it is also trivial.

Note also that making a "multi-user" machine isn't hard, with Puppy (I emphasize machine, as most don't care if it's an multi-user OS). Just copy your boilerplate pupsave over to a new username, and they then have their own system. Yeah, so you'll have to spend a few seconds performing a reboot to change users. Puppy is small enough that there isn't a real reason to leave it running when not in use, so the most likely scenario is that the user comes to the machine in the "off" state, and boots normally. Otherwise the 1st user will have to shut down, and the second reboot. No big deal.
I don't use frugal installs, so that's not applicable here. With proper multi-user support, using a different ID is a matter of log off, and log back on as the different ID. No reboot is required.
______
Dennis

FlyingRedGoat
Posts: 47
Joined: Tue 24 Mar 2009, 11:41

#66 Post by FlyingRedGoat »

Sigged
Lobster wrote:
Read this: Fear Not Root, and tell us what you think.
I thought reading this was preferable to running around like a headless penguin
exclaiming, 'Beware the root'. :roll:
Dennis makes many similar points about the difference between Linux on a corporate network and individual Puppy and Linux desktop computers.

A reminder of the simple Puppy Growl security program:
http://murga-linux.com/puppy/viewtopic. ... 216#335216

User avatar
nubc
Posts: 2062
Joined: Tue 23 Jan 2007, 18:41
Location: USA

#67 Post by nubc »

Hacker exploits IE8 on Windows 7 to win Pwn2Own contest

Question: Is it harder to find exploits for Linux or a non commercial operating system, [which] has no interest for exploit hunters?

Charlie Miller: No, Linux is no harder, in fact probably easier, although some of this is dependent on the particular flavor of Linux you’re talking about. The organizers don’t choose to use Linux because not that many people use it on the desktop. The other thing is, the vulnerabilities are in the browsers, and mostly, the same browsers that run on Linux, run on Windows.

http://www.oneitsecurity.it/01/03/2010/ ... r-pwn2own/

User avatar
RetroTechGuy
Posts: 2947
Joined: Tue 15 Dec 2009, 17:20
Location: USA

#68 Post by RetroTechGuy »

DMcCunney wrote:
RetroTechGuy wrote:
DMcCunney wrote:I run Ubuntu as well as Puppy. Ubuntu is like any other mainstream distro. By default, you log on as an ordinary user. If you need to perform administrative tasks, you temporarily acquire administrative powers with su or sudo. I could set that up to always run as root, but don't. (I did create a separate password for root to enable me to run as root in another virtual console, but seldom use it.)
When testing software on such a system, I typically open a console window and do a normal login as root. Then with both the the user (me) and root (also me) logged in, I can test that "user" can see and run the programs installed. If not, root can tinker with things and try again.

But if you are truly the only user, that becomes fairly redundant (and occasionally tedious).
It's not redundant at all if you normally run as a regular user.
The problem that usually arises that root has permission to run, or reach directories, that the user doesn't. And if you are the only user...
I usually log on twice in different virtual consoles: once as root, and once as the user, and can hop back and forth with Ctrl-Alt-<number> to switch between them (and if necessary, killed the normal user login from root.)
Exactly. Though in my day, Alt-F<1-6> was sufficient ;)

(I often didn't run X at all, spent most of my time on the command-line -- so you only needed the Ctrl key to escape the graphical window).
Fortunately, he was able to recover because the customer had made a complete backup just before he arrived to do his work.
This is a key point. Having a recent backup. You should do the same with Puppy, particularly before installing new software.
The customer was a doctor's office, and the system he wiped contained patient records. The consequences if the customer hadn't had an up-to-the-minute backup don't bear thinking on. I suspect the employer we worked for would have been put out of business by the resulting lawsuit.
That would have been bad. I typically do a full system backup before messing with a system (a disk clone is fairly quick -- in such a case, I would carry a spare drive just for that purpose).
The really nice thing about Puppy, in frugal mode, is that it is incredibly easy to make a backup of the system (just copy the unmounted pupsave file). And it's so small, that it is also trivial.

