Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Sun 23 Nov 2014, 20:26
All times are UTC - 4
 Forum index » Off-Topic Area » Security
How secure is Puppy?
Post new topic   Reply to topic View previous topic :: View next topic
Page 7 of 8 [115 Posts]   Goto page: Previous 1, 2, 3, 4, 5, 6, 7, 8 Next
Author Message
darry1966

Joined: 26 Feb 2012
Posts: 533
Location: New Zealand

PostPosted: Sun 24 Aug 2014, 02:33    Post subject:  

I'm with Anikin on this one. Wasn't in the old Pups which worked fine without this "feature".
Back to top
View user's profile Send private message 
Les Kerf

Joined: 24 Jun 2012
Posts: 230

PostPosted: Sun 24 Aug 2014, 09:34    Post subject:  

anikin wrote:
...
Not sure it's called geolocation, but yes, you're right, micko did really put a switch in. But let's not take it as an act of generosity - it is not. As a matter of fact, it makes things much, much worse. What was previously hidden as a crappy, little secret (and for a good reason), now has become an embarrassment for Puppy Linux and the community. An ugly genital wart exposed for everyone to see. It doesn't change the fact, that an innocent novice user is being ambushed, trapped, hoodwinked into an web connection of which he has no knowledge. It might take him years before he becomes aware of it and learns how to use the switch...


Would someone please elaborate on this? I am one of those novice users and have no clue as to what this "switch" is all about.
Thanks,
Les
Back to top
View user's profile Send private message 
rcrsn51


Joined: 05 Sep 2006
Posts: 9259
Location: Stratford, Ontario

PostPosted: Sun 24 Aug 2014, 10:55    Post subject:  

anikin wrote:
Code:
wget -O - -q icanhazip.com

Here is a little side-effect of this feature. Suppose that you go to a restricted public WiFi site that only gives you access to their content. If you then run Network Status Information, it will permanently hang up because you can never reach icanhazip.com.
Back to top
View user's profile Send private message 
RSH


Joined: 05 Sep 2011
Posts: 2420
Location: Germany

PostPosted: Sun 24 Aug 2014, 13:39    Post subject:  

Hi.

Quote:
How secure is Puppy?

From my experience of the appr. last three years, Puppy Linux is secure, if one does follow some rules:

- don't use a save file
- don't download/open files/mails etc. that you don't trust
- don't store personal data to the cloud
- don't save any personal data on the computer

If you don't follow those rules, you will enter a never ending security battle/discussion - which is (imho) a waste of time and effort!

Btw: only an autonomous PC is a secure PC.

RSH

_________________
LazY Puppy
RSH's DNA
SARA B.
Back to top
View user's profile Send private message 
Burn_IT


Joined: 12 Aug 2006
Posts: 1063
Location: Tamworth UK

PostPosted: Sun 24 Aug 2014, 15:23    Post subject:  

One's computer is VERY secure if you don't use it. Wink

In a personal environment and if you don't leave it on 24/7 you are not very likely to be attacked from outside unless you visit dodgy sites.

I've been to companies that make their computers SO secure and restricted it is a waste of time trying to use them.

_________________
I can't remember the last time I forgot something!
Back to top
View user's profile Send private message 
technosaurus


Joined: 18 May 2008
Posts: 4376

PostPosted: Sun 24 Aug 2014, 16:35    Post subject:  

mikeb wrote:
Ok to expand on that... they have not created a virus in a lab ready to do harm. In a language such as C and C++ variable handling is extremely primitive... the coder has to literally account for every byte and clock them in and out of the stack. if they do not do their house keeping well, then bytes can end up outside of the known variable area and indeed can overrun into another variable (string/number)
You don't have to worry about the stack as much as you do memory allocated via malloc (and other *alloc functions) becuase you have to free them yourself. With proper planning you can use the stack to initialize variables inside a function and it will go away when the function returns. You can even do linked lists this way if you use a recursive function (so long as you don't exceed the default 8mb stack limit). I wrote an xml parser that worked this way and it was extremely fast.
_________________
Web Programming - Pet Packaging 100 & 101
Back to top
View user's profile Send private message 
stray_dog

Joined: 18 Mar 2014
Posts: 52

PostPosted: Sun 24 Aug 2014, 20:14    Post subject:  

