Best of two worlds, puppylinux on WSL?

What features/apps/bugfixes needed in a future Puppy
Message
Author
bark_bark_bark
Posts: 1885
Joined: Tue 05 Jun 2012, 12:17
Location: Wisconsin USA

Best of two worlds, puppylinux on WSL?

#1 Post by bark_bark_bark »

Would it be possible to run puppy linux on Windows Subsystem for Linux. I don't run Windows 10 myself, but I think it would be a neat idea. I've seen people get Fedora and Arch Linux running with WSL, so why not Puppy?

Helpful links:
https://github.com/alwsl/alwsl
https://github.com/RoliSoft/WSL-Distribution-Switcher
....

jamesbond
Posts: 3433
Joined: Mon 26 Feb 2007, 05:02
Location: The Blue Marble

#2 Post by jamesbond »

Why? WSL is bad for business. Win$ is the most attacked system in the world due to its pervasiveness. WSL just opens another front, which will entice people to attack it via the ELF interface. Unfortunately we Linux folks can easily becomes collateral damage in between :evil:

(In case it's not clear: Ubuntu is probably not targeted in the past because it's not worth targetting. With Ubuntu being part of Windows in WSL, more people now have incentives to find loopholes in Ubuntu so they can gain access to Windows. They can attempt to attack Ubuntu native, or Ubuntu WSL, doesn't matter, the end result is more people working to attack Ubuntu (and Linux in general) because by being associated with the largest virus host on the planet, it has now become a worthwhile target too).

Our freedom to run Linux without antivirus is about to end in 3 ... 2 ... 1 ...
Fatdog64 forum links: [url=http://murga-linux.com/puppy/viewtopic.php?t=117546]Latest version[/url] | [url=https://cutt.ly/ke8sn5H]Contributed packages[/url] | [url=https://cutt.ly/se8scrb]ISO builder[/url]

User avatar
greengeek
Posts: 5789
Joined: Tue 20 Jul 2010, 09:34
Location: Republic of Novo Zelande

#3 Post by greengeek »

jamesbond wrote:Our freedom to run Linux without antivirus is about to end in 3 ... 2 ... 1 ...
I am thinking that it is time to learn how to strip puppy linux back to the absolute essential code that is required to get a users own system to boot and do exactly (and only) what that user wants.

I am not talking specifically about "barebones" types of puppy - they often don't seem to boot, or lack essential features - I am more thinking of a fully configured (ie heaps of wifi fware etc etc) puppy that also incorporates the ability to "strip away" un-needed or unused functionality after booting and configuration has been completed.

A bit like Technosauruses zdrv cutter - but for all system utilities as well as fware.

eg: does your puppy actually need wget? curl? ssh? etc etc

The less code that is running (or available to be run) then surely the more likelihood of the system being secure I would have thought.

Each component could then be examined for it's inherent safety and only trim code with no security holes could be selected. (would this mean drop bash in favour of ash?). Maybe it would not be puppy linux any more but I feel it has become necessary to fork linux away from the windows-style updates and antivirus regime which appears to be in the wind for linux.

bark_bark_bark
Posts: 1885
Joined: Tue 05 Jun 2012, 12:17
Location: Wisconsin USA

#4 Post by bark_bark_bark »

I get what you're saying about security. But is anti-virus truly needed in the first place? Many people are able to run Windows just fine without the need of anti-virus.
....

jamesbond
Posts: 3433
Joined: Mon 26 Feb 2007, 05:02
Location: The Blue Marble

#5 Post by jamesbond »

@greengeek: I'm a bit rusty in my knowledge about Puppy's inner workings, but what you want can be done, if:
a) the puppy in question has a record of what packages got installed during the build process - CHECK! (many puppies do these days).
b) the installed packages are recorded in an identical manner to a package installed after installation - WANTED (many puppies recorded the "built-in" packages in a separate package registry, so it cannot be easily uninstalled by the standard package manager) - I may be wrong on this.
c) have some sort of command-line package manager which can be "scripted" to quickly remove unnecessary packages - IN PROGRESS (I understand "jlst" is doing stuff like this in Woof-CE).

