Slacko5.7-2015 and 2015a

[Mike7]

I succeeded in using frugalinstaller-1.2 to install Slacko5.7-2015a onto a 4gb ext2 partition on a 16gb flash drive, with a 10 gb FAT32 partition in the remaining space.

Slacko5.7 boots up okay, but there are a lot of problems:
-- It's not saving my boot selections, even though it is creating a save file.
-- None of the three wireless network managers is working properly. Even Frisbee, the best of them IMHO, is not working seamlessly as it does in Carolite-1.2. It loses my network connection, reports misinformation about keys and signal strength, and doesn't have the features I expected.
-- All the colors and gizmos (like the traffic light drive icons) are unpleasant and distracting. (However, they do work, something that can't be said for the drive icons in Carolite.)
-- All the info boxes and popups and option thingies remind me of Windows. I really don't want to see a popup asking me if I want to save my password, every time I log onto a site.
-- The full descriptions of the the apps in the menus cause clutter and make finding what you're looking for a chore.

I won't go on. I don't want to offend anyone. I'm sure a lot of good work went into this version, and most of the programs probably work okay.

But I think I'll stick with Carolite or maybe eventually Caroline. Simpler. More elegant. And no glitches connecting to the Internet.

[8Geee]

In the last 6 weeks an exploit named logjam has been reported. This exploit affects the browser as well as the server. For those concerned with their security, there are two recomendations I can give;

1.) Upgrade the FF Browser to 38.0.6
2.) Manually configure the Browser present (FF27.0.1) to behave correctly.

The latter option is less of a headache than to install a new browser and customize it. Please note that OpennSSL 1.0.1 will again be upgraded soon.

To accomplish tweaking your FF27.0.1 one needs to do the following;

0.) The attatchment is a picture of about: config as described below. This illustrates all of the false and true settings used. When searching use dhe as the search-term. This results in the list you see in the picture.

1.) Disconnect from the internet
2.) Open Firefox and type in about:config
3.) Enter the search-term dhe
4.) Using the picture as guide, alter any permission with a double-click
5.) When finished close the browser
6.) Wait 1 minute and open the browser again, the changes made are installed.
7.) Close the browser.

The technical is that one proceedure of generating a random secure code can be altered to a lower security state. By turning off these affected generators, the problem is solved (not permanently). The OpenSSL patch will complete this job.

Regards
8Geee

[Mike7]

Hi, 8Geee.

I don't know if it's the logjam exploit that's messing me up, but I can't connect to many sites, like youtube.com, and everywhere that there's a video I get a notice telling me to update flash (but flashplayer 10 is already installed!).

For those concerned with their security, there are two recomendations I can give;

1.) Upgrade the FF Browser to 38.0.6
2.) Manually configure the Browser present (FF27.0.1) to behave correctly.

I'm using FF38.0.5. Do you think FF38.0.6 was written after logjam and incorporates protections, but not 38.0.5?

note that OpennSSL 1.0.1 will again be upgraded soon.

Has that happened?

To accomplish tweaking your FF27.0.1 one needs to do the following;

I followed your procedure in my FF38.0.5. Not all the "dhe" entries from your about:config image were present, but I changed the ones that were.

Hoopla! I can finally connect to youtube.com! Thank you, thank you.

Mike

[8Geee]

Yes it was a logjam thing.

The 38 and 39 versions BOTH have the same problem.
The 27 version in my distros have many bad encryption schemes. I think only 5 or 6 of the 3 dozen are any good.

Editted: had to check... Open ssl 1.0.1 is p version.in menu --> Setup --> Updates from Slackware. Make sure the version is 1.0.1 using terminal by typing openssl version. Both the file and the solibs file need to be clicked. When finished, do a shutdown, wait 1-2 minutes and boot... then the USR/doc files can be tossed.

One other scheme to set to false is rc4. Use same proceedure with rc4 as search term and false all of them. I think thats all thats needed on 38/39.

You're quite welcome.

[Mike7]

8Geee-

The 38 and 39 versions BOTH have the same problem.

So 38.0.6 doesn't come with the fix?

The 27 version in my distros have many bad encryption schemes.

Is v26 (the builtin in my OS) any better?

