Criticism of woof-CE and of the people involved in it.

[anikin]

First of all my agreement with Anikin is in principle only

Thanks, stemsee, your kind words are very much appreciated. The point is, I too agree with myself only in principle!

[Iguleder]

An ideal solution would be to disable them *all* in Woof-CE and let Puppy builders make a responsible decision.

You still haven't explained why they're so bad.

[anikin]

You still haven't explained why they're so bad.

Most probably, pings are harmless. Do pinging logs have a potential to become a tracking issue? You never know, but servers keep logs, why take risks then? Out of sight, out of mind.

[Iguleder]

Most probably, pings are harmless.

At last. Thank you. Exactly the answer I wanted.

Do pinging logs have a potential to become a tracking issue?

No!

You never know,

Yes I do, sometimes.

but servers keep logs

What servers? I haven't heard of any servers that log ICMP traffic. And even if duckduckgo.com keeps such logs, they contain nothing but your public IP address and the TTL.

why take risks then?

What risk?! Most sites you visit keep logs containing you address (think Apache, nginx, ...) in addition to other information (the browser agent, the URL you visited and so on), so those pings are less "risky" than your very own, "normal" activity on the internet.

So, to sum it up: if I get you right, if these pings need to be disabled, the browser and the ability to install a browser should be disabled as well.

[anikin]

How about my practical proposal above?

[Iguleder]

How about my practical proposal above?

While I don't think there's any reason to disable those pings (as I said earlier, there's no privacy/security problem), I won't stand in your way if you:
1) Fork woof-CE, implement this feature cleanly and send a pull request
2) Don't alter the default behavior - pings should be on by default so no functionality is lost

[jamesbond]

But why are there so many 's/bin' directories and not just one of each? (linux in general actually)

Short-answer: Legacy.

Long-answer:
"bin" = directory for binaries (=executable files = programs)
"sbin" = directory system binaries

Now, in some systems, it is possible to boot the computer with a minimal set of utilities (=boot-time utilities); and then use them to connect to a network directory containing the rest of the system (very similar to Puppy's initrd which contains minimal set of tools, and the puppy basesfs that contains the full-sized tools). For these systems, /bin and /sbin are the directories that contain the boot-time utilities, and /usr/bin and /usr/sbin contain the complete utilities.

In large time sharing systems, you're not supposed to touch /bin /sbin (=or you risk bricking the system) and you can't modify /usr/bin /usr/sbin which comes from read-only network directory. If you need to add your own binaries (=self-compiled programs etc) you need to add it into a special place. This special place is /usr/local/bin & /usr/local/sbin --- it's called "local" because the change you do is "local" to that particular system (ie, not shared / exported across the networks).

/opt/xxx/bin is the location of binaries of "optional" application called "xxx".

/root/my-applications/bin is puppy's invention. It hailed from the day before puppy used unionfs/aufs, so only certain directories can be saved back to the savefile (the rest of the directories were read-only). /root is one of them, so custom / self-compiled programs need to go there; and /root/my-applications/bin sounds like a reasonable name.

[greengeek]

In the long term I think it would be handy to be able to use Puppies in the following modes:

1) Stealth mode:
- Wired network cable ignored
- Wifi interface ignored
- Puppy working offline

2) Local network mode:
- Wired network available
- Wifi network available
- Internet locked out

3) Internet mode
- All local and global networks and internet activity available.

If it were possible I would like to be able to switch between these modes from desktop/tray icons and/or from a config file that forced booting into the mode I choose as a default.

At the moment if I don't want to be exposed to the internet I simply leave the wired cable out and switch off my wifi (rfkill) switch. This works for me because I don't currently use the home network. I do everything as a standalone machine.

[eric52]

greengeek, I do something like that with a few Pups and multiple save files, SFS, etc. for security and other purposes. I use Tahr as an every-day OS, and Vivid beta as a full-fledged working OS. For special purposes, Unicorn is small, fast, and versatile. As I always end up doing something I hadn't planned for and constant rebooting is a bit inconvenient, I frequently run two machines next to each other. (I have 4 monitors @ 8 P4s in a row.) If I start playing with pen drives, things get complicated, especially accessing shared files. I would like to consolidate things a bit with modules and modes, as you suggest. SFS on-the-fly is a solid step in this direction. However, I think it might be best to use something like Puli for real security concerns. If you truly want to be safe, it's smart to not risk any compromise for convenience.

[bigpup]

Puppy pinging the Internet, to test for connection, is a normal function of connecting to the Internet.
How else are you going to know it is working.
You ping a selected location and see if the ping info returns in full.