That being said - unless you remaster the resulting Puppy, and use the remaster instead of the original, deleted files aren't actually deleted, they're just hidden ... and can still be accessed if one knows the secret path (actually not so secret, it's /initrd/pup_ro2).

@bark3: anti-virus is a part of defense-in-depth. Running Windows without AV is possible, but it requires eternal vigilance. Make one mistake and you're pwned. Although the most common way to catch a malware is still through social engineering, these days you can get it through unassuming actions, e.g. via drive-by downloads, by forgetting to update flash, malicious embedded font/embedded pictures in emails? Etc.
Fatdog64 forum links: [url=http://murga-linux.com/puppy/viewtopic.php?t=117546]Latest version[/url] | [url=https://cutt.ly/ke8sn5H]Contributed packages[/url] | [url=https://cutt.ly/se8scrb]ISO builder[/url]

User avatar
greengeek
Posts: 5789
Joined: Tue 20 Jul 2010, 09:34
Location: Republic of Novo Zelande

#6 Post by greengeek »

bark_bark_bark wrote:Many people are able to run Windows just fine without the need of anti-virus.
I reckon that most people don't actually know when they have a virus. Often there may be a slight slowdown of CPU function and the occasional flash of the network icon and those are the only symptoms.

Unfortunately as time has gone on Linux has become a threat to state governments and anyone else who wants to spy on users, so a lot of effort has gone into hijacking Linux code. Tthere is a lot to be gained by hijacking the massive number of Linux driven web servers that drive the internet, and also the fastest supercomputers use linux too - especially the Chinese ones (eg Sunway TaihuLight and Tianhe-2).

With so much to be gained by jailbreaking Linux code it is no longer as easy as it used to be to protect our Linux systems. The money-minded thieving hackers don't care too much about us, but government agencies do, and they have immense resources to split Linux wide open.

User avatar
drunkjedi
Posts: 882
Joined: Mon 25 May 2015, 02:50

#7 Post by drunkjedi »

jamesbond wrote:Our freedom to run Linux without antivirus is about to end in 3 ... 2 ... 1 ...
I just came across This news.
May be you guys already know it, but hell, I am surprised and sceptical.

jamesbond
Posts: 3433
Joined: Mon 26 Feb 2007, 05:02
Location: The Blue Marble

#8 Post by jamesbond »

drunkjedi wrote: May be you guys already know it, but hell, I am surprised and sceptical.
Yes I've heard about it. I'm writing an article in my blog about it (not finished yet, only part I is published, out of 5 parts).

It's part of the game they play. They have been at it for a long time now. Remember who celebrated Debian Jessie launch? Of course.
Do you know who are the active developers of "git" these days? Yes, "git", the SCM system used to manage Linux kernel source code?
Do you think that MS throw good money to make WSL, just so that a bunch of developers can have the convenience of testing their Linux software without having to fire up a Linux VM? Or even, as a marketing tool for their Azure cloud?
Fatdog64 forum links: [url=http://murga-linux.com/puppy/viewtopic.php?t=117546]Latest version[/url] | [url=https://cutt.ly/ke8sn5H]Contributed packages[/url] | [url=https://cutt.ly/se8scrb]ISO builder[/url]

bark_bark_bark
Posts: 1885
Joined: Tue 05 Jun 2012, 12:17
Location: Wisconsin USA

#9 Post by bark_bark_bark »

jamesbond wrote:@bark3: anti-virus is a part of defense-in-depth. Running Windows without AV is possible, but it requires eternal vigilance. Make one mistake and you're pwned. Although the most common way to catch a malware is still through social engineering, these days you can get it through unassuming actions, e.g. via drive-by downloads, by forgetting to update flash, malicious embedded font/embedded pictures in emails? Etc.
You don't need anti-virus for that, you just need a secure browser (like Pale Moon), and a good ad-blocker. Also, my mail program blocks remote content by default and I set it to view all emails in plaintext.