Note also that making a "multi-user" machine isn't hard, with Puppy (I emphasize machine, as most don't care if it's an multi-user OS). Just copy your boilerplate pupsave over to a new username, and they then have their own system. Yeah, so you'll have to spend a few seconds performing a reboot to change users. Puppy is small enough that there isn't a real reason to leave it running when not in use, so the most likely scenario is that the user comes to the machine in the "off" state, and boots normally. Otherwise the 1st user will have to shut down, and the second reboot. No big deal.
I don't use frugal installs, so that's not applicable here. With proper multi-user support, using a different ID is a matter of log off, and log back on as the different ID. No reboot is required.
______
Dennis
There are already multi-user systems. I'm rather afraid that if Puppy goes too far that direction, that it will gain "substantial weight" in the process.

And that change should be weighed against the benefit/gain. Given that the pupsave has minimal" heft", the argument against storing duplicate systems is rather moot.

However, in your full install version, that's a different issue -- I don't know how to address that. Maybe the full install process should by default set up a multi-user system.

Do you actually have more than one physical user on your computer system?

I personally think that Puppy is currently kinda at the limit for heft, for the target market. That is, machines that will run Win98 acceptably, seem to struggle slightly under Puppy -- I can fairly comfortably run Win98 on a machine with 128MB, and quite easily with 256MB -- Puppy tends to be sufficiently memory intensive, that I consider 256MB to be marginal (yes, I realize that there are folks here running on less than that).

If you have enormous computer horsepower, and want a multi-user system, I would ask why you're not running one of the big-boy systems (Ubuntu, Debian, Redhat, ...).

Yes, I realize that you are already running Ubuntu... What does Puppy provide, that Ubuntu doesn't? Do you want to replace your Ubuntu with Puppy?

DMcCunney
Posts: 889
Joined: Tue 03 Feb 2009, 00:45

#69 Post by DMcCunney »

RetroTechGuy wrote:
DMcCunney wrote:
RetroTechGuy wrote:When testing software on such a system, I typically open a console window and do a normal login as root. Then with both the the user (me) and root (also me) logged in, I can test that "user" can see and run the programs installed. If not, root can tinker with things and try again.

But if you are truly the only user, that becomes fairly redundant (and occasionally tedious).
It's not redundant at all if you normally run as a regular user.
The problem that usually arises that root has permission to run, or reach directories, that the user doesn't. And if you are the only user...
If I'm trying to make it work for a normal user, I can't blithely assume root powers will be available, and just giving up and running as root is a fail.
I usually log on twice in different virtual consoles: once as root, and once as the user, and can hop back and forth with Ctrl-Alt-<number> to switch between them (and if necessary, killed the normal user login from root.)
Exactly. Though in my day, Alt-F<1-6> was sufficient ;)

(I often didn't run X at all, spent most of my time on the command-line -- so you only needed the Ctrl key to escape the graphical window).
I often don't run X. And at a former employer, where the systems I administered supported hundreds of users, nobody ran X. Users came in through telnet over WAN links, and worked with character mode applications. I would occasionally use a GUI, but I put TightVNC server on the boxes, and used TightVNC client on my desktop. It worked fine, and saved me needing to install Hummingbird Exceed or the like.
The customer was a doctor's office, and the system he wiped contained patient records. The consequences if the customer hadn't had an up-to-the-minute backup don't bear thinking on. I suspect the employer we worked for would have been put out of business by the resulting lawsuit.
That would have been bad. I typically do a full system backup before messing with a system (a disk clone is fairly quick -- in such a case, I would carry a spare drive just for that purpose).
I mopped my brow in considerable relief. Though I was grimly amused by his tale of having to reload Unix from the distribution media, restore for the backup, then redo his changes, while trying to keep the customer's bright and inquisitive rep who was staring over his shoulder from realizing what he had done.

When he finished his tale, I just said "Now do you understand why I don't like you running as root all the time? Bet you'll never do that again, right?" :P
The really nice thing about Puppy, in frugal mode, is that it is incredibly easy to make a backup of the system (just copy the unmounted pupsave file). And it's so small, that it is also trivial.
Yes, that is an advantage.

