Fatdog64-720 and 721 Final [11 Jan 2018]

[dcung]

Ctrl-Alt-backspace works for me (run startx to restart again).

Thank you, rufwoof...

[rufwoof]

Very enlightening stuff!

X lack of GUI isolation is (very) well known.

I've been trial running fatdog gui/X as user and for the most part it works well. If you start two X sessions however (root and user) and run some things such as browsers running youtubes ... then it can become unstable. I was running gui as user and cli as root which worked very well, however on the basis that for puppy-like systems privilege elevation is relatively trivial I've since reverted back to running X as root. Booting a LiveCD (DVD) and multi-session saving any config changes (but more often just rebooting without saving (I have save session interval in event manager set to 0)) and loss/corruption of that is trivial (OS and configs are easily replaced). For data isolation I'm using sshfs mounts (old single core Celeron box running OpenBSD). Such that even if the fatdog system is breached/pawned then data remains secure (requires additionally breaking into the data server (OBSD box) at the root permission level). That OBSD data server is behind another router for further isolation/separation (I use Virgin as my ISP provider and fatdog is running from that, whereas I have a netgear router that also runs off the main hub/router and where the OBSD box connects off that netgear router).

Its good practice IMO to think of it as though the GUI/X system is weak/breached and plan data security with that thought train rather than a thought-train of 'my system is secure'. If you treat your desktop/gui system as though it were a public library PC/desktop then you're invaluable data is less vulnerable if/when a actual breach may occur.

I had been running OBSD both as a server and as a desktop, however OBSD as a desktop introduces additional security weaknesses if its to be used in any real-world realistic type manner. Using Fatdog liveCD is as-good a (maybe even better) choice for the desktop. Come to that, really it doesn't matter what you use if your invaluable data is relatively secure - provided whatever gui you do use doesn't blatantly open up data security weaknesses.

When it comes to online security that's relatively trivial, for any sensitive sites (such as online banking) use a fresh system/browser and only go directly to that site, nowhere else before or after (cold booting before and after). For partial sensitive - such as perhaps booking online cinema tickets that you might book using your everyday browser session, just make sure the credit card you use is a limited/disposable one (getting a credit card provider to keep your limit relatively low (hundreds) and not raise your limit into the thousands usually does involve having to telephone them as otherwise they more often automatically raise the limit relatively quickly).

[rufwoof]

I've attached a small script that might be used to 'mount' a remote sshfs directly from within Fatdog X. Not the best way (entering passwords etc. is best done from a ctrl-alt-fn console session), but easier to use i.e. can be a desktop icon or menu entry. Can also be run directly from the cli.

Near the top, you can use either a IP or a name (assuming the IP is associated/listed in /etc/hosts). Edit the file to change the userid, remote and local mount points as needed.

When run from within X the script prompts you to switch to xterm Secure Keyboard mode before entering the password, so less likely to be eavesdropped.

Ideally if running under X the proper xterm (from gslapt) should be installed as urxvt AFAIK doesn't support secure keyboard mode. I haven't tested it, but suspect the script might still work if your xterm is a symbolic link to urxvt or similar (but the Secure Keyboard likely wont work).

The script self contains another script (browse at your leisure). I encoded it that way to save having to post two scripts. That other script simply enables telnet to time out, i.e. I've used telnet to validate the server is up as my OpenBSD box doesn't respond to pings.

Of course you'll need a ssh server to connect to. I'm running fatdog livecd multisession with no local disks and using this script to connect to a old single core celeron box running OpenBSD that serves as my data/documents server. I have a entry for celeron 192.168.1.1 type entry in /etc/hosts on fatdog for that, and the script default has userid set to 'user' that is used to login to the OBSD box. The settings have local fatdog /root/Music folder as the mount point for the OBSD /home/user/Music folder - change those to yours as appropriate.

After successful sshfs, the script invokes rox to show the local mount point folder content.

When done, simply run umount /root/Music ... or wherever you mounted it.