Open ssl 1.0.1 is p version

This is the new version with logjam protection?

in menu --> Setup --> Updates

???

from Slackware.

Is the slackware version gonna work in Carolite?

Make sure the version is 1.0.1 using terminal by typing openssl version.

That only works once it's installed, no?

Both the file and the solibs file need to be clicked.

That installs them? In the right place?

One other scheme to set to false is rc4.

Done.

I think thats all thats needed on 38/39.

Sure hope so. I hate losing control of my computer. Makes me really, really angry.

Mike

You're quite welcome.[/quote]

[8Geee]

1.) No fix in 38.0.6 or in 39

2.) No its actually worse than 27 in that TLS is not fully supported... only SSL3 which has been hacked.

3.) Well, the 1.0.1.p version is patched.

4.) The openssl type 1.0.1, 1.0, or 0.98 is dependant upon the puppy. Thats why I asked you to open terminal and type in openssl version just as you see it here. If you have 1.0.1 then the correct patch is 1.0.1p.

5.) That Menu --> Setup portion will guide you to any fixes from the developer (Slackware, Debian, Ubuntu, etc.) I showed "Updates from Slackware" as the slacko path. I'm not sure about carolite 1.2.

6.) If you are running as a live-CD the patch would be put in memory. If running with a 2fs save, then the save-file gets bloated with the doc files (about 2.5 Mb) since theres no journaling (removal of deleted files gains free-space).

7.) Don't load anything until you have checked the version of openssl in #4. Carolite/Carolina is a Jemimah distro with lots of tweaks that make it better at the risk of making it "independent". I'll have a look at the massive Carolina thread to see whats going on in terms of compatability.

I didn't know if you had changed over to a different distro or not thus the long-wiinded posts.

*** EDIT *** I ran through the posts asociated with Carolina/Carolite. It seems that Geoffery claimed 1.0.1j in an X-Slacko environment. Still check into the build as requested above. With your setup this needs a remaster after upgrading the browser and openssl and wget and bash.

bash should be 4.3.30(1)
wget should be 1.16
openssl should be 1.0.1p
browser should be => FF27

The last remaining security patch is the toughest... glibc. That requires kernel 3.18.2 or better. Fixing this is very complex otherwise.
/EDIT

[Mike7]

8Geee-

its actually worse than 27 in that TLS is not fully supported... only SSL3 which has been hacked.

Okay, I take it then that there's nothing to be gained by looking backwards.

That Menu --> Setup portion will guide you to any fixes from the developer (Slackware, Debian, Ubuntu, etc.) I showed "Updates from Slackware" as the slacko path. I'm not sure about carolite 1.2.

But what are you looking at? Is "Menu->Setup->Update" in an SSL installation program or something? I don't know where we're at here.

If running with a 2fs save, then the save-file gets bloated with the doc files (about 2.5 Mb) since theres no journaling (removal of deleted files gains free-space).

I thought the savefile, as read/write, would allow this to happen. What, then, does journaling mean in the context of a savefile? (Frankly, journaling is a concept that I've never fully understood.)

Furthermore, I don't get what the problem is with the savefile; for example, what's the difference, insofar as savefile size is concerned, if you delete an app before installing the update? And even if you would save savefile space (which I don't see), isn't there a risk of components being missing, since many updates are designed to be done over the previous app?

It seems that Geoffery claimed 1.0.1j in an X-Slacko environment.

What exactly does "X-Slacko environment mean"? Is the compatibility with Slacko Puppy only, or also with Slackware?

Still check into the build as requested above.

Code: Select all

# openssl version
OpenSSL 1.0.0d 8 Feb 2011

# uname -r
3.2.13

# bash --help
GNU bash, version 3.00.16(1)-release-(i486-t2-linux-gnu)

# wget --help
GNU Wget 1.15

# firefox -version
Mozilla Firefox 38.0.5

With your setup this needs a remaster after upgrading the browser and openssl and wget and bash

Uh-oh <grin>.

The last remaining security patch is the toughest... glibc. That requires kernel 3.18.2 or better.

I should be okay, then, as my kernel is 3.2.13.

But, isn't this whole security updating and patching thing a full-time job these days? There seem to be new versions of things every week to counteract all the new threats. I mean, by the time I got all these security patches and updates installed and the OS remastered, wouldn't it already be out of date?