Generally speaking, changes are confined to particular places, so I just make copies of the stuff that will be changed.
I don't use frugal installs, so that's not applicable here. With proper multi-user support, using a different ID is a matter of log off, and log back on as the different ID. No reboot is required.
There are already multi-user systems. I'm rather afraid that if Puppy goes too far that direction, that it will gain "substantial weight" in the process.
Hmmmm. Where do you think the weight will come from?

I think DSL and TinyCore are both multi-user systems that didn't rip out the infrastructure the way Puppy did, and both are a lot smaller than Puppy in ISO size. They may be smaller in resource requirements as well. (TinyCore claims it will run on an 8MB RAM machine. The lowest end Puppy install I know of is in 16MB RAM, and the user who created it had to actually build the Puppy image he would run on a bigger more powerful machine to be able to create it)

I'm not sure why a multi-user system should be inherently bigger and weightier. The underlying infrastructure that supports having more than one user is of negligible size in the context of the full ISO for the distro. Ripping it out won't save you all that much space.
And that change should be weighed against the benefit/gain. Given that the pupsave has minimal" heft", the argument against storing duplicate systems is rather moot.

However, in your full install version, that's a different issue -- I don't know how to address that. Maybe the full install process should by default set up a multi-user system.
If the support is there, it is a multi-user system. The question would be whether the user wanted to routinely run as root, or run as a normal user and use su, sudo, or log in as root on another console if admin powers were required.
Do you actually have more than one physical user on your computer system?
Yes, though seldom. My concern is simply that I normally want to run as an ordinary user. I don't always want to be root. Puppy does not (currently) give me that option.
I personally think that Puppy is currently kinda at the limit for heft, for the target market. That is, machines that will run Win98 acceptably, seem to struggle slightly under Puppy -- I can fairly comfortably run Win98 on a machine with 128MB, and quite easily with 256MB -- Puppy tends to be sufficiently memory intensive, that I consider 256MB to be marginal (yes, I realize that there are folks here running on less than that).
The question, of course, is "What is Puppy's target market?" I don't think there's really general agreement on that, though I think most Puppians will concur that it's a distro that at least started out targetting older, lower end hardware.
If you have enormous computer horsepower, and want a multi-user system, I would ask why you're not running one of the big-boy systems (Ubuntu, Debian, Redhat, ...).

Yes, I realize that you are already running Ubuntu... What does Puppy provide, that Ubuntu doesn't? Do you want to replace your Ubuntu with Puppy?
I have multiple systems. My desktop is a 2ghz Pentium box with 4GB of RAM and six physical hard drives with about 850GB of storage. It triple boots Win2K Pro SP4, Win XP Pro SP3, and Ubuntu 9.10 Gnome. The SO's laptop has a GB of RAM and a 40GB drive, and runs XP SP3. There's an old PPC Mac Pro under the desk which will at some point get Mac OS/X 10.2 or 10.3, and a Sun SunFire X100 currently running Solaris 9 that will at some point get Solaris 10. And there's a 1u Dell server running Windows 2003 server coming to me.

If I have the hardware, one of the "big boys" is what I run, witness Ubuntu on the desktop (which has run Red Hat in the past.)

The box that hosts Puppy is an old (2002) Fujitsu Lifebook, which has a Transmeta Crusoe 867mhz CPU, a 40GB UDMA 4 HD, and 256MB of RAM. I got Puppy as a result of looking for a distro that would run acceptably on it. The box was a gift from a friend who had upgraded, and came with Windows XP SP2... :P

It triple-boots Win2K Pro, Ubuntu 9.10, and Puppy 4.31, though there's a 2GB FAT partition that may get something like FreeDOS with Win98SE on top of it.

I originally installed Xubuntu alongside of Puppy and 2K. It installed without a hitch, and technically "ran", but was snail slow. Queries on the Ubuntu forums about tuning Ubuntu for lower end gear returned suggestions that too much Gnome had crept in, Xubuntu was no longer a truly lightweight distro, and I'd do better to install from the MinimalCD to get a bare bones CLI installation, then use apt-get to install just the parts I wanted. That worked, and I have a version of Ubuntu with the Xfce4 desktop (that I also use in Puppy) which performs acceptably. It's not as sprightly as Puppy, but it's usable.