The way I have the OBSD /home/user/Music folder structured is that all files in that folder are owned by root, user just has read/execute authorities - so even if fatdog is hacked those files can't be changed/wiped. A sub folder however that I've called fatdog is owned by user, so I can wrx files in that folder from fatdog (as could a fatdog hacker). For sensitive documents ... I store them elsewhere (another folder), owned by root, so they're inaccessible even from fatdog - unless I ssh into the OBSD box and switch to root.

EDIT: ... xterm Secure Keyboard ... not so secure!!! Testing the following running under spot, and it sees root keystrokes both in normal and xterm Secure Keyboard modes. Mezathinking iza stick withza passwords via cli !!!

Code: Select all

#include <X11/Xlib.h>
#include <stdio.h>
#include <stdlib.h>
#include <sys/time.h>
#include <sys/types.h>
#include <unistd.h>

/* Hmmm! xterm Secure Keyboard ... not so secure !!! 		         */
/* http://insecure.org/sploits/xsecurekeyboard_fequent_query.html */
/* compile using : gcc logger.c -o logger -lX11 				 */

int main(int argc, char **argv) {
	Display *disp;
	int i, changed;
	char *s;
	struct timeval shorttime;
	char keys[32];
	char lastkeys[32];
	
	shorttime.tv_sec = 0;
	shorttime.tv_usec = 10;
	
	s = getenv("DISPLAY");
	disp = XOpenDisplay(s);
	if (NULL==disp) {
		fprintf(stderr, "%s: can't open display %s\n", argv[0], s);
		exit(1);
	}

	
	for(i=0; i<32; i++) {
		keys[i] = 0;
		lastkeys[i] = 1;
	}

	while(1) {
		select(0, NULL, NULL, NULL, &shorttime);
		XQueryKeymap(disp, keys);
		changed = 0;
		for(i=0; i<32; i++) {
			if (keys[i] != lastkeys[i])
				changed = 1;
			lastkeys[i] = keys[i];
		}
		if (changed) {
			printf("Keyboard status:\n ");
			for (i=0; i<32; i++)
				printf("%02x ", (unsigned char)keys[i]);
			printf("\n\n");
		}
	}

	XCloseDisplay(disp);

	return 0;
}

EDIT: See also http://murga-linux.com/puppy/viewtopic. ... 944#988944

[rufwoof]

I had been using video=800x600 kernel boot parameter to make the console font size more comfortable, I've just discovered the 'setfont big' console command however - and I like it. tmux and mc look really nice and if you set gpm active in - control panel, system, manage servers and services - the mouse also works in mc (handy when running the mc text editor).

[rufwoof]

Nice little cli tool - fbcat that includes fbgrab to capture screenshots of the console

Download from https://github.com/jwilk/fbcat, extract the zip and make;make install

I opened another tmux window and in that ran

Code: Select all

fbgrab -s 5 /root/fb.png

to include a 5 second delay, and then switched to the mc tmux window and waited for the screen capture to complete.

Console command

Code: Select all

setfont big

was run after logging in as root, hence the larger size font.

[jamesbond]

Thanks for testing, feedback, and the good ideas We may pluck some of them for inclusion in the upcoming Fatdog64 800.

As for X - X can be run as non-root, if you grant enough permissions to some /dev files and system/configuration files. But it also breaks a lot of implicit assumptions, so it requires a lot of testing to make sure things don't break.

[rufwoof]

Used video=800x600 kernel boot parameter ... installed netsurf-fb (that also requires libvncserver to be installed) from gslapt .., and running netsurf-fb in a console - as per the attached image (captured by ctrl-alt-F3 to another console cli and running fbgrab -s 5 /root/ns.png ... before ctrl-alt-f5 back to the netsurf frame buffer so as to capture that netsurf image).

Attached images were scaled down from 800x600 to 600 wide using mtpaint (more blurred than the actuals).

Surprised about yahoo pages - they loaded really really quickly (in Fatdog/X seamonkey yahoo news pages always seem slow to load).

[rufwoof]

Thanks for testing, feedback, and the good ideas We may pluck some of them for inclusion in the upcoming Fatdog64 800.