Mike

[8Geee]

As it turns out I'm glad I asked questions here.

It seems Carolite is a different distro than a slackware derivative. Thanks for posting openssl and wget. The reason you are having difficulty understanding things here is that our menu's are much different, with things located in different places. So your openssl is 1.0.0 and different, and sourced differently. There must be a repository (collection) of files for carolina that should work for the lite version you have. With in that collection should be updates for wget, bash, and openssl. I would leave a post or two over at the Carolina 1.3 thread, and see whats up.

Now for 2fs and journalling, 2fs is a read-only save file, meaning that once something get put into it, such stuff cannot be over-written, even if blank space. It like a write-once, then read-only file. Journalling is a word that means the file can be over-written, so 3fs and 4fs can be modified in this way. It also means that a file can be removed from the 3fs (4fs) save. Journalling (re-writing) shortens the life of a USB flash stick in particular, and does "wear-down" SSD's (but these have a system to shift files to a less worn down area). In general journalling can be minimized by only rewriting at shutdown, or when important things get updated. In puppy there is pupmode 13, and coupled with No timed-save, and save on shutdown, things for me work OK. Obviously, if running puppy as a live-CD, its better to shutdown and forget.

The 2fs save file will copy the whole file if changed, and this causes the save file to grow fast, and take up a lot of room (the original file is not re-written, but flagged as old: both copies are in the save-file).

HTH

[Mike7]

Hi, 8Geee.

Sorry I've been so long in replying but I've had a health issue.

The reason you are having difficulty understanding things here is that our menu's are much different, with things located in different places.

You can say that again <grin>.

There must be a repository (collection) of files for carolina that should work for the lite version you have. With in that collection should be updates for wget, bash, and openssl.

The PPM in my Carolite-1.2 shows newer versions of all three:

• openssl-1.01j-i486
  bash-4.3.39
  wget-1.16-i486

However, it's a Carolina repo, not a Carolite repo. And aside from openssl, what's the real point in updating? I mean, I could try to update everything in my OS, since it was written three years ago. But I'd have to uninstall the built-in versions first, which is risky because they were designed for Carolite-1.2 and what's more are no longer available anywhere. What's the gain for all this work and the danger of destabilising the system irremediably?

I would leave a post or two over at the Carolina 1.3 thread, and see whats up.

What works for Carolina-1.3 doesn't necessarily work for Carolite-1.2, and the people in the Carolina threads don't necessarily know what works and what doesn't, since they aren't using Carolite-1.2 any more (if they ever did). So that's just looking for more trouble, I believe.

2fs is a read-only save file, meaning that once something get put into it, such stuff cannot be over-written,

Well, this is bad for me, isn't it? My savefile is huge (Carolitesave.2fs > Properties > 536.9Mb, and /mnt/dev_save > 657.6Mb). But what choice did I have between the 2fs savefile I've got and a 3fs or 4fs savefile? (BTW, does this have something to do with the ext filesystem on the drive?)

All these confusing, negative, and depressing issues that I don't fully understand and am in no position to fix are just making me feel like hanging up Carolite and the other Puppies.

I appreciate your help, I really do, but I haven't got enough time to devote to this, it seems, and that's what remastering Carolite with updates and fixes for everything is starting to entail. If I would have to single-handedly create a "Carolite-1.3" in order to achieve some sort of security, then I'll just have to abandon it.

Mike

[rg66]

However, it's a Carolina repo, not a Carolite repo...

What works for Carolina-1.3 doesn't necessarily work for Carolite-1.2...

Carolite is nothing more than a stripped down Carolina. The repo packages will work in Carolite as long as the dependencies are there.

[Mike7]

Hi, rg66.

The repo packages will work in Carolite as long as the dependencies are there.

I was told in this forum (can't remember which thread) that the libraries in Carolite-1.2 are not identical to those in Carolina-1.3 and that not all the apps written for Carolina-1.3 will work in Carolite-1.2. Was I misinformed?

M.

[Mike7]

8Geee-

-- Will I be okay with openssl-1.01j, or must it be 1.01p for the security update? (I can't find openssl-1.01p in the Carolina repos at smokey01.com and archive.org.)

-- Is it okay, then, to install glibc with kernel 3.2.13? Where do I find glibc? (Is changing this library going to affect other things?)

