Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Tue 30 Sep 2014, 13:56
All times are UTC - 4
 Forum index » Off-Topic Area » Security
How secure is booting from internal SD card?
Post new topic   Reply to topic View previous topic :: View next topic
Page 2 of 3 [39 Posts]   Goto page: Previous 1, 2, 3 Next
Author Message
rufwoof

Joined: 24 Feb 2014
Posts: 308

PostPosted: Sat 19 Apr 2014, 14:02    Post subject:  

Quote:
my usual way with puppy is to run using tmpfs and create a save sfs at shutdown which gets loaded at the next boot back into tmpfs.... if I want to i can choose not to save at shutdown so will revert to the last save on the next boot.

Sounds interesting, but over my head. Is that creating a sfs of /initrd/pup_rw using something like mksquashsfs at shutdown and then loading that sfs at bootup?

If so my /initrd/pup_rw is 1750MB total with 125MB used - I would have thought that it could take quite a while to 'shutdown' (create sfs) ???

One thing that's bothered me is that despite having 1.5GB of RAM, my 'savefile' icon in the tray always shows that 1.7GB in total available. Is it just assigning 200MB out of the 2GB swap partition space I've created/allocated? At the time I just created swap to be larger than the amount of actual memory, thinking that was a reasonable choice. But perhaps 200MB might have been a better choice ?
Back to top
View user's profile Send private message 
mikeb


Joined: 23 Nov 2006
Posts: 8257

PostPosted: Sat 19 Apr 2014, 15:00    Post subject:  

Yes the tmpfs layer must be adding swap space to calculate its size and can therefore be larger than your actual ram.

No harm in having a larger swap although its obviously going to use some of your hard drive. As you can see you have plenty of room though without the swap the tmpfs has to be shared with software ram usage and /tmp, shm etc if used.... eg in your case a figure of ~900MB is more likely for pup_rw without swap. I quite like having room to spare as its handy for such as printing and some flash video.

In your case the 125MB of data would be saved (such as /tmp are not which may be in that 125mb).... I normally use it uncompressed so its the time it takes to write 125mb... about 2 seconds on my crusty olde systems. To usb would be slower I expect and light compression might be worth considering...there are some builds of mksquashfs using low compression for sfs which adds aroud 20% but gives a major speed increase and of course reduces the file to be saved compared to uncompressed...something I have toyed with. (originally I used tar but puppies initrd only supported a crappy version of it)

Another one to consider are things like browser caches being saved so always worth looking at ways to keep trim. My saves are usually between 30 and 60MB which only takes half a second to create and load.

All good stuff

Mike
Back to top
View user's profile Send private message 
rufwoof

Joined: 24 Feb 2014
Posts: 308

PostPosted: Sat 19 Apr 2014, 15:52    Post subject:  

Thanks.

I'll stick with just running in ram - with the option to create a savefile as and when needed (until another remastered puppy sfs is performed).

One thing I've just noticed is that under load/stress testing, running with ram uses a lot less of memory space than when running with a savefile. Loaded up Openshot running blender to create a 3D animated title, mplayer watching a video, firefox with one window running a youtube, another watching BBC news video, a range of others on other web sites; abiword, gnumeric, galculator, leafpad, mtpaint all running; audacity loaded, xvidcap running to capture the desktop video (screencast) - and in total got up to using just over 700MB of memory according to HTOP - with all of 4MB of swap having been used.

From what I remember, running with a savefile and memory usage was higher when loaded up to a similar heavy load.

More a case of the single CPU being the bottleneck (100% loaded), memory much less of a issue.
load_heavy.jpg
 Description   
 Filesize   83.58 KB
 Viewed   244 Time(s)

load_heavy.jpg

Back to top
View user's profile Send private message 
mikeb


Joined: 23 Nov 2006
Posts: 8257

PostPosted: Sat 19 Apr 2014, 16:15    Post subject:  

Cant remember if this was a usb or hard drive save file in your case.