Thanks for the code lines, folks - I like that stuff. It's like magic words to me, like saying abracadabra and then stuff happens. We'll have fun playing with that later. Yea anikin I'll just say we'll have to agree to disagree on that ip stuff and that's alright. But! I will say this - there's something I've been wanting to ask you and the other guys here too for a while. And that is - when you think about the Puppy versions you like because of their security - what versions are they, and how did you come to like them? Why do you like the versions you like?
Back to top
View user's profile Send private message 
anikin

Joined: 10 May 2012
Posts: 519

PostPosted: Mon 25 Aug 2014, 04:28    Post subject:  

That's an interesting question, I've never selected a Puppy from that perspective. PAE vs non-PAE kernel, what's packed in - that's my criteria. They are all supposed to be as secure as Linux is. Linux is more secure than Windows, that's common knowledge. If being tracked and logged by icanhazip doesn't concern you, that's fine, you are safe. Others comfort zone and expectations might be different. Of all the currently available pups/projects, the safest one is DebianDog, just by virtue of Debian's adherence to standards. Besides, it won't connect you to any unwanted sites (except older versions, that had unmodified ipinfo). Although, not without a little wrinkle (http://murga-linux.com/puppy/viewtopic.php?p=790425#790425), but that's purely a visual thing and an unfortunate reminder, that the "feature" has contaminated the whole scene. To sum it up, you gotta try them all yourself. Don't rely too much on recommendations, choosing the right one is an intimate affair.

edit

Les Kerf,

Sorry, I overlooked your question.
Right click on the network icon, select network status information. See the arrow in the attached image - it points to what Smithy calls a "switch". That is, "icanhazip", the unwanted connection is on by default, but you can "switch" it off. The screenshot was made in Slacko-5.7. Have a look at this thread for more details ==>http://murga-linux.com/puppy/viewtopic.php?t=90151
switch.jpeg
 Description   
 Filesize   25.71 KB
 Viewed   678 Time(s)

switch.jpeg

Back to top
View user's profile Send private message 
mikeb


Joined: 23 Nov 2006
Posts: 8645

PostPosted: Mon 25 Aug 2014, 07:53    Post subject:  

Well must make a post or 2 this session.........
Quote:

- don't use a save file
- don't download/open files/mails etc. that you don't trust
- don't store personal data to the cloud
- don't save any personal data on the computer

hmm use a save sfs or save folder...effectively the same.
always download all emails to see whats in there...used to click on dodgy ecard links to see what happens.
cloud... they might float away
where would I save data to...seems a shame not to used these chunky hard drives.

This is on windows and linux... older browser cos me machines are older etc etc.
Internet bank every day for years on either.
Always as administrator and root... yes I am a bad boy.

No problems...I see an inordinate amount of precautions taken on here for any action related to the internet and it all seems unnecessary. I am not one for taking risks and make sure stuff is as it needs to be whatever the occasion... riding a bike, sailing, surfing the net. I have mentioned many times the preparation for windows use and that on linux its already in a suitably safe condition. In a 'proof of the pudding way' 10 years of relaxed usage by myself, mad woman and 2 offspring must count for something.

I am open to change and if anyone happens to respond to my requests for examples of actual threats that need guarding against I will check them out.

mike
Back to top
View user's profile Send private message 
jamesbond

Joined: 26 Feb 2007
Posts: 2230
Location: The Blue Marble

PostPosted: Mon 25 Aug 2014, 08:23    Post subject:  

mikeb wrote:
... myself, mad woman ...
Shocked
You're sure she's not reading the forum? Laughing
Remember the worst kind of attack (security or otherwise) comes from insiders ... Laughing Her wrath can easily undo all your security measures Laughing

_________________
Fatdog64, Slacko and Puppeee user. Puppy user since 2.13.
Contributed Fatdog64 packages thread
Back to top
View user's profile Send private message 
mikeb


Joined: 23 Nov 2006
Posts: 8645

PostPosted: Mon 25 Aug 2014, 08:31    Post subject:  

I have a stainless steel chastity belt .... it's thee only way.