The big limitation on the Puppy box is the UDMA 4 HD with 18MB/sec transfer rate. Large apps, like Firefox 3.6 or Open Office 3.2 may take 30 - 45 seconds to simply load. when I went to Puppy 4.31, I wiped and reformatted as ext4, which helped - I saw a 25% -30% improvement in I/O, though it's still not anything I'd call "fast".

But the Puppy box is in large part an experiment to see what performance I can wring out of limited hardware without spending money on it.

Personally, I see Puppy as a light-weight distro for lower end hardware. Some of the questions I see on the forums have me shaking my head in wonder. "If you have that kind of hardware, why do you want to run Puppy? Install a distro intended for Big Mutha systems. You'll be much happier..."
______
Dennis

nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#70 Post by nooby »

Suppose me now have tested some 20 to 25 different puppies in frugal install and I have activated the firewall on all of them.

But they behave a bit different in that automatic install.

All of them except one have "drop" in the first of three conditions. the exception has accept in all three.

I thought the drop was the way one got protected.

As a newbie one have no idea what these words means.

why is it not drop on all three if drop is the way to protect.
If it is accept in all three how can one say one are protected then?

To my naive newbie mind the word accept means

accept that they break in as if an open door?

What else can it mean? I write iptables -L and it writes a lot of text me don't understand.

Okay one should read up on it. Read the f****ng Manual,

But if the manual is/are written with a language that is too technical to be grasped? No use reading things one fail to grasp.
I use Google Search on Puppy Forum
not an ideal solution though

nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#71 Post by nooby »

Dennis I agree with your "take" on it but I don't agree on what is light and good to use.
Personally, I see Puppy as a light-weight distro for lower end hardware. Some of the questions I see on the forums have me shaking my head in wonder. "If you have that kind of hardware, why do you want to run Puppy? Install a distro intended for Big Mutha systems. You'll be much happier..."
I have tested the more bloated linuxes. Ubuntu, SuperOS (ubuntu), Linux Mint KDE CE, Debian Elive, AntiX/Mepis, Mandriva, and I have 3GB of memory and a one year desktop to use it on.

These programs are for linux experts. That have a good memory for how things are structured in linux with different permissions for everything.

I installed three linux distros on an older computers with only 500mb RAM memory and only puppy allowed me to move a bookmark.html file from an usb to the root of the hdd.

Yes if one are well structured and have a good memory then one remember how to do it on the bloated linuxes too. But if one are fuzzy and ADHD in head like me then it takes months to find that info on the net and most of the time one get mocked for asking how to do it.

How I did it? I used puppy or I uploaded the html to gmail and used it from there and saved it in usr/home instead
Which forced me to have two such files. One for puppy and another for Debian. Yes I love to be protected too. :)
I use Google Search on Puppy Forum
not an ideal solution though

DMcCunney
Posts: 889
Joined: Tue 03 Feb 2009, 00:45

#72 Post by DMcCunney »

nooby wrote:Dennis I agree with your "take" on it but I don't agree on what is light and good to use.
Personally, I see Puppy as a light-weight distro for lower end hardware. Some of the questions I see on the forums have me shaking my head in wonder. "If you have that kind of hardware, why do you want to run Puppy? Install a distro intended for Big Mutha systems. You'll be much happier..."
I have tested the more bloated linuxes. Ubuntu, SuperOS (ubuntu), Linux Mint KDE CE, Debian Elive, AntiX/Mepis, Mandriva, and I have 3GB of memory and a one year desktop to use it on.

These programs are for linux experts. That have a good memory for how things are structured in linux with different permissions for everything.
You get to be a Linux expert with experience. If you decide (as you seem to have done) that "Oh, that's too hard. I can't deal with that. I'll use Puppy because it's simpler.", you'll never gain the knowledge you want.

And Ubuntu and derivatives try to reduce the amount you need to know to use them.
I installed three linux distros on an older computers with only 500mb RAM memory and only puppy allowed me to move a bookmark.html file from an usb to the root of the hdd.
You shouldn't put files in the root directory. It should be clean and uncluttered. The only things that should be there are things the distro puts there.