Read your blog the other day James - like it - a lot. First I'd really heard about FatDog 800. (BTW twm can be made to look/feel reasonable if you use colour themes)

With fbcat, tmux - along with a /etc/tmux.conf file ... and the console becomes a much nicer thing to use IMO. The keycodes I've settled on for tmux in fatdog are ...

Code: Select all

bind = split-window -h
bind - split-window -v
bind 0 resize-pane -Z
unbind '"'
unbind %
unbind z

#hilite current window
set-window-option -g window-status-current-bg red
set-window-option -g window-status-current-fg yellow

bind-key -n F12 next-window
bind-key -n F11 new-window

unbind C-b
set -g prefix `
bind-key ` send-prefix

bind -T copy-mode-vi PageDown          send-keys -X page-down
bind -T copy-mode-vi PageUp            send-keys -X page-up

# tabs at top of screen
#set-option -g status-position top
# Nah! if at top then gpm doesn't work well with mc

F12 to step to next tmux window, F11 to add a new window is outside of the F1 to F10 that mc uses. Using 0, - and = (near the F11/F12 keys) for zoom pane, split pane horizontally or vertically, along with using the backtick key instead of ctrl-b ... makes it much more usable IMO. backtick and arrow keys also to navigate between the panes - has it all more or less left hand for backtick presses, right hand hovering pretty much over the ENTER key region.

Fatdog's setfont big console command results in a great looking console font, and with gpm activated the mouse also works in mc Add netsurf-fb on top of that and the 'cli' is a much nicer and useful place to be (it is still somewhat early days for netsurf though, so the functionality/operation is limited). Over the last 6 months or so I've transitioned over to more or less writing docs in html using a basic text editor, and then viewing those with a browser and using the browsers print to PDF file, so I can access and edit docs using a wide range of choices (cli, X, other).

First time I've really used multisession LiveDVD. I had tried it in the past, but more just in passing. Using it more earnestly in fatdog however has introduced me to something I really like - especially when you use a DVD-RW disc that you can reburn freshly. I've been booting and then blanking/formatting and iso writing to the same disc I booted from, and then save-session to 'defragment' all of the save files (reduces many save session files down to the single save file). Have noticed that multiple layering (save files) does lead to some inconsistencies - same as always for multiple-sfs's/layering. So far however I've only 'defragmented' that once myself i.e. unsquashfs the savefile and mksquashfs a new one.

Thanks to you and all the rest of the Fatdog team. 721 is simply great.

[rufwoof]

With video=800x600 kernel boot parameter the LatArCyrHeb-16 font works well for me on a 1440x900 monitor. I've modified my /etc/shinit to have a different PS1 prompt and added a console detection section that sets the keyboard to uk and setfont to that LatArCyrHeb-16

Code: Select all

### /etc/shinit - shell init file
# this is executed by shell - both login or non-login
# setup stuff for interactive shells only
case $- in 
	*i*)
		# interactive configurations - prompt, history, etc
		# TERM, USER and LOGNAME is already set by login/su
		PS1="$USER$ "; [ $USER = root ] && PS1="\[\e[34;1m\]Pwd: \[\e[36m\]\w\n\[\e[31;1m\]\u@\h> \[\e[32m\]"
		HISTFILE="$HOME/.history"	# ensure all shells use the same history
		
		# aliases
		alias ls='ls --color=auto'
		alias grep='grep --color=auto'
		uset_title() { printf '\33]2;%s\007' "$*"; }
		uset_font() { [ $# -gt 0 ] && printf '\33]50;%s\007' "$*"; }
		aufs_reval() { busybox mount -i -t aufs -o remount,udba=reval aufs /; }
	;;
esac
if [ ! $DISPLAY ]; then  # root/cli, then set uk keyboard layout
   loadkeys uk
   setfont LatArCyrHeb-16
fi
# run per-user shinit
[ -e $HOME/.shinit ] && . $HOME/.shinit

I've also tweaked the mc configuration to use the gotar theme and set the left pane to a tree view, right pane to show the filename, size, last modified time, with a bottom overview that shows the owner, group, permissions for the current selected/highlighted file.

Sorry, I normally like to reduce down the size of posted images to 600 width, but the attached is full size (800x600) to show the full effect (actual console snapshot taken using fbgrap).