mike
Back to top
View user's profile Send private message 
Les Kerf

Joined: 24 Jun 2012
Posts: 230

PostPosted: Tue 26 Aug 2014, 08:26    Post subject:  

anikin wrote:


Les Kerf,

Sorry, I overlooked your question.
Right click on the network icon, select network status information. See the arrow in the attached image - it points to what Smithy calls a "switch". That is, "icanhazip", the unwanted connection is on by default, but you can "switch" it off. The screenshot was made in Slacko-5.7. Have a look at this thread for more details ==>http://murga-linux.com/puppy/viewtopic.php?t=90151


Thanks for the link, it took me quite a while to read all the way through that thread Very Happy Now I am better informed and can make my decisions accordingly.
Les
Back to top
View user's profile Send private message 
stray_dog

Joined: 18 Mar 2014
Posts: 52

PostPosted: Tue 26 Aug 2014, 19:43    Post subject:  

Thanks for the input, folks. I appreciate it. Will definitely look up more on these things from your input, all.

Yea I must say, my first criteria too wasn't security, but just ... does it work? My girl got her LPS to work on her machine at first boot from live cd, & let me try it on my older model, and it wouldn't work. It tried, though. And I wondered, now why on earth does it work on hers but not mine? I didn't even know what pae was. I think that was one of the first steps of us getting more acquainted with what our machines actually *were*. What it meant. Fast forward through figuring that out, through making some live cds of current knoppix and puppy, and putting them in & finding out what happened. Ohhhh, so *this* is what a website looks like when flash is disabled and noscript is on. Oh my. Where do I log in?!? Oh wait, it must be over here. Learning a little more. It works, and I can get on the internet and do banking, but I can't watch a youtube clip of The Avengers. Okay. Right. Then if I get the most current version of Flash, I can barely watch it not because it isn't fast - because it is - it's just that now I have an army of those darned annotations and boxes popping up all over the clip I wished I could just watch. Just Tony Stark saying "don't take my stuff". And I realize, I'm already down the rabbit hole. What do I want to use, what is that affected by and why, etc. Yea, it becomes an intimate affair, totally! I remember at a certain point along that road, I saw an article - I think it was on wired - about Snowden using Tails, and I had to look it up. Like, here's this guy, and if there's anybody that needs to have his stuff locked down, it's that guy, right? So we learn more.

For me, what that meant was, looking at who am I, and what do I need or want to do? And what do I need to do/install/use that lets me do that in an alright way? Like for me, I'm not an activist, I just want to do my own thing and have that be safe as I can, while not falling victim to being a zombie in some botnet that ends up hacking the store I bought these cheap-ass shoes from. So it really turned me on to looking at identity, context, purpose, tasks, all of that. I don't have any advice, I guess all I'm saying is that by understanding the different kinds of security & choices other people have made and why, I could at least *start* to understand where I fit in that now, and go from there. Like Les said, we get informed better, and then can make better decisions.

Although, mikeb I have to say, I chuckled at your post about family & kids, because when my bff at work had her laptop not working at home, I gave her my puppy cd to try out, and then a couple weeks later she was like we can't get on! And I was like what do you mean? And it turned out her pre-teen son had somehow managed to create a password protected save file and had then naturally forgotten what the password was! And man, did I have a *big* chuckle over that situation! Hats off to finding out what happens in real world contexts and then fixing it, big time.

Alright, guys - thank you. I have to sign off now, gotta get ready for the pesticide people tomorrow. This might sound ridiculous to you all wherever you are, but my concern right now is how to keep bedbugs from laying eggs in my laptop. Alright. Good wishes to you all.
Back to top
View user's profile Send private message 
mikeb


Joined: 23 Nov 2006
Posts: 8645

PostPosted: Wed 27 Aug 2014, 04:28    Post subject:  

Is that a case of 'Don't let the bedbugs byte' ?

mike
Back to top
View user's profile Send private message 
stray_dog

Joined: 18 Mar 2014
Posts: 52

PostPosted: Wed 27 Aug 2014, 10:32    Post subject:  

LOL
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 7 of 8 [115 Posts]   Goto page: Previous 1, 2, 3, 4, 5, 6, 7, 8 Next
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Off-Topic Area » Security
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.1034s ][ Queries: 13 (0.0084s) ][ GZIP on ]