Criticism of woof-CE and of the people involved in it.

[anikin]

Yes, I'm saying exactly that. There's a huge difference between me performing a one off ping, when needed and scripts doing automated jobs on *every startup* - actually creating tracking logs on remote servers. I didn't ask for them, I didn't even suspect they existed. I thought it was only icanhazip ... now we're also pinging Google and sourcforge ... oh, we changed that to duckduck. Don't ask, don't tell. No questions asked, no lies are told. FOSS, high principles, kernel deblobbing, benevolent dictators ... and secretly planting pinging scripts to your faithful, unsuspecting users. What a heck of a way to run a community project!

[Flash]

Jeez, take a pill and go lie down for a while.

[mavrothal]

Yes, I'm saying exactly that. There's a huge difference between me performing a one off ping, when needed and scripts doing automated jobs on *every startup* -

Please get your facts straight and see the links I provided earlier (hope dies last )
Puppy pings duckduckgo only the first time you boot at pupmode=5 a new puppy to see if you have an internet connection and set up. Not in every boot.
Checks with duckduckgo when you ask for a help page that is in the internet, since puppy does not have man pages.
Pings duckduckgo to verify that there is an internet connection when you open PPM, to see if there is a service pack
Pings duckduckgo to verify that there is an internet connection when you want to search video driver upgrade
Pings duckduckgo to verify that there is an internet connection when you want to see if there is an internet connection
and checks with icanhazip when you want to know your external IP.
All these are in plain text files and not hidden anywhere.

Once more do you have any idea where your browser is calling the moment you open it? Can you find out in any text file in your computer? Do you know where to look in the internet to find out?
What about Your"office" app? your media player?
But I do not think that any of these is making any difference to you.
You may consider the recommendation given just above.

[musher0]

Hi anikin.

If you don't like pinging, I have a 25-year old ( maybe 28 ) Brother
electronic typewriter. Still in good working order. Barely used. Has a 8-
line back-lit LCD display. Comes with the "WP-4U" word-processor. I'll let
you have it for the delivery cost. ( Come to think of it... Maybe not; a
museum may give me good money for it! )

You think I'm joking? That was president Putin's reaction after Russia gave
refuge to Edward Snowden: he ordered 20 ( Olivetti? not sure of the brand )
electronic typewriters for the Kremlin and threw the computers out. It was
all over the news, I'm not making this up. (Another source:
-- https://www.rt.com/news/typewriters-rus ... lance-975/ --)

I don't know what you're using your Puppy for , but maybe this is
something you could consider!

Best regards.

musher0

[gcmartin]

There is a major problem with this discussion on security in this thread. The issue of security for ANY PUP created using either WOOFQ or WOOFCE is missing a very necessary component. I and others had hoped in the past to get the community to discover this, but, it was never done.

Without derailing the opening post's intent, and hoping to remain on the security topic raised, I offer this concept.

Security means a lot of things to all sorts of members, as we have seen all too many times in the past. There is ONE SILVER BULLET which, IMHO, must be brought to bear so that this constant issue can be put to bed, once and for all. This does not mean that its a forever-more answer, but, does put a legitimate stake in the discussion and distro implementations so that membership does NOT have to recreate the wheel in PUPs or theory about how security exist in any Pristine PUP delivered by this community.

I propose and opening statement be added to FirstRUN which states clearly what Pristine booted PUPPY Linux has done in its presentation. Further, there could be a utility to turn on/off the things that "experienced" users object to.