BTW, speaking of drive-by downloads, Chrome (and chromium/chrome-based browsers) are all vulnerable to drive-by downloads.
....

jamesbond
Posts: 3433
Joined: Mon 26 Feb 2007, 05:02
Location: The Blue Marble

#10 Post by jamesbond »

bark_bark_bark wrote:You don't need anti-virus for that, you just need a secure browser (like Pale Moon), and a good ad-blocker. Also, my mail program blocks remote content by default and I set it to view all emails in plaintext.
You have taken good precaution. But it takes one bug in Palemoon and your defense is broken. AV is a second line of defense. You might say that well that's the same thing could happen in Linux; and I would totally agree. The only difference is that - as greengeek pointed out - we're not being targeted (yet) because we're too small.
BTW, speaking of drive-by downloads, Chrome (and chromium/chrome-based browsers) are all vulnerable to drive-by downloads.
Exactly my point - to live AV free on Windows, you need constant vigilance because one oops means you're pwned.
Fatdog64 forum links: [url=http://murga-linux.com/puppy/viewtopic.php?t=117546]Latest version[/url] | [url=https://cutt.ly/ke8sn5H]Contributed packages[/url] | [url=https://cutt.ly/se8scrb]ISO builder[/url]

bark_bark_bark
Posts: 1885
Joined: Tue 05 Jun 2012, 12:17
Location: Wisconsin USA

#11 Post by bark_bark_bark »

bump
....

bark_bark_bark
Posts: 1885
Joined: Tue 05 Jun 2012, 12:17
Location: Wisconsin USA

#12 Post by bark_bark_bark »

I would still like to see some way to run Puppy in WSL, but I'd settle for the ability to install popular puppylinux programs in WSL. Has anybody gotten puppylinux programs like pmusic to run directly on Ubuntu 16.04?
....

disciple
Posts: 6984
Joined: Sun 21 May 2006, 01:46
Location: Auckland, New Zealand

#13 Post by disciple »

I would still like to see some way to run Puppy in WSL
Is that still the case?
Using a custom distro is actually supported/documented now https://docs.microsoft.com/en-US/window ... tom-distro
I think I also remember seeing 3rd party projects to make it easier. (Edit -lxrunoffline is a good option, but I'm pretty sure it won't just accept an iso)

As far as I know sound can only work if you use pulseaudio (have a look at https://github.com/aseering/wsl_gui_autoinstall for setting it up). Can Pmusic etc use pulseaudio? WSL has no oss or alsa as it has no Linux kernel.
Colinux might be a better way to go, although I can't remember if audio worked when I used it years ago.
Otherwise you might need to try something like VirtualBox with the guest additions, if Pmusic on Windows is important!
Apart from sound, what issues are there on Ubuntu? Was it the problems with gtkdialog when the default shell is dash?

BTW for anybody using WSL, I recommend WSLtty.
Last edited by disciple on Tue 16 Apr 2019, 08:37, edited 2 times in total.
Do you know a good gtkdialog program? Please post a link here

Classic Puppy quotes

ROOT FOREVER
GTK2 FOREVER

disciple
Posts: 6984
Joined: Sun 21 May 2006, 01:46
Location: Auckland, New Zealand

#14 Post by disciple »

The other thing to keep in mind is that AFAIK WSL still only supports 64bit, so you'd need to start with Fatdog or some other 64 bit "puppy".

Unless it is just that only 64bit distros are available, and it doesn't support 32 bit binaries in a 64bit distro... seems unlikely though.
Do you know a good gtkdialog program? Please post a link here

Classic Puppy quotes

ROOT FOREVER
GTK2 FOREVER

disciple
Posts: 6984
Joined: Sun 21 May 2006, 01:46
Location: Auckland, New Zealand

#15 Post by disciple »

disciple wrote:As far as I know sound can only work if you use pulseaudio
Although Jack may work too - if google doesn't answer it, someone interested may want to start at https://www.linuxmusicians.com/viewtopic.php?t=12818
Do you know a good gtkdialog program? Please post a link here