[rufwoof]

721 multisession. I've noticed a few times now that after burning a new iso image and then running save session - that some changes weren't always being saved. I guessed that it was not running snapmergepuppy (fatdog-merge-layers.sh) beforehand, such that any changes made in that session weren't being flushed/merged into the save.

Line 87 of /usr/sbin/save2session invokes

Code: Select all

save_multisession not-shutdown

whilst line 153 of /usr/sbin/fatdog-save-session.sh (i.e part of save_multisession function)

Code: Select all

	# 6. merge down so that next time the same info is not saved again - only for non-shutdown event
	[ -z "$shutdown_mode" ] && fatdog-merge-layers.sh "$SAVEFILE_MOUNT" "$MULTI_MOUNT"

... wont run a merge, so all recent changes aren't being flushed. Unless that is you also run another save at shutdown (I have event manager save interval set to 0, so only saves on demand, and after having burnt the iso, and then clicked on the save-session desktop icon, I don't usually run another save again during that session - just shut down without saving).

So it looks like my procedure of having save session interval at 0 (never automatically save, just on demand) and ...

booting
making some changes
blanking the DVD
format the DVD
burn the iso to the DVD
making some changes
run save-session desktop icon

and then considering I'd created a new version with just a single savefile ... is wrong. Those 'making some changes' are lost that way. Best practice it would seem would be to boot, blank, format, burn iso, save-session ... and then immediately reboot - before making changes and saving again.

I appreciate this is not a bug, just a procedural thing, but perhaps the code might be extended to include a /etc/eventmanager scan for RAMSAVEINTERVAL='0' and if so have line 87 of save2session run just save_multisession without any parameter so that changes are also flushed (???)

[rufwoof]

You can use ffmpeg to record the console framebuffer ...

Code: Select all

#!/bin/sh
ffmpeg -f fbdev -i /dev/fb0 -r 24 /root/streamcast.avi

or for a single screenshot

Code: Select all

ffmpeg -f fbdev -frames:v 1 -r 1 -i /dev/fb0 screenshot.jpeg

Or in the most raw form

Code: Select all

cp /dev/fb0 screenshot

that you can later copy back using

Code: Select all

cp screenshot /dev/fb0

cp /dev/urandom /dev/fb0 loads the screen with random coloured pixels

Use mplayer

Code: Select all

mplayer -vo fbdev video_file

View a presentation (installing fbgs)

fbgs [-l|-xl|-xxl] [pdf_file|ps_file]
fbgs is a simple wrapper script which takes a PostScript or pdf file as input, renders the pages using ghostscript into a temporary directory and finally calls fbi to display them.
fbgs is contained in fbi package

In a standard console (not tmux), you can also run console vlc
cvlc some.mp4

Worryingly - using spot (X) I managed to grab a snapshot of the root framebuffer !!!

[rufwoof]

Experimenting with some tmux config tweaks ... (~/.tmux.conf)

Code: Select all

# set control key to backtick but also send it i.e. if hit twice then prints the backtick
unbind C-b
set-option -g prefix `
bind ` send-prefix

bind -T copy-mode-vi PageDown          send-keys -X page-down
bind -T copy-mode-vi PageUp            send-keys -X page-up

# mc uses F1 to F10, so moved up to F11 and F12
bind-key -n F12 next-window
bind-key -n F11 new-window
#bind-key -n F3 kill-window

# Console tmux and this has - and | instead of ? for borders
# UTF-8 must be off
set-option -g terminal-overrides ',*vt*:enacs@:smacs@:rmacs@:acsc@' 

# split panes using | and -
bind = split-window -h
bind - split-window -v
bind 0 resize-pane -Z
unbind '"'
unbind %
# keycode PageUp switches to Fatdog ctrl-alt-F4 i.e. X/gui
bind PageUp send-keys "chvt 4" Enter

## switch panes using Alt-arrow without prefix
#bind -n M-Left select-pane -L
#bind -n M-Right select-pane -R
#bind -n M-Up select-pane -U
#bind -n M-Down select-pane -D