Here's the problem, from a historical review.
Puppy happened on the scene during a time when many,many,many of community users were on dial up. And for the most part, most had 1 PC in the home. When getting a 2nd Windows PC, the first PC was freed to experiment....hence Linux/Puppy to avoid the issues experienced with the MS/Apple PC. Puppy was designed to bring a simple, easy to use OS as a single autonomous PC with a modem existing in the home. Additionally, users in many of these homes had LAN cards on the motherboards of their PCs and this allows, via a hub/switch, the ability for the PUPPY PC to "see" the Apple/Windows PCs and use their shared information (rather leech that information). This occurred during the simultaneous rise in ubiquitous DSL/Cable/Satellite links that many achieved to their homes. Puppy took advantage of this community for its general means so that member could add, at there leisure, other needed applications by pulling it from the internet with the INTERNAL tools and utilities that PUP provides. This, by the way, is NOT uncommon for any OS in today's world. Further, it is the direction of the world for IoT devices where the vendor can provide updates in EXACTLY the same way we have seen from Apple/MS/smartPhones/Tablets/etc. This is NOT an insecure or a new phenomenon. Its, now, decades old.

In order for any of those things to work, Puppy, on behalf of non-astute users, did the heavy lifting to ease it purpose for those things mentioned. Throughout this process and growth in Puppy Linux, the author and his assistants worked to make this a safe facility in use, both on the LAN and over the WAN for user use.

Then, along the way, some user(s) felt they were violated by PUPPY's approach to providing this for users and DEMANDED a change. This demand continues even to this day and it overshadows the real issue.

So, I propose this: Why not, in FirstRUN, at the very top of its screen, it provides the concept of PUPs LAN/WAN services it provides, OOTB. And point those who object to another screen where they can adjust the LAN/WAN behavior to their desires.

Puppy LInux should STATE THIS UP FRONT leaving no doubt of what is provided so that the "back-door" accusations will cease, and this security topic can be reduced to findings that may be useful in system use.

I hope this is understood. I hope it is met with some agreement and a move to provide such a statement, somewhere in initial/pristine Puppy use so that pundits will be satisfied and user awareness is raised.

Lastly, routers continue to improve.

You be the judge.
Edited: Spelling corrections.

[anikin]

Please get your facts straight and see the links I provided earlier
Puppy pings duckduckgo only the first time you boot at pupmode=5 a new puppy to see if you have an internet connection and set up. Not in every boot.
Checks with duckduckgo when you ask for a help page that is in the internet, since puppy does not have man pages.
Pings duckduckgo to verify that there is an internet connection when you open PPM, to see if there is a service pack
Pings duckduckgo to verify that there is an internet connection when you want to search video driver upgrade
Pings duckduckgo to verify that there is an internet connection when you want to see if there is an internet connection

There's no need to ping. If *it's up* - you're connected. If *It's down* - you're not connected. What does pinging do? Shows the obvious - up/down. Once again, your scripts will work perfectly well *without pinging*. If it's up, you'll get it, if it's down, you won't get it. It's that simple.

and checks with icanhazip when you want to know your external IP.

Automatically, mind you on *every* startup.

Do you know of any other distro with similar pinging scripts? There isn't one in this whole world. Why do you think Slackware doesn't use this procedure? Because, the benevolent dictator cares about his reputation. Do you? I can't imagine him in a discussion like this one. What will happen if Puppy adopts the Linux Way, e.g. the way of common sense and ditches the crap? What do we stand to lose ... or gain?

[James C]

Or one could try Ubuntu Privacy Remix.
https://www.privacy-cd.org/en/home-main ... vacy-remix

The system kernel is modified so that it ignores any network hardware. UPR therefore is an isolated system which can not be attacked via LAN/WLAN/Bleutooth/Infrared etc.

The system completely ignores any local hard disks. Neither can they be used by malicious software to save sensitive data outside the encrypted removable media - unencrypted and unnoticed for later attacks - , nor could this happen accidentally by the users inattention. Malicious software can also not be loaded from already compromised hard disks into UPR.

[gcmartin]

There are distros that are built for master users and there are ones built for general users. Imagine giving a Windows or MAC user a Forensic distro and telling them to use it for their day to day work. These system and systems like this are designed for penetration testers and security researchers. This is not done for some very good reasons.

