Fatdog64-700 beta2 [Closed]

[olinm]

So now that the linux version of Firefox and Flashplayer are being exploited the exact same amount if times as windows with a universal exploits that works across all platforms you would rather have your passwords and login details stolen just by visiting websites with infected flash adverts because you are out of date?

Because that how serious the last 3 flashplayer exploits have been if you go and google it.

Sadly you are out of date if you think linux is still safer than windows to browse the web because it isn't.

It's not like it would be forced on you if it was an option that you could choose yourself with fatdog, So there would be no reason for you to change if you don't wish too.

Having an option for it to download and install the latest version of Firefox and Flashplayer would fix 90% security issues as most other packages apart from SSL can slip to an out of date as they will only be exploited under special conditions and not just from visiting a website with malicious content.

[rufwoof]

@kirk @technosaurus @Ted Dog - thanks for the insight into lz4

@olinm for my main pup I have flash uninstalled and only install whenever I need to (via a menu click). I use portable firefox which stores outside of puppy space and auto-updates to the latest version automatically as and when released. As I don't run with a savefile and prefer a cast-in-stone system (remaster only to have changes persist across reboots) that works well for me (when also combined with online email service).

I run with a old 10.3 version of flash and generally only use that at the BBC web site whilst they're still transitioning to HTML5. For Youtubes I've switched to using HTML5 (flash disabled). For me other flash required sites are relatively few (rail ticket sites etc that I use (book tickets from) infrequently).

[rufwoof]

Is there (generally i.e. not FatDog specific) a size limit on humongous initrd's?

At/around 450MB I'm seeing PXE failing to boot a humongous initrd. Seems to transfer OK but then just hang.

I've recently dropped my office sfs (comprising Libre, Audacity, Skype, OpenShot, Blender, (full version) inkscape, xvidcap) into my main pup sfs. Depending upon compression level choices I find that some boot (440MB initrd size) OK and others don't (456MB initrd size) - and that's doesn't appear to be machine memory specific i.e. equally applies to a machine with 4GB as it does to machines with lower memory.

PXE tftp transfers also seem to run at wireless speeds i.e. 10Mbit rather than the hard wired 100Mbit rate (for the hard wired/ethernet connection) - guessing that's because wireless is enabled on the LAN and that drags down the LAN speed to the lowest common denominator ???

[jamesbond]

@rufwoof: maximum initrd size: http://murga-linux.com/puppy/viewtopic. ... 395#801395.

@boblark: smallbasic uses FLTK 2.x which is deprecated (you can't even download it from the FLTK website). Harass the author to switch to supported version of FLTK, e.g. 1.3.x branch ... that would be a lot of help.

@olinm: flash player update script. This script will be in the next release, and you should be able to find that in the control-panel. Run it from time to time as you wish. No auto-update on boot, we generally dislike "auto-run" things (that's why there is no "firstrun" wizard despite gcmartin's requests on many occasions )

Code: Select all

#!/bin/sh
# update flash player, works for 32-bit/64-bit
# jamesbond 2015
# MIT License

### configuration
APPTITLE="Flash Updater"
WORKDIR=/tmp/flash-updater.$$

### generic helper
# $1-text
msg() {
	Xdialog --title "$APPTITLE" --infobox "$1" 0 0 10000
}

# $1-text, no-text => kill previous splash
splash() {
	if [ "$1" ]; then
		Xdialog --title "$APPTITLE" --no-buttons --infobox "$1" 0 0 10000000 &
		SPID=$!
	else 
		kill $SPID
	fi
}

get_config() {
	if [ $(id -u) -ne 0 ]; then
		msg "You need to be root."
		exit
	fi	
	case $(uname -m) in
		i*86)
			LIBDIR=lib64
			ARCH=x86_64
			;;
		x86_64)
			LIBDIR=lib64
			ARCH=x86_64
			;;
	esac
	INSTALL_PATH=/usr/$LIBDIR/mozilla/plugins/libflashplayer.so
}

### flash related stuff
# $1 path, stdout: version
get_flash_version() {
	strings "$1"  | sed '/11\.2\./!d; s/[^0-9]*//;s/%.*//;' | head -n1
}