######################
### DESIGN CHANGES ###
######################

## loud or quiet?
#set-option -g visual-activity off
#set-option -g visual-bell off
#set-option -g visual-silence off
#set-window-option -g monitor-activity off
#set-option -g bell-action none

#  modes
#setw -g clock-mode-colour colour2
setw -g clock-mode-colour yellow
setw -g mode-attr bold
setw -g mode-fg colour1
setw -g mode-bg colour18

# panes
set -g pane-border-bg colour0
set -g pane-border-fg colour19
set -g pane-active-border-bg colour0
set -g pane-active-border-fg colour9

# statusbar
# if at top, then gpm (mouse) doesn't work well (offset)
set -g status-position bottom
set -g status-justify left
set -g status-bg colour18
#set -g status-fg colour137
set -g status-fg white
#set -g status-attr dim
set -g status-left ''
#set -g status-right '#[fg=colour233,bg=colour19,bold] %d/%m #[fg=colour233,bg=colour8,bold] %H:%M:%S '
#set -g status-right '#[fg=colour137,bg=colour19,bold] %D/%M/%Y #[fg=colour137,bg=colour8,bold] %H:%M:%S '
set -g status-right '#[fg=colour249,bg=colour19,bold] %a %d %b #[fg=colour249,bg=colour19,bold] %H:%M '
set -g status-right-length 50
set -g status-left-length 20

setw -g window-status-current-fg colour1
setw -g window-status-current-bg colour19
setw -g window-status-current-attr bold
setw -g window-status-current-format ' #I#[fg=colour249]:#[fg=colour255]#W#[fg=colour249]#F '

setw -g window-status-fg colour9
setw -g window-status-bg colour18
setw -g window-status-attr none
setw -g window-status-format ' #I#[fg=colour237]:#[fg=colour250]#W#[fg=colour244]#F '

setw -g window-status-bell-attr bold
setw -g window-status-bell-fg colour255
setw -g window-status-bell-bg colour1

# messages
set -g message-attr bold
set -g message-fg colour232
set -g message-bg colour16

#hilite current window
set-window-option -g window-status-current-bg red
set-window-option -g window-status-current-fg yellow

[rufwoof]

Called a end to having fun with framebuffer, now setting things up to be more secure.

spot is a member of the video group, so can simply watch /dev/fb0 i.e. see whatever root might be viewing on the framebuffer console. Easiest way to drop that is to not run a framebuffer console and the easiest way to do that is boot with nomodeset (XVesa). You lose functionality with that, acceleration, certain video modes etc. XVesa is suggested as being less secure than Xorg, however Xorg security is weak anyway, anyone who can connect to X can view keystrokes and screens of others (a recent test I ran indicates spot can even see root's keystrokes even when xterm Secure Keyboard is activated).

So I've set it up so that boot auto logs into root cli, with no X running, no kms (i.e. nomodeset kernel boot parameter). A isolinux.cfg append line for my liveDVD multisession boot of ...

Code: Select all

append rootfstype=ramfs nomodeset pfix=nox basesfs=ram:device:sr0:/fd64.sfs savefile=direct:multi:sr0::0

I've created a userid user that I'll run X under. After booting to cli I have a twin script that loads several tmux windows of which one is a user cli, so running xwin in that tmux window starts up X (running as user). This is the current content of my /root/twin ...

Code: Select all

#!/bin/sh

# start a tmux session, detach
# then send commands to that before reattaching to it
# Note that C-m is carriage return (enter)

# create a tmux session called work, and deattach so we can send keys to it
# Create the first window and load htop into that ...
tmux new -s work -d
# we leave that first window as a sh type window

# Add another window and load mc
tmux new-window -t work
tmux rename-window -t work mc
tmux send-keys -t work 'mc' C-m

# Add another tmux window and load htop
tmux new-window -t work
tmux rename-window -t work htop
tmux send-keys -t work 'htop' C-m

# Add yet another tmux window that we run X from as userid user
# i.e. logged in as user, ready to run xwin
tmux new-window -t work
tmux rename-window -t work xwin 
tmux send-keys -t work 'su - user' C-m

# and finally select which window to show first and attach to the tmux work session
tmux select-window -twork:0
tmux attach -t work

That has ctrl-alt-F1 as the tmux (multiple windows) and ctrl-alt-F4 as the X session (user). No framebuffer, so console (tmux) is all standard VGA type text content look/feel (still as colourful as my earlier tmux screenshots).