Ubuntu, RedHat, Suse, Knoppix, Windows, iOS, Android, Chromebook, etc do NOT give these kinds of system to general users. Puppy in its general nature, intends to be an easy to use system that goes over the top to try to make it such for users. It's statements since its inception on Distrowatch asserts this.

Maybe we should consider a statement telling users that Puppy, OOTB is delivered this way. And, then make it simple/easy/convenient/whatever so that it make any PUP built to be all too easy to start up and become useful. This could be posted at a pristine start requiring the user to check a box indicating that he has read the opening posting. (Yeah, its not a fail-safe, but it is a correct step)

The community that comes to PUPPYLAND is not the elite scholars of the world. We should be considerate of that and try as best we can to NOT create scholars, but, to create users who will become scholars on Puppy Linux.

For every service that is shut down, you will shut out a segment who find it too difficult to do anything without needing to turn this or that to get anything useful to occur.

Expect an even greater slowing of membership and community growth resulting from ignoring the non-knowledgeable users who would dip their toe in the Puppy water.

IMHO, it is better to make it easy in pristine to use everything with instructions/utilities to lock it down, than to lock it down and expect they will be smart enough to unlock something as unfamiliar as this distro is. We don't need frustration. We need something that starts them so that they can become knowledgeable in use on. Remember, many users test the distros to provide feedback to the developers. If we increase the test steps in order to test out much of what the system offers, users, nor developers benefit.

We again are heading down a pathway that might not get members to come and stay. Which I hope is the objective for what is produced by this community...a growing, thriving community. I continue to find it selfish of some to expect anyone who uses Puppy Linux to instantly be a knowledgeable user or ONLY contribute along the lines they think a user should be. We need clear understanding of who we are designing our distro for. Again, novices need something very easy, while experienced users know how to unravel or change things they don't like.

Consider the best methods to achieve the purposes that has surfaced in this discussion in a manner to appeals to understanding versus the under the cover approaches which do NOT impart knowledge or requires even more steps each time you want to use any PUP distro.

[mavrothal]

Do you know of any other distro with similar pinging scripts?

No, other distros just connect wherever they want to connect and you simply do not have a clue.

But this beyond the point here isn't it?
You care only on who is right and who is wrong.
Not on what is right and what is wrong.
And that's all you try to do in every occasion almost 2 years now since the archpup era. Oh well...

[jamesbond]

... and secretly planting pinging scripts to your faithful, unsuspecting users. What a heck of a way to run a community project!

That's quite a grave accusation you've made. An extraordinary claim demands extraordinary evidence.

But if you ping a server known to respond to pings, it is a good (and less "revealing") method to determine if "internet is up". No?

Well, not really. It depends on what you're comparing it to. Ping vs wget - definitely ping is less revealing. Ping vs socket connection? Not really much difference. And as I said, ping is less reliable for determining "Internet is up" state because some admins decided (for better or for worse) to disable pings to their server.

BTW would you care to explain possible risks from ping'ing duckduckgo or google or any other established server?

It depends on the scenario we're looking at; and the risk factor that we consider. Based on anikin's posts, I think his main concern is privacy by anonymity. In this respect, and in a typical scenario (connect from the comfort of home, behind a NAT router with SPI firewall; I would personally the risk of pinging to be miniscule, because the only thing that external party can see is the router's IP address. If you're connecting from public network (McDonald's wifi, tethering to phones, etc) where your IP is the Internet's public IP, then your risk of being de-anonymised is greater, although it is still small. But of course, just by using public wifi (especially free wifi) you're in much greater risk of various other attacks than the risk of de-anonymisation via pinging.

There's no need to ping. If *it's up* - you're connected. If *It's down* - you're not connected. What does pinging do? Shows the obvious - up/down. Once again, your scripts will work perfectly well *without pinging*. If it's up, you'll get it, if it's down, you won't get it. It's that simple.

Well the entire point of my previous post is to show that this "it is up" state is not exactly obvious to detect.