# stdout: version
get_latest_flash_version() {
	wget -qO - "http://www.adobe.com/software/flash/about/" |
	sed '/Mozilla/,/11\.2\./!d; /11\.2\./!d;s/[^0-9]*//;s/<.*//'
}

# $1-version, $2-target
download_flash() {
	wget -qO $2 "http://fpdownload.macromedia.com/get/flashplayer/pdc/$1/install_flash_player_11_linux.$ARCH.tar.gz"
}

##### main #####
get_config

splash "Checking the version of the latest Flash player..."
CURRENT=$(get_flash_version $INSTALL_PATH)
LATEST=$(get_latest_flash_version)
splash

if [ "$CURRENT" = "$LATEST" ]; then
	msg "Your flash player ($CURRENT) is up-to-date."
else
	splash "Your current version is $CURRENT, now downloading version $LATEST..."
	mkdir $WORKDIR; cd $WORKDIR
	if download_flash $LATEST - | tar -xzv; then
		splash
		splash "Download successful, now installing ..."
		cp libflashplayer.so /usr/$LIBDIR/mozilla/plugins
		cp usr/bin/flash-player-properties /usr/bin
		cp -a usr/share/icons usr/share/pixmaps usr/share/applications /usr/share
		splash
		msg "Done. Restart your browser."
	else
		splash
		msg "Download fail. Please try again."
	fi
	cd
	rm -rf $WORKDIR
fi

EDIT: I have also written a firefox updater that will pull the official Mozilla binaries, build a package out of it, and "upgrade" your installation. It's a bit too long to put here, but it will be in the next release too. Please test it when it's done (it will be in the "Updates" tab in Control Panel).

[gcmartin]

Hello @Rufwoof, good find.

... PXE tftp transfers also seem to run at wireless speeds i.e. 10Mbit rather than the hard wired 100Mbit rate (for the hard wired/ethernet connection) - guessing that's because wireless is enabled on the LAN and that drags down the LAN speed to the lowest common denominator ??? ...

If this is true (that behavior), this is a issue that should garner some focus.

Most 64bit PCs have gigabit wire adapters. Many users have gigabit switches on their LANs. Thus, if this report has accurately exposed the phenomenon, this impacts overall system's ability to move data.

I have never configured this way, as I only activate wireless when no LAN cable in inserted. But, can see how a configuration like this may exist.

Never thought to look at this, but, I am interested in how to setup system's routing to insure system discriminates traffic properly when there are 2 paths to the LAN services as well as the internet. Seems an algorithm, or 2, is/are wayward or needed coordination for highest performing path to resources.

This opens our eyes.

Hello @JamesBond. The notion of a FirstRUN is for user review and correction of some of the automatic things that are currently done...in a single Window frame at system's initial boot, or pristine boot. It does not change or defeat anything currently done on system's boot. I hope this gets proper view as a simple User Friendly starter for any user; familiar with FATDOG or new to FATDOG. It is usually only run once, and some may use it periodically as a reference. This is not counterproductive to system ability or use.

I wonder if you are suggesting that there is some downside to providing this for review at initial boot? Or, if it is felt that giving this single screen view to a user at initial boot is wrong somehow for system start? (I can see reluctance, but just trying to understand the user disadvantage that we may be overlooking.)

But, as mentioned before, this is and was a request for FATDOG consideration. NOT a demand of any sort.

So, I find comfort no matter what you produce as I have found that over time, @Kirk and you, do the things which your feel are best for presentation.

[gcmartin]

As a test for performance issues arising when 2 LAN adapters (in this case, wired and wireless) are active to the same subnet, a test need be constructed and PXE Netboot on a FATDOG may just be animal which can shed clear light.

Test 1
So, on one hand, PXE Netboot need be started on a wired ONLY FATDOG. The LAN PC which is to use PXE to boot, should be stopwatched to its desktop.