Tmpfs/pup_rw does not show up in memory usage but the kernel still accounts for it.... soo if you are running in ram only, that which is free for applications will be reduced and such apps will normally request less memory or the kernel will make it so (watch for example how firefox usage drops if something else fills yer ram. ) With a save file and no tmpfs (hard drive) then more ram is available therefore apps can take more cos they can....so it can appear as if more is being USED but really more is being ALLOCATED because more is available.

That's just a simplistic view but you get the idea, I hope, of why there appears to be a variance... the demands of aufs will be pretty much the same and usually amounts to only a few MB.

Hope that makes some sense.

mike
Back to top
View user's profile Send private message 
rufwoof

Joined: 24 Feb 2014
Posts: 308

PostPosted: Sat 19 Apr 2014, 16:32    Post subject:  

Thanks Mike. Get the idea, thanks.
Back to top
View user's profile Send private message 
greengeek

Joined: 20 Jul 2010
Posts: 2556
Location: New Zealand

PostPosted: Sat 19 Apr 2014, 16:35    Post subject:  

Aung wrote:
I wish to know if booting from a SD card is as secure as booting from a live CD. .
I do remember reading on another thread of one puppy member who used the SD card with it's write lockout switch set as you suggested and he said he had no problems booting or running. That might mean that some puppies WOULD allow you to run like that.

I wonder if it is possible to boot the PC and then REMOVE the SD card, just as it is sometimes possible to remove the Live CD after booting.


rufwoof wrote:
533t_vesa_mesa.iso (or 533t_nvidia.iso for systems with Nvidia graphics card) weighs in at 250MB (260MB), but only around 100MB for the Puppy ISO part (rest is extra's i.e. SFS's that can be loaded for flash, abi/gnumeric, openshot/audacity). https://drive.google.com/folderview?id=0B4MbXu8cvE_WRVE4Y0FlZUgzcTg&usp=sharing
Thanks for the link. I will be giving that a try to see if it handles my older nvidia card.

Aung wrote:
built in SD slot seen as an internal drive seen as sdb1 not USB.
I don't think the sdxx tag indicates an inbuilt drive - my understanding is that the SD interface will still be via a usb port, just as other external ports are. (The SD is physically built into the case, but still seen as an external drive attached via usb interface Ithink)


With regard to the general risks of using the internet, as James pointed out it is often the person behind the keyboard who creates the vulnerabilities, but there are also factors beyond our control that allow security breaches. eg: Heartbleed and Target:
http://thesovereigninvestor.com/2014/04/14/tips-protecting-heartbleed/

Basically, nothing on the internet is truly secure.
Back to top
View user's profile Send private message 
greengeek

Joined: 20 Jul 2010
Posts: 2556
Location: New Zealand

PostPosted: Sat 19 Apr 2014, 16:53    Post subject:  

"pupsgreat" also initially had the boot problems when using write-protected SD cards but made some very useful comments about how he got his SD cards to boot when write-protected here:
http://www.murga-linux.com/puppy/viewtopic.php?t=87004

(Basically sound like he had to go to ext 2 instead of ext 3 formatting)


I had a thread concerning trying to set up an HDD based puppy as read-only (never quite got there...). Forum member JRB had some interesting ideas about using startup scripts instead of a savefile. ETP had some suggestions too. Might be worth a read for ideas.
http://www.murga-linux.com/puppy/viewtopic.php?t=87004
.
Back to top
View user's profile Send private message 
rufwoof

Joined: 24 Feb 2014
Posts: 308

PostPosted: Sat 19 Apr 2014, 18:59    Post subject:  

mikeb wrote:
In your case the 125MB of data would be saved (such as /tmp are not which may be in that 125mb).... I normally use it uncompressed so its the time it takes to write 125mb... about 2 seconds on my crusty olde systems.

Copying /initrd/pup_rw to Hard Disk /mnt/sda4/1/pup_rw = 95MB and a few seconds (save). That includes /root/cache and /root/.mozilla directory changes, so browser has all of its prior history etc. after rebooting.