I would be worried about who is trying to ping your computer.
How do you think a hacker finds a computer on the Internet?
They send out a ping and see who answers.

Example:
http://www.technologyreview.com/news/51 ... -internet/

[stemsee]

@jamesbond

Thanks for the explanation. It is the clearest one I have found, so far.

[eric52]

Thanks, bigpup, for a great read. Heck of a hobby. Heck of a result. Heck of a response.

[darry1966]

Ok lets cut to the chase the older Pups namely in this case 5.11 Lucid never included this Icanzahip stuff in ipfinfo and worked without said feature as seen in this scrot. So the question is why is it needed in the new ones?????

]

[mavrothal]

Ok lets cut to the chase the older Pups namely in this case 5.11 Lucid never included this Icanzahip stuff in ipfinfo and worked without said feature as seen in this scrot. So the question is why is it needed in the new ones?????

You may want to look at line 21 of the /usr/sbin/ipinfo in luci-511

Ipinfo is actually in all the puppies since 2009, always querying icanhazip for the external IP. However, all the old puppies (till a couple of years back) never offer the option to inactivate this step.
As jamesbond explained above, there is no way to get that info unless you actually connect (not ping) somewhere.

(BTW can you link to a smaller picture. Is really messing the page layout)

[MochiMoppel]

Puppy pinging the Internet, to test for connection, is a normal function of connecting to the Internet.

Hmmm..I doubt that for setting up an internet connection it is a normal, let alone necessary procedure. I even doubt that Puppy is using it for this purpose, but I can be wrong.

How else are you going to know it is working.

Just fire up your browser, download manager or whatever tool you intend to use and try. If the internet is down, they will tell you with a meaningful error message - if they are properly designed. I see this pinging business not much as a security risk but rather as a useless waste of electrons. If you need to know if your internet is running then pinging can get get you this information, but only for the exact moment you ping. Can change any moment and when you then send a request to a site you *really* want to connect to, then this ping information is as old as yesterday's paper.

Lucid never included this Icanzahip stuff in ipfinfo and worked without said feature as seen in this scrot. So the question is why is it needed in the new ones?????

As far as I can see nobody claimed that this is needed. But so is most of the information on the "Interfaces" tab. It's only an info dialog. I personally couldn't care less about my external IP address.

[jamesbond]

Puppy pinging the Internet, to test for connection, is a normal function of connecting to the Internet.

Hmmm..I doubt that for setting up an internet connection it is a normal, let alone necessary procedure.

I wouldn't argue what's normal and not about what's involved in setting up an internet connection. That's very subjective. However, bigpup talk about "to test for connection" being part of it. Sure, you can set up a connection without testing whether that connection actually works. But that's not the Puppy way. Now you may have missed that I said about what is involved in "testing for connections" - please see here (page 2 of this thread). Happy to hear your feedback if you think that's not right.

I even doubt that Puppy is using it for this purpose, but I can be wrong.

So what do you think Puppy is doing it for?

Just fire up your browser, download manager or whatever tool you intend to use and try. If the internet is down, they will tell you with a meaningful error message - if they are properly designed.

You're not really suggesting that we fire chrome before launching PPM just to test the connection, are you? From my other post here, I said

And sometimes, just by doing the job directly (e.g. in PPM, instead of pinging ibiblio.org; just do wget ibiblio.org if what you want to do is just to grab its contents) can result in an annoying user experience where the operation will eventually fail but it takes a very long time to do so. By pinging, we can (sort of) test the network connection and if it is not sufficiently good enough, we can fail fast and tell the user about that.

To add to that, I recall vaguely (but not sure myself) that the pinging was originally added exactly because of that: because directly doing the operation when the network was on certain invalid state caused exactly the problematic delays I said above.

I can even give you a direct example, which I reported in slacko64 thread: if you fire slacko64 in qemu, the "firstrun" dialogbox will not show up (I waited for 10 mins). Why? because it was trying to do wget to ibiblio.org (perhaps to test for updates?); and that wget was hanging thanks to qemu's weired networking. I can only get the firstrun dialog if I open a terminal and "killall wget". You may claim that qemu is not a real hardware - that's beside the point. The point is, there are certain network states that can cause problems to hang indefinitely or a very long time, before finally failing and giving up. Of course, pinging is *not* the only way to handle this; but this is what Woof-CE has for the moment. If you have a better way, as mavrothal always say, "patches are welcome".