Puppy let you do it because you always run as root, and root can do pretty much anything, including dropping files where they have no business being.

I'd call your experience an example of why always running as root is a Bad Idea.
How I did it? I used puppy or I uploaded the html to gmail and used it from there and saved it in usr/home instead
Which forced me to have two such files. One for puppy and another for Debian. Yes I love to be protected too. :)
Something like /usr/home is where files like that should be stored. I don't understand why you thought you needed to keep it in root. The browser that will display it doesn't care where it lives, as long as the ID you are logged in as has permission to view files in that directory. All you have to know is where to find it, and once found, you can bookmark it.

I also don't understand why you think you are forced to have two files. I have Puppy and Ubuntu installed on separate partitions on the box Puppy runs on, and can boot into either. Each can see the other's partition, and Puppy mounts the Ubuntu partition automatically when it boots, so it appears as /media/ubuntu in the file system, and I can look at stuff on the Ubuntu side. I haven't needed to have the same HTML file visible from both distros, but it would be no problem to do it.
______
Dennis

musher0
Posts: 14629
Joined: Mon 05 Jan 2009, 00:54
Location: Gatineau (Qc), Canada

#73 Post by musher0 »

Flash wrote:I have no idea how many other people use multisession. I can't believe I'm the only one.
Hi, Flash!

There's at least two users! I use it!
And multisession is certainly:
1) the most secure way to use Puppy, for the reasons you mentioned
2) the most portable way, too, especially if you use a 1.5Go DVD that fits in your shirt pocket.

BFN.
musher0
~~~~~~~~~~
"You want it darker? We kill the flame." (L. Cohen)

musher0
Posts: 14629
Joined: Mon 05 Jan 2009, 00:54
Location: Gatineau (Qc), Canada

#74 Post by musher0 »

RetroTechGuy said:
> [...] What does Puppy provide, that Ubuntu doesn't? [...]

I'll answer a bit out of context.

To my knowledge, Puppy is the only distro that respects my ownership of my machine. I spent some good money to buy this computer, and lots and lots of time configuring it, and my Puppy.

That would have been impossible to such an extent on other distros, since they keep asking for permission ("sudo" or whatever).

Ubuntu makes modifications a bit easier, but still. What right do the initial programmers of any distro have to tell me what I can do and cannot do with my machine? NONE.

Especially pretending to protect me from myself and some potential errors? Come on... Instead, please provide some good and easy ways to back-up your system or any part of it.

I think it's an author's power trip: like a painter or a novelist can be protective of his/her work, they just want to prevent users from changing too much their own concept of what Linux should be -- or at least make it (very) difficult to change.

Or could it be that these programmers are insecure about their own skills? If anybody else changes anything, do they fear that their Linux system will go "bonk"?

Both reactions above are a psychological, human reflex, but it's no good for larger distribution of Linux: those protective attitudes actually prevent wide adoption of Linux among the general public.

Again, in this respect and many others, Puppy is way ahead. It respects me, and is still very safe to use.
musher0
~~~~~~~~~~
"You want it darker? We kill the flame." (L. Cohen)

nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#75 Post by nooby »

Christian L. (aka / alias musher0) has the right attitude in my opinion.

If the developers or "authors" of software wants to protect me then the best way to do that is to make the program 100% under my command and with tools and built in knowledge that let me know what it does so I can tell it what to allow and not allow.

It is good that they want to protect me but they do it in a way that let them keep the control and me give up on trying to get what the Operating System really do behind the scenes because they use such technical language to describe it.

Dennis, I think you are wrong on this part:
If you decide (as you seem to have done) that "Oh, that's too hard. I can't deal with that. I'll use Puppy because it's simpler.", you'll never gain the knowledge you want.


I decided when I first heard of computers to be affordable to ordinary people. Wow that will become my main interest apart from music.

I bought almost every new computer that came out within my financial status. Sinclairs Z80 and Acorn and Commondore and IBM 86 when they had gone down in price on the second hand market around 1983 or so.