And sometimes, just by doing the job directly (e.g. in PPM, instead of pinging ibiblio.org; just do wget ibiblio.org if what you want to do is just to grab its contents) can result in an annoying user experience where the operation will eventually fail but it takes a very long time to do so. By pinging, we can (sort of) test the network connection and if it is not sufficiently good enough, we can fail fast and tell the user about that.

Anyway, in all the cases mavrothal pointed out, all the activities are initiated by the user. When you launch PPM, there is an expectation that PPM will connect to the Internet - otherwise where would the new package come from? Ditto for video driver update, service pack update, etc. And if we're already going to connect to the Internet, adding ping to test for connection isn't a bad thing to do, for the reasons given above.

You don't have to take my word for it. All I can say is that I can understand where you're coming from. Whatever I think of your opinion, or whether or not I disagree with you, is neither relevant nor important. The important point to remember is that security is always a trade-off. There are other users who prefer these conveniences because for them the inconvenience is not worth the risk. The choice is to listen to them, or to listen to you. A decision has to be made, and you can't make everyone happy.

EDIT: new text below.
The situation however may not be as binary as it is. There certainly are things that can be improved. E.g - instead of pinging some random sites, why not we ping the site we're going to use (if that site responds to pings)? E.g. when we're about to use ibiblio.org; then ping ibiblio.org. When we're about to use packages.ubuntu.com; then ping that site etc. This is just an idea and may have already be done; there may be others. Having said this, I want to remind ourselves that the "CE" in Woof-CE stands for "Community Effort", so those most concerned should lend a hand to make things better (if not for the benefit of others, at least for themselves) - as in, "provide a patch" or something like that.

[James C]

https://fedorahosted.org/fesco/ticket/1337

Fedora 21 Worksatation image "has" new feature in "gnome" which helps with "Captive portal" services (sorry for lack of knowledge on my side about this), this feature is implemented in NetworkManager?, and when package 'NetworkManager?-config-connectivity-fedora' is installed (by default on 'Workstation' image) it "pings" fedora servers every '300seconds' which I think is a privacy issue for users, it is not documented, it is hard to find for regular users, and it is hard to disable it.

This is not a privacy issue. In fact, it's not an issue at all.

Captive portal detection works by downloading a text file from Fedora's server and checking the contents. If the file contents are not what we expect, we mark the connection as "portal". This has few results:

1) If networkmanager manages to find the login dialog for the captive portal, it presents it to you so you can authenticate

2) It reports "portal" instead of "connected" to apps, which means browsers won't allow you to surf to random websites and your email client will not download email until you authenticate with the portal, which prevents the captive portal from poisoning your DNS cache and prevents apps from sending data to the portal server itself (as it hijacks all connections) which may or may not be malicious.

This is a very positive thing to have. It increases your security and provides a good user experience.

The portal detection does not leak any private information, and is a non-issue just like package managers (PackageKit?, dnf) automatically refresh the repo metadata cache when checking for updates.

[goingnuts]

Maybe a simple choice for the scripted connection helpers?

[dancytron]

Maybe a simple choice for the scripted connection helpers?

That is just adding a useless dialog box.

If you are opening the ppm, it is obviously going to connect to the internet. The internet is where the packages are.

If any of this really mattered (and imho it doesn't matter at all), then you should do away with all automatic connecting to the internet and require that you always press a button to connect to the internet. That would be a major loss of convenience and user friendliness.

If someone is really going to only use Tor for the web and wants to never connect to the internet without hiding who they are behind a proxy, then not allowing the pinging makes sense. Short of that, it just doesn't. If someone needs that, then they should use another distro or customize the distro they are using.

IMHO, it would be a mistake to inconvenience any user in the slightest bit to accommodate these bogus "concerns".

[mavrothal]

Maybe a simple choice for the scripted connection helpers?

(dancytron got me but still)
Where could PPM get the packages from?
This is reminiscent of the fast forgotten vista.