I'm also intending to drop using DVD-RW discs in favour of write once only DVD-R's as they're inexpensive enough to be wasteful in return for better security i.e. the disc's content cannot be changed.

Seems to be working well from what I've tested/used so far. There are tweaks I still have to make such as X still showing functions/programs that prompt for the root password, such as mounting the DVD or running a save-session ...etc. i.e. that tempt you to enter the root password in a X window - that could be eavesdropped - those all need to be moved over so the root password is only ever entered in the console. The more usual way would be to drop user from group wheel so it can't run su type activities at all, but fatdog doesn't use wheel group control.

As I've said before, I store all data on a separate OpenBSD box that I use ssh and sshfs to access, so the LiveDVD is just for OS and OS configuration changes. When used in that manner having event manager save interval set to 0 (never auto save, only save on demand) is a good choice. Its also good practice to only ever freshly reboot and make changes and then save ... i.e. before running anything else, such that the base + save layers remain relatively clean/pristine (more usually a session involves booting, doing stuff and then shutting down without having saved).

[jamesbond]

spot is a member of the video group, so can simply watch /dev/fb0

Or you can take spot out of video group, or close access to /dev/fb0 (using udev rules or simply chmod 0600 /dev/fb0 in rc.local).

(a recent test I ran indicates spot can even see root's keystrokes even when xterm Secure Keyboard is activated).

That's interesting to know

721 multisession. I've noticed a few times now that after burning a new iso image and then running save session - that some changes weren't always being saved. I guessed that it was not running snapmergepuppy (fatdog-merge-layers.sh) beforehand, such that any changes made in that session weren't being flushed/merged into the save.

Can you tell me how your save= looks like (when you did this test?).

Explanation: Fatdog has an independent RAM-layer and multisession-layer. You can enable both at the same time by specifying save=ram:multi (instead of save=direct:multi).

With one exception, RAMSAVE_INTERVAL only affects "saving" of the RAM layer to the layer beneath it. The layer beneath it can be the usual save layer (savefile, savedir, etc), or the "multisesion" layer. Now, this multisession layer is actually also another RAM-backed storage, but it is separate from the normal RAM layer. This multisession layer is never saved periodically, it is only saved when you press the "save session" (ie. run save2session), or at shutdown time (if RAMSAVE_INTERVAL != 0).

So, by using multisession, you already get the benefit of a RAM-layer, with no periodic saving. But you can also run multisesion with RAM-layer, in which case your changes goes through two places before getting committed to permanent storage.

save2session does exactly what its names is - it saves the current session (the current mulisession layer) to disc. It has no business to pull updates from the RAM-layer. To persist updates from the RAM-layer to the multisession layer then you click the "save RAM layer" (=run save2flash).

If you run both RAM-layer **and** multisession, then you need save2flash + save2session to make sure changes are persisted. Otherwise, just stay with multisession without RAM-layer and things should work as expected.

Note that if you set RAMSAVE_INTERVAL=0, you are indicating that you absolutely don't want to save anything unless you told the system to do so. So no automatic save2flash, no automatic save2session, in fact no automatic save of any kind during running or at shutdown.

Hope that clarifies.

[rufwoof]

Thanks James, I'd missed that save structure. I originally changed my kernel savefile parameter to savefile=direct:multi:sr0::0 and have stuck with that since, so that was what was in use at the time. I coded it that way to better highlight the last value being the number of prior saves to skip as I did slip up in one case using savefile=direct:multi:sr0:1 thinking that would skip the last 1 session, i.e. missed a : (which screwed up the saves/disc). I've been setting up cli versions for the likes of saving, blanking/formatting/burning a boot disc, shutdowns ..etc. i.e. to run from root cli so your notes are very helpful. Thanks.