I have owned or read from library numerous books on Assembler programming of Z90 and 6505? dfail to remember. Acorn had it or what name they had. I bought books on C and C++ and Pascal and Oberon and Structured Assembler and I had compilers and used them in MsDOS and so on.

I had the opposite attitude that you guess. Nothing was impossible to learn I thought about me. I trusted the propaganda that anybody can learn anything if they really try and practice and are at it.


Not so. To be good at programming and structured thinking you have to have a brain that have that capacity.

Maybe 99% of all people does have that capacity and me trusted me to have it and I behaved as if I had and started early in the morning and gave up for that day at midnight and started again next day and trusted that if one really wanted to learn then it would take sooner or later.

Reality is not that way. some of us fail to live up to the myth that everybody can learn anything on that level.

We are not alike in our heads, some are more clever than others. I unfortunately belong to the low achieving when it comes to being structured in thinking. I am all over the place but none will get accomplished ever.

It was not my thing.Yes but nothing is my thing. I am low achieving in everything I have tried out. Sport, music, making love, dancing, telling stories, reading, talking, walking, running, singing,

They get it wrong when they say that everybody is good at something. That is not true at all. some of us are not good on anything. We are the failed versions of the human species. Despite us trying as hard as we can. we don't have it in us. Lacking the resources we do. I thought for some 40 years that I was as good as anybody. I am not. That was a myth they teach us out of ideology blindness.

But then you should not do computers, let those that can do such then.

Nope, we have the right to do computers too.
I use Google Search on Puppy Forum
not an ideal solution though

DMcCunney
Posts: 889
Joined: Tue 03 Feb 2009, 00:45

#76 Post by DMcCunney »

nooby wrote: Dennis, I think you are wrong on this part:
If you decide (as you seem to have done) that "Oh, that's too hard. I can't deal with that. I'll use Puppy because it's simpler.", you'll never gain the knowledge you want.


<...>

I had the opposite attitude that you guess. Nothing was impossible to learn I thought about me. I trusted the propaganda that anybody can learn anything if they really try and practice and are at it.

Not so. To be good at programming and structured thinking you have to have a brain that have that capacity.

Maybe 99% of all people does have that capacity and me trusted me to have it and I behaved as if I had and started early in the morning and gave up for that day at midnight and started again next day and trusted that if one really wanted to learn then it would take sooner or later.

Reality is not that way. some of us fail to live up to the myth that everybody can learn anything on that level.

We are not alike in our heads, some are more clever than others. I unfortunately belong to the low achieving when it comes to being structured in thinking. I am all over the place but none will get accomplished ever.

<...>

But then you should not do computers, let those that can do such then.

Nope, we have the right to do computers too.
Nooby, my point was simply that the first step in doing anything is believing you can do it. If you define yourself as someone who can't do a particular thing, it's self-fulfilling prophecy. You won't be able to do it.

If you start out by believing you can do it, it may be difficult, but it's not normally impossible.

And no, I don't think 99% of the people are able to do this and you're one of the 1% of odd men out. We are all wired differently, with different capabilities. My SO, for example, has a facility for languages. She was once fluent in about a dozen. These days, she's essentially bi-lingual in English and Spanish, and fluent in French if it's related to cooking. She's lost the rest because she's had no occasion to use those languages and stay fluent.

But we perceive things quite differently. My primary sense is vision. I understand things in large part by being able to draw pictures in my head illustrating what the parts are and how they fit together. When someone asks me technical question, my first impulse is to grab a pencil and paper and draw a diagram to illustrate the concept. That doesn't work with my SO. Her primary sense is hearing. She makes nothing of my pictures on paper, and I have to find other metaphors to describe the concept.

The whole world won't intuitively grasp computers, and an awful lot of folks out there will never get beyond the "learned to do a particular thing by rote" stage. I've told various people in the past that the real accomplishment comes when you reach the stage where you can say "If I can do that, that means I should be able to do this. Let's see..."

As for inability to remember where things live or how things fit together, I have a simple suggestion. Keep a notebook beside your systems, and write things down.