After booting, merging that HD saved copy back into /initrd/pup_rw - around a second.

Really neat idea. Thanks Mike, very interesting. Not something I'll be adopting myself however as all my email is in the cloud and for general/casual browsing I use portable firefox that retains all of its bookmarks, cache etc anyway (outside of savefile). For banking I automatically download the latest copy of firefox and don't add any addon's/extensions to that. As such my inside savefile space doesn't really change, so I have little need to save/restore those files/content.
Back to top
View user's profile Send private message 
rufwoof

Joined: 24 Feb 2014
Posts: 308

PostPosted: Sat 19 Apr 2014, 19:17    Post subject:  

greengeek wrote:
rufwoof wrote:
533t_vesa_mesa.iso (or 533t_nvidia.iso for systems with Nvidia graphics card) weighs in at 250MB (260MB), but only around 100MB for the Puppy ISO part (rest is extra's i.e. SFS's that can be loaded for flash, abi/gnumeric, openshot/audacity). https://drive.google.com/folderview?id=0B4MbXu8cvE_WRVE4Y0FlZUgzcTg&usp=sharing
Thanks for the link. I will be giving that a try to see if it handles my older nvidia card.

I believe that Nvidia drivers are fully backward compatible (the reason why their driver files are so big), so in concept I suspect it would be OK. Will be interesting to see if you can confirm that however. I'd appreciate it if you would keep me posted on your findings. Thanks GreenGeek.
Back to top
View user's profile Send private message 
mikeb


Joined: 23 Nov 2006
Posts: 8257

PostPosted: Sat 19 Apr 2014, 20:21    Post subject:  

For Nvidia each new Xorg and video card drivers are merged into the binary blob up to a cutoff when they start over with newer hardware...so yes indeed thats why it grows...also can mean an older smaller build will normally be fine if your card/xorg is somewhere back in time.

As for the pup_rw save... yes does it nicely to give a 'normal' alternative to the save file. You just add the opration into the boot and shutdown to automate it. Also mksquashfs is used excluding some folders in the same manner as multisession eg no /mnt, /dev, /tmp and so on.
If you have a decent amount of ram than its nice and does leave you floating in ram which is handy for say netbooks to spin down the drive but stiil retaining the convenience of a full save. Also means boot media (USB) can be removed.
Doing a one off save would mean there is a preconfigured sfs and then subsequently never save.... if we are talking about security purposes.

I found most SD card slots appear as usb devices rather than true mmc ones which does make life simpler.


mike
Back to top
View user's profile Send private message 
Py

Joined: 12 Aug 2005
Posts: 70

PostPosted: Sun 20 Apr 2014, 17:19    Post subject:  

Thanks for this thread folks.

Rufwoof, wondering what system you use when online shopping with debit or credit card?
Back to top
View user's profile Send private message 
rufwoof

Joined: 24 Feb 2014
Posts: 308

PostPosted: Sun 20 Apr 2014, 19:09    Post subject:  

Quote:
Rufwoof, wondering what system you use when online shopping with debit or credit card?

I'm a relatively new Puppy convert from XP. My HD still has XP on it, boot with no CD - loads XP. I kept it thinking I'd use it more often, but haven't touched it for a month or so now.

I boot from CD with no savefile each and every time which loads up a thinned down version of slacko5.3.3t (thin slacko). i.e. browser, abiword, gnumeric, geany ... and others all stripped out. In my home directory I have a quick_firewall_and_sound script, so when I log on its set locale, click CONNECT, click quick_firewall_sound and its more or less ready to go, but with no browser. Also in my home directory I have two firefox scripts, one firefox_bank that downloads (30MB) the latest firefox and nothing else, the other downloads and auto loads firefox with several add-ons (no script, zoom, flash block) - which I use for more general surfing. My connection speed often runs at 75Mb/sec so the dowload is quicker than the time it takes to load firefox - I do however also keep a local copy (SFS) of the latest firefox.