Seriously though. Today data are produced 10 times faster than can be analysed (that's why big data analysis is a very hot filed right now). Actually the safest way to avoid random checks is for all of us to produce more traffic, not less!
I know that puppylinux is a force ( ) but are we really so important to get "surveillance priority" and get out pings "triangulated" ( ) over several billions network devices pouring petabytes of data out there?

I'm sure that people can built a "they are out to get me" puppy out of woof and I would be happy to see one, but why should this misery be the default?

[goingnuts]

You might be right.
Although other systems provide packages from local storage and fx. reading a help/man file does not clearly include internet acces.

[eric52]

I doubt there was intent to provide a possible security breach. I think those who are concerned about security have a legitimate and justified position. So the issue boils down to: who is responsible in a collective effort? The answer is everyone generally and no one specifically, unless there is a deliberate, irresponsible effort. There is no perfect collective effort. Some are always smarter. Some always work more. Some are more demanding. Almost everyone is to some extent possessive. Now, criticism is appropriate to the extent it is constructive. Almost no one can take even the most constructive criticism without a twinge of annoyance or even defensive denial. I think it is important for critics to recognize that they are responsible for ensuring that their critical contribution is as constructive as possible. I also think it is important to recognize that criticism is a valuable contribution, even if it sometimes hurts a bit. The primary determining factor in the success of any group activity is the ability to minimize friction and manage what inevitably occurs. Although there is always room for improvement, I think you folks are doing much better than some of the other "teams" I've witnessed. Newcomers like me can't do much more than applaud from the sidelines, so for what it's worth: Puppy is an admirable vision developing splendidly. Nice work!

[anikin]

Maybe a simple choice for the scripted connection helpers?

That is just adding a useless dialog box.

If you are opening the ppm, it is obviously going to connect to the internet. The internet is where the packages are.

If any of this really mattered (and imho it doesn't matter at all), then you should do away with all automatic connecting to the internet and require that you always press a button to connect to the internet. That would be a major loss of convenience and user friendliness.

If someone is really going to only use Tor for the web and wants to never connect to the internet without hiding who they are behind a proxy, then not allowing the pinging makes sense. Short of that, it just doesn't. If someone needs that, then they should use another distro or customize the distro they are using.

IMHO, it would be a mistake to inconvenience any user in the slightest bit to accommodate these bogus "concerns".

Following this logic, puppy should also have a pinging script for Firefox/SeamonkeyPalemoon, or any other browser and have pings for email. Do I need to ping duckduck/sourceforge in order to reach murga? Here's a little experiment. I'm logged in and reading this thread. I close the browser, unplug the ethernet cable and am trying to login again. See the attached image. A catastrophic failure, murga is unreachable! Should I ping google or icanhazip to get rid of this extreme inconvenience and regain connectivity? No, I just plugged the cable in and am good again. Is getting a Puppy online help file any different? Regarding bogus "concerns", I used Tor as a convenient example. It should never be used with Puppy in any event. The real concern isn't Tor, but Puppy's unwillingness to play like a mainstream Linux distro. If Debian, Arch or Slackware don't use these *bogus* pinging scripts, why should Puppy? Why Patrick Volkerding doesn't implement them in Slackware? Because, he doesn't want to lose his users, their donations and corporate sponsorship.

[mavrothal]

Quiz: Find the OS.
Bellow are the connections attempted (and in this case allowed) by a verging install of an OS without the user requesting any connection and without being informed for the attempted connections.

But don't let these details retract us from our main point...

Learn to lose gracefully, little chap. I don't have to prove anything to you. You screwed it, acknowledge defeat and suck it up before clinching a tiny fist

.

[darry1966]

[stemsee]

Certainly no one can sensibly argue that my consciously connecting my computer to the internet with whatever method is less preferable than my computer connecting to the internet because someone else programmed it to. Clearly that should never be the case except by explicit arrangement.

Any customisation should surely be when some unattended auto-connection is required, and not the other way around.

Anikin, is correct, if only on this small detail and not attitude.