My SO does a lot of that, because she has a poor memory. She's discovered that if she writes it down, it's more likely to stick, and if it doesn't, it's written down and she can refer to it.
______
Dennis

nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#77 Post by nooby »

Yes structured persons can write things down and then find the text and learn from it.

I write down things all the time but have no way to find it later.

I do bookmarks of pages with the codes for becoming root and passwords for different linuxes and so on I drown in all the bookmarks I make and fail to remember how to find the needed one.

You have the right positive attitude, keep it, but remember that some people fail to live up to it but it would help all of those that can follow the good advice.

We are off rail so lets go back on topic.

Security only works if the person trying to protect him or herself knows how to apply, make use of the firewalls and so on.

Hahah, sometimes I think that the only reason linux is a bit safer than windows are that the criminals know the linux users are so few that there is no money into creating code to attack linux.

that may change if linux ever get popular. hopefully we have less difficult to use firewalls by then.

did anybody answer my question about the deny and accept in puppy?

I tested say 25 different puppies. All of them except one has the word drop at the first section when one write iptables -L

I could show if I knew how to copy the text from terminal to forum but I have no clue on how to.

The exception have accept in all places.

Question number two

Does it help at all if all is accept? How can that protect me? No explanation either how to change the accept to a deny. Where am I supposed to do that?

It is too difficult to use them.
I use Google Search on Puppy Forum
not an ideal solution though

DMcCunney
Posts: 889
Joined: Tue 03 Feb 2009, 00:45

#78 Post by DMcCunney »

nooby wrote:Yes structured persons can write things down and then find the text and learn from it.

I write down things all the time but have no way to find it later.
That's why I suggested a notebook kept by your computers. Scraps of paper can get lost. A notebook full of notes is less likely to.

There is still the challenge of organizing the notebook to find specific notes later.
I do bookmarks of pages with the codes for becoming root and passwords for different linuxes and so on I drown in all the bookmarks I make and fail to remember how to find the needed one.
Do you organize your bookmarks in folders?

Do you add keywords when you make the bookmark to make it easier to find in a search?
did anybody answer my question about the deny and accept in puppy?
No. I suggest you open a separate thread for it in the Users forum, like "How do I use iptables?"

It's relevant to security, but a bit off this particular topic, which compares Linux and Windows..
______
Dennis

User avatar
Pizzasgood
Posts: 6183
Joined: Wed 04 May 2005, 20:28
Location: Knoxville, TN, USA

#79 Post by Pizzasgood »

RetroTechGuy wrote:Note also that making a "multi-user" machine isn't hard, with Puppy (I emphasize machine, as most don't care if it's an multi-user OS). Just copy your boilerplate pupsave over to a new username, and they then have their own system. Yeah, so you'll have to spend a few seconds performing a reboot to change users. Puppy is small enough that there isn't a real reason to leave it running when not in use, so the most likely scenario is that the user comes to the machine in the "off" state, and boots normally. Otherwise the 1st user will have to shut down, and the second reboot. No big deal.
There is a humongous difference, that has nothing to do with rebooting. Permissions. If your reason for having other users is to keep those other users from breaking your system (perhaps because they simply don't know what they're doing), then multiple save files is not good enough. There is nothing to stop them from deleting the other save files, or repartitioning the harddrive, etc.


Regarding, size, a properly multiuser Puppy is very nearly the same size. In the case of Multiuser Puppy 4.2.1, it was one megabyte larger than stock Puppy 4.2.1. That one megabyte mostly came from sudo.

musher0 wrote:RetroTechGuy said:
> [...] What does Puppy provide, that Ubuntu doesn't? [...]

I'll answer a bit out of context.

To my knowledge, Puppy is the only distro that respects my ownership of my machine. I spent some good money to buy this computer, and lots and lots of time configuring it, and my Puppy.