Classic Puppy quotes

ROOT FOREVER
GTK2 FOREVER

User avatar
rufwoof
Posts: 3690
Joined: Mon 24 Feb 2014, 17:47

#16 Post by rufwoof »

jamesbond wrote:
bark_bark_bark wrote:You don't need anti-virus for that, you just need a secure browser (like Pale Moon), and a good ad-blocker. Also, my mail program blocks remote content by default and I set it to view all emails in plaintext.
You have taken good precaution. But it takes one bug in Palemoon and your defense is broken. AV is a second line of defense. You might say that well that's the same thing could happen in Linux; and I would totally agree. The only difference is that - as greengeek pointed out - we're not being targeted (yet) because we're too small.
BTW, speaking of drive-by downloads, Chrome (and chromium/chrome-based browsers) are all vulnerable to drive-by downloads.
Exactly my point - to live AV free on Windows, you need constant vigilance because one oops means you're pwned.
Physical separation is more preferable, and with PC miniaturisation such as PC's on a stick (USB stick sized) devices 'multi core' setups should instead strive towards multi-processors. Running Linux programs in effect under a Windows host is only as secure as that Windows host. Locally, the argument for running a personal single user desktop system as root fundamentally distils down to data and both user and root having authority to read/change/delete that data. Network wise, online accounts, financial transactions etc. have vastly more attack points, Even if your local end is secure, the connection between and/or remote hosts could just as equally have you compromised. Personally I use online email and only pull down (copy) the text for the emails I desire to be kept relatively private for local storage. I use a hosts file instead of a adblock plugin. And I use the latest version of browser, cleanly booted from a cleanly booted OS (Fatdog at present). For when (note - not if) that is pwned, then its a liveCD (DVD) with no HDD physically attached - no saves (persistence, other than when I freshly boot to reconfigure things and make a new savefile). For data storage I run a OpenBSD box, base system only, that using a limited userid reverse sshfs mounts one of its folders as a mountpoint (folder) on Fatdog. All inbound ports are closed on that OBSD box (so no ssh into it etc.). That box takes regular snapshots of the Fatdog mounted data content into another OBSD box folder, which in turn is periodically backed up.

In my case that OBSD box is a single core celeron, but it could just as equally be a PC on a stick type device, perhaps using MMC/SD cards for storage. Broadly that is relatively 'safe'. De-pwning is simple/quick/easy. The greater risk is having online accounts pwned and to reduce that risk I prefer to use a updated/latest browser. On my Fatdog LiveCD system for instance I have the base savefile - around 7MB in save file size of my changes/customisations and after booting I add a gtk3 sfs - as chrome needs that and a chrome sfs (that I create using fatdogs install chrome option that creates a .tgz, that I then right mouse click and convert to sfs before saving that to /data (outside of the OS) and reboot without saving. So each reboot has me back at a clean OS and browser, but where shortly after booting /data pops up so I have access to limited amounts of data/data storage, but where more important data is stored in other OBSD box folders that are totally out of reach of Fatdog - excepting if I so choose to open them up to Fatdog (typically when I also ensure there are no external/WAN connections). As for online accounts, well I can secure banking transactions by clean booting a pristine OS and clean latest browser and go directly to that bank, nowhere else before or after ... and that's relatively safe. For everything else, general browsing you just have to accept that certain sites might be pwned, as might online transaction details (so use a dedicated card with low limits for online purchasing).

With regard to WSL, I have no need for it and would opt for multi-processor instead if I did (or even running Windows from under 'nix rather than the other way around). As for stripping out ssh, curl ...etc. well for me they are programs I use regularly, and in the case of ssh, heavily (I just use curl for local weather reports).

Security isn't a product, its a process. Yes you can adopt multiple security products that collectively aid in that process. Similarly no defence (security) is impenetrable given sufficient desire - excepting the most extreme cases (usability and security tend to be inversely correlated) where usability is zero.
[size=75]( ͡° ͜ʖ ͡°) :wq[/size]
[url=http://murga-linux.com/puppy/viewtopic.php?p=1028256#1028256][size=75]Fatdog multi-session usb[/url][/size]
[size=75][url=https://hashbang.sh]echo url|sed -e 's/^/(c/' -e 's/$/ hashbang.sh)/'|sh[/url][/size]

disciple
Posts: 6984
Joined: Sun 21 May 2006, 01:46
Location: Auckland, New Zealand

#17 Post by disciple »

disciple wrote:BTW for anybody using WSL, I recommend WSLtty.
Also, use lxrunoffline, rather than installing distros from the Windows store.
Do you know a good gtkdialog program? Please post a link here