Test 2 - DO NOT CHANGE the order of these steps of this test as it may impact the outcome.
Start by rebooting FATDOG without its LAN cable plugged in so that ONLY the wireless adapter can be activated for LAN service. This, then, is a wireless FATDOG now running where you insure you have a LAN address. After system reaches its desktop and you have wireless started to your LAN, a ethernet wire need be plugged in. When done, FATDOG will automatically configure it for sysem use. Display your adapters to insure both have IP addresses.

Code: Select all

# ip addr

Next PXE Netboot need be started on this wireless+wired FATDOG. The LAN PC which is to use PXE to boot, should be stopwatched to its desktop.

Comparison

• Has the stopwatch times differed between these 2 tests?

Here to help.

[Ted Dog]

PXE can boot from wireless?, teach me how PLEASE @rufwoof one thing I see as a positive with the ext3 squashfs-ed is the ext3 should be oversized so it can be directly written with changes to AnY device as a prefilled savefile. would be twice as fast since the savefile writing to only occurs once, ( not twice like a blank savefile that is then filled. )
But in this case, savefile would actually be a type of full install

[rufwoof]

No not PXE booting using wireless - but PXE booting via ethernet, but on a ethernet that also has wireless activated. My understanding is that the :LAN automatically slows to the lowest common denominator.

I have a cable modem that provides both wired and wireless, presumably separately, however I have another router that is also wired and wireless plugged into that lan, which whilst that box might isolate the two circuits is common to the main cable modem/router such that I suspect the entire LAN is slowed down to wireless speeds.

Far from sure however as downloads from the internet seem to push through ok at around 50Mbit speeds. It seems to be internal lan transfers i.e. PXE boot that are slower than I would have thought (PXE transfers seem to run at around 1MB/second i.e. 10Mbit speed).

@rufwoof one thing I see as a positive with the ext3 squashfs-ed is the ext3 should be oversized so it can be directly written with changes to AnY device as a prefilled savefile. would be twice as fast since the savefile writing to only occurs once, ( not twice like a blank savefile that is then filled. )
But in this case, savefile would actually be a type of full install

Sorry Ted, you've lost me here. I don't use savefiles, just run with the exact same each and every boot and remaster if I want to make/preserve any changes. I was loading 'office' as a separate sfs after booting, but have more recently added that sfs into the main puppy sfs so no transfer/downloading is required by a PXE booted system - all ready to go as soon as booted (adds to the PXE boot time, but that's not a issue for me/us).

[gcmartin]

Hello @Ted Dog

PXE can boot from wireless?...

No the technology is not a wireless technology.

In this case, trying to understand the impact of the active wireless adapter on wire subsystem behavior.

Hope this is helpful
Edit: Appears we hit the enter-key at the same time. In this race condition, you won.

[boblark]

@jamesbond -Thanks, on SmallBASIC, I will pursue a fix on FLTK 2.x. More later.

[rufwoof]

@rufwoof: maximum initrd size: http://murga-linux.com/puppy/viewtopic. ... 395#801395.

Thanks for that JamesBond. Looked high and low myself and found little guidance. Appreciated.

[rufwoof]

As a test for performance issues arising when 2 LAN adapters (in this case, wired and wireless) are active to the same subnet, a test need be constructed and PXE Netboot on a FATDOG may just be animal which can shed clear light.

Test 1
So, on one hand, PXE Netboot need be started on a wired ONLY FATDOG. The LAN PC which is to use PXE to boot, should be stopwatched to its desktop.

Test 2 - DO NOT CHANGE the order of these steps of this test as it may impact the outcome.
Start by rebooting FATDOG without its LAN cable plugged in so that ONLY the wireless adapter can be activated for LAN service. This, then, is a wireless FATDOG now running where you insure you have a LAN address. After system reaches its desktop and you have wireless started to your LAN, a ethernet wire need be plugged in. When done, FATDOG will automatically configure it for sysem use. Display your adapters to insure both have IP addresses.

Code: Select all

# ip addr

Next PXE Netboot need be started on this wireless+wired FATDOG. The LAN PC which is to use PXE to boot, should be stopwatched to its desktop.

Comparison

• Has the stopwatch times differed between these 2 tests?

Here to help.