M.

[8Geee]

As far as openssl- I would ask over at Carolina 1.3 thread. D/L a slacko version is not in your best interests. 101j has two major flaws that need update to 101p. These flaws include accessing any https webpage. You have the second, and related, problem of the FF26 browser. That needs to go to FF27 minimum. In this case, though the computer scripting is better, the browser is acting as a backdoor by letting weak password-schemes enter, and allowing strong password-schemes to be weakened. This is not really tin-foil hat stuff, its a serious and rather easy exploit.

glibc replace needs dedicated methods of removal/install. I can't go there myself, and instead choose to remove share apps manually. If its not there, it can't be an open door (but could maliciously reinstalled).

[8Geee]

It has recently come to my attention that the Firefox pdf reader uses a javascript layer that can be exploited. The exploit allows a hacker (reports are a team in at least the Ukraine) to enter the Computer and search for configurations of things like ftp and ssh configs, and bash history.

This is easily mitigated by using EDIT --> PREFERENCES --> APPLICATIONS and then about config in Firefox. The posting here outlines the simple directions. Remember to disconnect from the internet when performing this, Then close browser and then reopen. You may then connect to the internet again.

Regards
8Geee

[Pelo]

slackeee-57 : removed FFox because off boring duck duck go and other restrictions about browsing. replaced by a french version of Seamonkey.
Remasterized without browser. (browser from my tool case for each pup save
However i find the ISO size is big. I don't see where is the fat. Don't mind... Our Puppy get old,

[unicorn316386]

slackeee-57 : removed FFox because off boring duck duck go and other restrictions about browsing. replaced by a french version of Seamonkey.
Remasterized without browser. (browser from my tool case for each pup save
However i find the ISO size is big. I don't see where is the fat. Don't mind... Our Puppy get old,

In my test here, removing FF27/28 should make the puppy.sfs about 28MB smaller, if you resquash the whole filesystem without /usr/lib/firefox and/or move FF to it's own sfs file. Is that what number you are getting as difference?

[8Geee]

Pelo:

The bulk may be the video drivers. I removed all the ones not needed for ASUS-eeepc and iso went from 170 to 145Mb. When I removed unnecessary shares the iso went from 145 to 138Mb. So the distro 'can' be small. In fact, when I use the smallest version (138Mb) and add SoftOffice-FreeOffice v.697 with 'only US-en' language and default 'de', the iso is larger at 171Mb. All these versions fit in a 512Mb partition including a 128Mb save.

As others point out, putting the browser in its own sfs will reduce the loaded size quite a bit (browser on demand).

This distro preconfigures FF27 so that high-quality https security is used, lesser security invites the bad-guys. Duckduckgo or ixquick keeps the big guys out (Apple, Microsoft, Google, Facebook, Twitter) of 'your' and 'my' searching... unless you want news that only you prefer, and not the truth. (Yes, this IS what happens... your news gets filtered according to your taste, not for what is relevant or important!)

[Pelo]

puppy_slacko_5.7.sfs: 165 M (seamonkey-2.13.2_fr.pet: 24 M included)

my aim was not so much decreasing ISO file than to get rid off FF27 version included.
"SoftOffice-FreeOffice v.697 with 'only US-en' language and default 'de' "
Sure Soft office is a big part, but Soft office is a little bit my interest. I will not remove it.
"keeps the big guys out (Apple, Microsoft, Google, Facebook, Twitter) of 'your' and 'my' searching.."
These are my prefered ones !

I am in my first steps with slackeee. It was just to taste it. If Soft Office is included, that means that Slackeee will be for working at home, after a hard day at the office with... Microsoft office.
I will inform you of what happening, the best and the worse.
Have a nice day, cher collègue Puppy

[Gsyman]

Could you please let me know which version you are recommending for installation on the Asus EEE?
I want to do a fresh install with the latest version that works, also the partitions are in a mess.
What size SD card can be used to extend the memory?

Thanks

[Mike7]

Hi, all.

Is there now a slimmed-down slacko specifically for the Asus EEEpc that works? That is, a slackeee-57 without Office and with a safe browser, and with ssl and glibc issues resolved? If so, where can I download the iso?

Thanks.

Mike