That would have been impossible to such an extent on other distros, since they keep asking for permission ("sudo" or whatever).
What are you talking about? With the exception of Ubuntu and it's spawn, you can just log in as root. That is one single time that you have to authenticate yourself. Then you can do whatever the flip you want. Nobody forces you to be a limited user. They just recommend it. And nothing stops you from removing that login prompt either. The "autologinroot" program that Puppy uses is five lines long, and only one of those lines even does anything:
http://www.murga-linux.com/puppy/viewtopic.php?t=5991

Code: Select all

/*BK auto login */

int main() {
 execlp("login","login","-f","root",0);
}


nooby wrote:Hahah, sometimes I think that the only reason linux is a bit safer than windows are that the criminals know the linux users are so few that there is no money into creating code to attack linux.
You forget. Linux is used more than Windows in the server world. It is only on the desktop that Linux is a minority. And they do put considerable time and energy into attacking Linux and the programs that run on it, at least those programs that are commonly used in servers.

I could show if I knew how to copy the text from terminal to forum but I have no clue on how to.
Just click and drag over the text to select it. Now middle-click wherever you want to paste the text. (You don't have to tell it to "copy", it automatically copies whenever you select text.)

If you have a scroll wheel, you can depress that and it will act as the middle mouse button.

If you don't have a scroll wheel or a middle button, just two normal buttons, you can probably click with both of them simultaneously, and Linux will translate that into a middle click. (This is an optional feature, so it might have to be enabled (via Menu->Setup->Mouse/Keyboard Wizard), but it's probably already set.)

If you only have one button on your mouse, throw it away and get a real mouse. ;)
Last edited by Pizzasgood on Sat 27 Mar 2010, 22:09, edited 2 times in total.
[size=75]Between depriving a man of one hour from his life and depriving him of his life there exists only a difference of degree. --Muad'Dib[/size]
[img]http://www.browserloadofcoolness.com/sig.png[/img]

DMcCunney
Posts: 889
Joined: Tue 03 Feb 2009, 00:45

#80 Post by DMcCunney »

musher0 wrote:RetroTechGuy said:
> [...] What does Puppy provide, that Ubuntu doesn't? [...]

I'll answer a bit out of context.

To my knowledge, Puppy is the only distro that respects my ownership of my machine. I spent some good money to buy this computer, and lots and lots of time configuring it, and my Puppy.

That would have been impossible to such an extent on other distros, since they keep asking for permission ("sudo" or whatever).
So does Ubuntu. By default, you're logged in as an ordinary user, and you need to temporarily acquire admin powers to do administrative chores.

It's easy enough to work around: open a terminal and type "sudo passwd root" Provide your normal password to use sudo. The passwd command will ask you to set a password for root. Enter it, and enter it again when asked to confirm it.

Root now has a separate password. You can switch to another virtual console, or log off and log back on again in the one you're in as root, and proceed to make all the changes you want without being asked annoying questions.
Ubuntu makes modifications a bit easier, but still. What right do the initial programmers of any distro have to tell me what I can do and cannot do with my machine? NONE.
They aren't telling you that. They are trying to insure you don't shoot yourself in the foot. You can do anything in Ubuntu you can in any other Linux distro. It's not impossible to make changes. How to do it just isn't as obvious as is is elsewhere.
Especially pretending to protect me from myself and some potential errors? Come on... Instead, please provide some good and easy ways to back-up your system or any part of it.

I think it's an author's power trip: like a painter or a novelist can be protective of his/her work, they just want to prevent users from changing too much their own concept of what Linux should be -- or at least make it (very) difficult to change.

Or could it be that these programmers are insecure about their own skills? If anybody else changes anything, do they fear that their Linux system will go "bonk"?
.
Ever done tech support for end users in a commercial setting?

You discover quickly that folks who do make backups and can easily undo changes they made are a small minority of the population Most of them want stuff to Just Work, and have someone they can call if it doesn't.

Ubuntu is a product of Canonical, Inc., which is attempting to play in the same space as people like Red Hat - making money by selling support contracts to businesses that adopt the software. This makes them fussier than average about what goes into a distro, as they will be expected to support it and answer questions about it.

They are also doing their best to create a desktop distro that will install and Just Work for the sort of user I mentioned. They err on the side of caution, because there are things you can do on any system that will make it go "bonk", and they try to minimize the likelihood of it happening.

If they hold your hand more than you like, don't use Ubuntu. You aren't really the user they are targeting.
______
Dennis

Post Reply