I did trial run with /dev/fb0 set to root only access (I used chmod go-wrx /dev/fb0) so no access by spot, but after trying nomodeset and seeing things work relatively well, I more prefer the textual console look and feel, and vesa simply flies (less memory usage also i.e 67MB first boot (no X running) rising to 450MB odd when X and seamonkey loaded/running). If that doesn't work out I might alternatively try using a dual head with /dev/fb1 wr by root only and for the console purposes, /dev/fb0 left as is for other usage.

Yet another alternative might be to turn the fb console off

Code: Select all

echo "0" > /sys/class/vtconsole/vtcon1/bind

along with other steps as per https://www.mjmwired.net/kernel/Documen ... /fbcon.txt line 158 onwards.

[rufwoof]

I've changed tmux so that it actually loads X under user now

# Add yet another tmux window that we run X from as userid user
tmux new-window -t work
tmux rename-window -t work xwin
tmux send-keys -t work 'su - user' C-m
tmux send-keys -t work 'xwin' C-m

as that way once twin is run it auto starts the X desktop, and ctrl-alt-F1 to console has you sent back to tmux with the sh, mc, htop, and xwin running sessions. Using chvt 1 (for tmux) chvt 4 (for X) commands can be employed in key bindings or desktop icons to save having to use the ctrl-alt-fn key combination to flip between the two.

[dr. Dan]

Considering rufwoof's most recent post, would using a non-root account and using spot for all online activities be even more secure? I'm asking out of curiosity.
Dan

While I appreciate rufwoof's reply, and I'm learning quite a bit from his posts, my question was about Linux in general and Fatdog64 in particular. Any other thoughts, anyone?
Dan

[rufwoof]

jwm config file syntax/format does not match the jwm version installed. Later syntax uses the likes of a Active tag between which you can specify Foreground and Background type tag values whereas the installed version is using older ActiveForeground type tags.

Also mtpaint.desktop isn't being picked up and added to the jwm menu.

[rufwoof]

spot is a member of the video group, so can simply watch /dev/fb0

Or you can take spot out of video group, or close access to /dev/fb0 (using udev rules or simply chmod 0600 /dev/fb0 in rc.local).

Reverted back to using xorg - as its much quicker at flipping between sessions (ctrl-alt-F1 - tmux, ctrl-alt-F4 xwin (user)). I was trialing having ctrl-alt-F5 as a xwin root session also running and under xorg its near instant to ctrl-alt-fn flip between them, xvesa has a noticeable lag. xorg is also nice for capturing video/images of the console (I've added chmod 0600 /dev/fb0 to rc.local).

My boot sequence is still the same, boot nox, auto logs in as root (cli) and in .profile I test to see if tmux is running, if not then it runs twin (that loads the various tmux windows, starts X as user ...etc.). As X starts it automatically grabs the focus, so you in effect boot to gui desktop by default.

I see that the pre-cursor to tmux (screen) is in the repo (gslapt). tmux is much nicer IMO.

Made a start on cli versions of admin commands being stored in a dedicated folder, as that expands I might structure it to be like a menu directory hierarchy. mc with lynx style selected (off by default) is nice in that up/down arrow to move through a directory, left/right to move up/down the directories.

I've set my openbsd (data) box to be mounted under /root ... so even when mounted the files are hidden from user (root can be used to copy files in/out of what user can see/use).

Odd, I used fbgrab to capture the console as per the attached and that was a 25KB .png file. Used mtpaint to reduce it down from 1440x900 to 600 wide for forum posting ... and the filesize increased to 139KB !! jpeg came in at 70K.

[rufwoof]

Many don't like cwm initially, but with persistence it grows on you. Nice for laptops where the touchpad/mouse is awkward as you can do many things using just the keyboard. Many OpenBSD developers use cwm and its a integral part of the base OpenBSD OS.

I installed xdotool from gslapt. Downloaded and compiled cwm and skippy-xd from github (make;make install), created my own /home/user/.xinitrc to invoke a script called hotcorners prior to starting cwm ... and it all seems to be working. Mouse into the top left corner and up pops cwm application menu. Mouse into the bottom left corner and skippy-xd shows a view of all open windows where you can click to raise a window, maximise a 'iconified' window or close windows.