Found this http://fogproject.org/forum/threads/pxe ... slow.3671/ that implies slower speeds could be a consequence of tftp's simplicity. The guy was also seeing 10mbit speeds under tftp and saw those jump 10 fold after switching to http based delivery/transfer.

It would be nice to see my 400MB PXE pup net boot in 30 seconds rather than 5 mins - especially as I can download 400MB from the internet in around a minute (conceptually faster to boot using a remote offsite initrd than it is to use a local one !!!).

[olinm]

Thanks James for adding the Firefox and Flashplayer update scripts.

Pain having to remaster 4 USB sticks every couple of weeks but better than nothing and it well help new users stay up too date.

Apparently Firefox have announced its new Privacy initiative Polaris is now in its beta stage so users can expect a load of updates this year.

[neerajkolte]

http://www.howtogeek.com/208908/how-to- ... ity-holes/

[olinm]

It's a good thing to do for protecting people from drive by exploits in adverts auto playing but it doesn't protect people from being infected if they click and play what they think is a legitimate video on a legitimate website until adobe releases a new patch this week.

They are saying it's a bit of a joke on the security forums as it gives people a false sense of security because if you don't click anything then you may as well uninstall flash and if you do click anything then you can't tell until after playing if you are infected.

One of the biggest legitimate video porn sites Xhamster that vets and checks all their content before it gets posted have already been caught out with this flash exploit and are currently unsure how many of it's 600,000 users have clicked what they thought was safe content and got infected.

Click to play is still a good thing to do though and people will still need to use James new update script often until the web moves over to HTML5.

[Sage]

The big problem in GB is the inertia, corruption of the old-school-tie variety and crass IT ignorance amongst the public school management of the BBC who provide their iPlayer. Nothing wrong with their engineers, or, at least, that used to be the case. To cap it all, the idiot Blair awarded Gates an honorary knighthood and there is a strong undercurrent of political interference with the media - probably a universal issue. These goons are so dumb they think the rest of us plebs are as stupid as they are. In short, the Beeb technicians had an html5 virtually ready before the rest, but we have to struggle on with Adobe Flash for the reasons outlined. Sometimes one despairs for a once great and visionary nation presently being degraded by the day by a bunch of morons. The only saving grace that global capitalism, cant, hypocrisy, greed, nepotism and co are degrading most of the RoW as well! The human condition one presumes. Fatalists might welcome the next large meteor strike followed by the third/fourth/fifth mass extinction?

[Keisha]

...The only saving grace that global capitalism, cant, hypocrisy, greed, nepotism and co are degrading most of the RoW as well! The human condition one presumes. Fatalists might welcome the next large meteor strike...?

Heh...I like you...

[Wognath]

jamesbond wrote here

The system will automatically clean out everything inside /var during restart unless [kernel parameter "keepvar"] is set. It works fine for Fatdog, but slackware keeps a lot of stuff in /var (e.g - list of installed packages), so if you don't keep the content of var, well - lotsa things will break sooner or later (e.g. can't uninstall packages).

/var/slapt-get contains a lot of txz packages, even from apps I have removed. Does "it works fine for Fatdog" mean I can delete these? (I'm cleaning house to reduce long "running auchk" delay during bootup)
Thanks

[olinm]

New patch is out , everyone should update.

" 15 hijack flaws patched "

http://www.theregister.co.uk/2015/02/05 ... erability/

The remote-code exec bugs allow miscreants to hijack vulnerable Windows, OS X and Linux computers, simply by luring victims to websites booby-trapped with malicious Flash files.

People should upgrade their copies of the software as soon as possible. Adobe noted that at least one of the flaws (CVE 2015-0313) is already being exploited by attackers to take over PCs from afar. Once inside a computer, crooks can swipe passwords, spy on victims and more.

[step]

I'm making an SFS file for an app that needs to add new MIME types to the system. That calls for automatically running:
update-mime-database /usr/share/mime/packages
when the SFS file is loaded. I will place that command inside tmp/sfs/autorun.sh in the SFS source folder.

1) Is it appropriate for an SFS file to update MIME types, or will it break something in the existing MIME types and/or menus?
2) Does /tmp/sfs/autorun.sh fire before or after the SFS filesystem is loaded? I need it to fire after.