If you need to know if your internet is running then pinging can get get you this information, but only for the exact moment you ping. Can change any moment and when you then send a request to a site you *really* want to connect to, then this ping information is as old as yesterday's paper.

How true. Past performance is not an indicator of future performance. Just because your still have a heart beat a second ago does not mean in the next second you will still have it. Yet many people buy stock based on their past performances. And most likely you're still alive to read this post too. So yes, just because you've successfully ping a server a second ago doesn't mean that the internet is still up a second later. But *chances are*, it is.

As far as I can see nobody claimed that this is needed. But so is most of the information on the "Interfaces" tab. It's only an info dialog. I personally couldn't care less about my external IP address.

One man's delicacy is someone else's poison. So choose your poison carefully
E.g. those people who like to the peer-to-peer VOIP calls while behind NAT router, they need the external IP address information. And I know a few of regular puppy users who do exactly this. Just because it's not useful for you doesn't mean it's not useful for others.

[01micko]

I can even give you a direct example, which I reported in slacko64 thread: if you fire slacko64 in qemu, the "firstrun" dialogbox will not show up (I waited for 10 mins). Why? because it was trying to do wget to ibiblio.org (perhaps to test for updates?); and that wget was hanging thanks to qemu's weired networking. I can only get the firstrun dialog if I open a terminal and "killall wget".

Yes the wget thing to ibiblio was my idea.. perhaps not so clever... (self critique ) but in saying that we do need a reliable method to test connection.

You see, the new firewall is aggressive, perhaps too aggressive and perhaps needs revisiting, but to cut a long story short, it was apparently not working for browsing if you set it with default settings before connection is up, so a connection test was needed such that the button to set the firewall could be greyed out.

Perhaps what is really needed is a standard script that can test a)router connectivity, then b)internet connectivity then c)DNS resolution, which should cover all the bases.

For a) maybe simple parsing of output from 'busybox route' will do. Remember, some machines might be part of a network that does not have internet connectivity. For b) and c) probably ping is the best, especially if we consider that some may be on dialup or have very slow connections due to other reasons. If a ping response isn't returned in less than 5 seconds then we error.

Ah.. but whom do we ping? Ibiblio (and mirrors) isn't always up. Most reliable ones I can think of are one of the 13 root hint servers (duck and google it) but as has been pointed out to me that these are run or at least sponsored by corporate interests.

Maybe a traceroute with a limit of 4 hops is enough as it should return something from your ISP and with some really clever regex maybe we can grok that out!

Any suggestion is welcome but seriously, if anyone suggest we don't do tests then we are heading backwards as far as being 'man's best friend' is concerned.

[Karl Godt]

Hmm .. have not read the whole thread ..

ABOUT PING :

Slacko-5.3.X had weird code in /usr/sbin/delayedrun .

That was the worst case of nested if I have ever seen in Puppy : some 1-2 dozen if just to ping google.com to tell the F****** childish USER some bullshit ..!

Barry Kauler does not use functions much, but even if code is called only once ,
functions allow to escape code easily without huge mountains of if's .
Sometimes I doubt, he even was a professor, and if he was, then I understand he retired,
because learning from him is to learn by mistakes !

WOOFWOOF !

[Karl Godt]

Yes the wget thing to ibiblio was my idea.. perhaps not so clever... (self critique ) but in saying that we do need a reliable method to test connection.

Hmmm .. /etc/resolv.conf is needed by firefox !

Code: Select all

test -s /etc/resolv.conf
grep '[[:alnum:]]' /etc/resolv.conf

And since i have an USB 3G Stick with 2G plan on usbnet.ko, cdc-ether.ko,e1000e.ko being eth1 :

Code: Select all

ifconfig | grep -E 'wlan|eth|ppp'

If these fails, tell USER to ping manually his favorite site like

Code: Select all

ping murga-linux.com || ping github.com

!

[darry1966]

PostPosted: Today, at 00:27 Post subject: Reply with quote
darry1966 wrote:
Ok lets cut to the chase the older Pups namely in this case 5.11 Lucid never included this Icanzahip stuff in ipfinfo and worked without said feature as seen in this scrot. So the question is why is it needed in the new ones?????

You may want to look at line 21 of the /usr/sbin/ipinfo in luci-511 Wink

Ipinfo is actually in all the puppies since 2009, always querying icanhazip for the external IP. However, all the old puppies (till a couple of years back) never offer the option to inactivate this step.
As jamesbond explained above, there is no way to get that info unless you actually connect (not ping) somewhere.

Thank you Mathrothal and MochiMoppel for the clarifications. I shall look at line 21.