Code: Select all

#!/bin/ash
# .xinitrc
# Had to install xdotool from gslapt, skippy-xd and cwm from github
./hotcorners &
exec cwm

Code: Select all

# .cwmrc
# 
gap                             2 0 0 0
ignore                          xclock
ignore                          xload
color inactiveborder            Black
color activeborder              "#494949" 
color groupborder               "#01a252"
color urgencyborder             "#3d9751"
color selfont                   "#0034A9"
color font                      "#FFFFFF"
color menufg                    "#49F6F6"
color menubg                    "#333333"
#fontname                       "DejaVu Sans:size=11:antialias=true"
fontname                        "News10:size=11:antialias=true"
bind-key 						M-w menu-cmd  # used in hotcorners
command " xterm "               "/usr/bin/env LANG=en_US.UTF-8 xterm -fa DejaVu:size=11"
command " tmux "                "/usr/bin/env LANG=en_US.UTF-8 xterm -fa DejaVu:size=11 -e tmux"
command " seamonkey "           "seamonkey"
command " geany "				"geany"
command " mtpaint "				"mtpaint"
command " galculator "			"galculator"
command " writer "				"soffice --writer"
command " spreadsheet "			"soffice --calc"

Code: Select all

#!/bin/sh
#
# Script to monitor mouse position and run skippy-xd (assumed to already be installed)
# whenever the mouse is moved into the bottom left corner (like a hot corner)
# and runs alt+w space when mouse into top left corner, that is set to open
# the cwm applications menu in .cwmrc and show all menu entries assuming they've been
# defined as having a space in the name i.e. command " quit " "pkill cwm"
#
# Requires xdotool (installpkg xdotools)
#

# Retreive screen height
SCREEN_HEIGHT=`xwininfo -root|sed '/Height/!d;s/.* //'`
# subtract 1 as 0..899 for 900 xwininfo height screen
SCREEN_HEIGHT=`expr ${SCREEN_HEIGHT} - 1`  
BOTTOM_LEFT="0x${SCREEN_HEIGHT}"
TOP_LEFT="0x0"
while : ;do
CURRENT_MOUSE_POSITION=`xdotool getmouselocation | sed 's/ sc.*//; s/.://g; s/ /x/'`
if [ "$CURRENT_MOUSE_POSITION" = "$BOTTOM_LEFT" ]; then
    skippy-xd
else
    if [ "$CURRENT_MOUSE_POSITION" = "$TOP_LEFT" ]; then
    # Assumes bind-key M-w menu-cmd ... is set in .cwmrc
    xdotool mousemove 60 60  # move mouse away from corner so doesn't retrigger
    xdotool key alt+w space  # key combination to launch applications>>
    # Note we add a space so it shows our menu entries with a space
    # and I set all menu entries with names of " abc " format
   fi
fi
sleep 0.2
done

Alternative to the hotcorners script there is a program called something like brightside but I've not found the source after a very cursory scan around.

When you first start the default cwm - its just a black screen with a mouse cursor. Typically you use ctrl-alt-enter to launch a xterm and go from there. With the above, mousing into the top left corner presents the menu. I also leave a gap of 2 pixels at the top of screen so you can use the left/middle/mouse clicks in that area whenever a window is maximised. Toggle Maximise with ctrl-alt-M, close a window with ctrl-alt-X (sort of crab like finger arrangement), alt-tab between windows (or mouse into the bottom left corner to pick one) ...etc. Takes some practice, but after a while becomes so natural you end up loving it, and miss the simplicity in other window managers. Move a window by pressing alt and left mouse drag, resize a window with alt and middle mouse drag ...etc.

For a slightly nicer background you can add a command such as

Code: Select all

xsetroot -bg \#222222 -mod 3 3 &

into .xintrc, or use a program such as feh to display a wallpaper image.

Attached image shows the screen where there are 3 maximised windows running and I mouse into the bottom left corner (i.e.skippy-xd). Those windows are seen live, i.e. if you're watching a video then the skippy overview window also has the video showing.