Classic Puppy quotes

ROOT FOREVER
GTK2 FOREVER

lmemsm
Posts: 51
Joined: Wed 27 Jun 2012, 15:01

#18 Post by lmemsm »

bark_bark_bark wrote:I would still like to see some way to run Puppy in WSL, but I'd settle for the ability to install popular puppylinux programs in WSL. Has anybody gotten puppylinux programs like pmusic to run directly on Ubuntu 16.04?
I get most programs I use to work natively in Windows and on Linux. Haven't looked at the source code for pmusic. However, most programs written with a cross-platform GUI will work on either system. Just takes some recompilation and patching. I use mingw and msys as a development environment on Windows. One could use Cygwin as well which can help with the porting process and provides a POSIX compatible layer. Midipix project is also working on a POSIX compatible layer for native Windows programs.

Had a comment on the security issue in this thread as well. In many cases, decent sandboxing of applications is a good way to make things more secure. I have read about a Microsoft project that was increasing sandboxing of applications. Linux has Linux containers which accomplishes this and systems like Docker make use of it. Android phones also use sandboxing between their various applications. It wasn't mentioned, but some Linux distributions are also running on Android devices. I think that would be an interesting option for an OS like Puppy as well.

disciple
Posts: 6984
Joined: Sun 21 May 2006, 01:46
Location: Auckland, New Zealand

#19 Post by disciple »

Haven't looked at the source code for pmusic.
Pmusic is one of many "popular puppylinux programs" written in bash and using gtkdialog, so you would need to install one of the systems that provides bash, and it would probably be easiest to use WSL or CoLinux or an emulator.

I would have thought most "popular puppylinux programs" could be made to work reasonably easily in WSL. But as I noted above, anything that does audio recording or playback will be a problem unless you can get it to use pulseaudio. Something like virtualbox might be a better option.
Do you know a good gtkdialog program? Please post a link here

Classic Puppy quotes

ROOT FOREVER
GTK2 FOREVER

lmemsm
Posts: 51
Joined: Wed 27 Jun 2012, 15:01

#20 Post by lmemsm »

disciple wrote:Pmusic is one of many "popular puppylinux programs" written in bash and using gtkdialog, so you would need to install one of the systems that provides bash, and it would probably be easiest to use WSL or CoLinux or an emulator.

I would have thought most "popular puppylinux programs" could be made to work reasonably easily in WSL. But as I noted above, anything that does audio recording or playback will be a problem unless you can get it to use pulseaudio. Something like virtualbox might be a better option.
Sounds like it would be relatively easy to convert it to something that would work on Windows then. Bash works in msys or Cygwin or with midipix. I've even seen some native (but older) bash ports that don't require a POSIX compatibility layer (such as winbash). The Minoca OS Swiss project also has an interesting shell implementation that will work on Windows. I personally don't use gtkdialog, but I have been able to get yad and dialog working on Windows. I have flrec working on Windows and Linux systems (but it uses a FLTK front-end and a sox backend).

If you don't require binary compatibility, you can rebuild a lot of the Puppy programs from source and get them to run fine on Windows. Virtualbox or qemu would probably be better options if you wanted the binary compatibility.

From what I've read about WSL, it's more useful for command line/console programs. Someone on the LFS list built a LFS system using WSL and he mentioned performance was rather slow. One article mentioned that in order to run GUI programs, you'd need a native X server which brings you back to solutions like Cygwin or native ports of X Windows like Xming. (By the way, I did build X Windows from source natively on Windows a few years ago.) My guess as to one reason WSL was created was to run server software like nginx and Apache and tools/languages like Python which are a real nuisance to compile natively on Windows (even harder than building X Windows itself).

Think it might be pretty interesting to try to get some of the functionality of the Puppy package managers working natively in Windows. Having popular Linux and/or Puppy applications work on Windows is useful if you have to use Windows at work and still want the environment somewhat similar to home devices that run Puppy Linux. Also, if applications port to Linux and Windows, they're probably going to be fairly easy to port to other devices/machines as well. That could potentially make Puppy (or a Puppy-like system) available on a lot more machines.

Post Reply