I also have a portable-firefox (and portable libre office) installed on my HD, so that's another choice (even more adds ons, book marks etc) that's used for general surfing.

Email - via online account(s).

I wont enter my credit/debit card details anywhere other than with a site I'm happy with, and after having rebooted into firefox_bank mode. Most sites let you create a basket so you can load that up as desired, but then shutdown/reboot into 'safe' mode before returning to pay the bill (check out).

Currently takes around 2 minutes to reboot into 'safe' (firefox_bank) mode (as it copies puppy sfs from CD into RAM which takes around 20 seconds or so), which for me is acceptable. I suspect I could get that down a lot however with some tweaking (not searching several drives for save files etc.) but so far that sort of time doesn't bother me (put kettle on while initially rebooting).

I absolutely love LiveCD (ram) booted puppy as in normal/general mode I can do whatever I like knowing that if the session get corrupted then a couple of minute later (reboot) its all back to normal again (load/try PET's and SFS's etc to my hearts content). The downside is that your opsys/gui (desktop) configuration is more or less cast in stone - at least until you make another remastered CD to accommodate any changes. Very lean core Puppy, with all other desired/needed things being loaded as PET's, That lean core is generally quite fixed now and I'm remastering much less frequently (more or less have a stable CD that I'm happy with).

I store no data in the savefile space (HOME is empty other than for config stuff).

Most of my shopping is via pre-arranged/established accounts - so just a case of entering userid and other access questions (card details already held by the seller) - which I do using firefox_bank. Generally I'm only entering my credit/debit card freshly for the likes of paying for holiday/trips.

I'm aware of many of the risks having worked in IT security in the past and feel more comfortable using a fresh read only CD opsys with fresh browser, all loaded into clean RAM when exchanging financial data. What some might consider to be inconvenient/excessive doesn't IMO justify the greater exposure to identity/financial theft (having seen the consequences of such endured by others first-hand).
Back to top
View user's profile Send private message 
mikeb


Joined: 23 Nov 2006
Posts: 8257

PostPosted: Sun 20 Apr 2014, 20:29    Post subject:  

Quote:
having seen the consequences of such endured by others first-hand

for reference what setup/systems/software would they have been using when this happened?

mike
Back to top
View user's profile Send private message 
Py

Joined: 12 Aug 2005
Posts: 70

PostPosted: Sun 20 Apr 2014, 21:02    Post subject:  

Thanks muchly for that Rufwoof. And thanks for telling us you used to work in IT security.

I had read about how you do your banking, and that was what prompted my question about credit card use. I see the merits of using a purpose built cd and the fresh cd boot for banking, and now see that you basically use the same setup for credit card use. Sounds good to me.

I did not know that you could reboot just for entering your card details after you had got to that point at a shopping site. I guess you somehow save the URL at that stage of the buying proceedure and then reenter it after reboot.

For myself, wondering if I would really need to download a fresh Firefox for each banking/credit card use? Could there not be some other browser used solely for that? Watching my broadband cap here Smile

I am still using Xp and am currently using Comodo Internet Security with it. Currently I do not do internet banking.

Thanks again.
Back to top
View user's profile Send private message 
rufwoof

Joined: 24 Feb 2014
Posts: 308

PostPosted: Mon 21 Apr 2014, 03:32    Post subject:  

Quote:
For myself, wondering if I would really need to download a fresh Firefox for each banking/credit card use? Could there not be some other browser used solely for that?

I've only set it up that way as its then a simple wget script (to get firefox from mozilla) which on my internet speed is just a few seconds download time. Storing a SFS of your favourite browser would suffice equally as well. That could be included on the CD and loaded instead of downloading.

The key thing is not to load any plugins/addons, nor go to any other web sites before or after. i.e, reduce/eliminate the risk of being exposed to potential hacks/cracks.
Quote:
I am still using Xp

A Puppy LiveCD is great for dual running as there's no need to do anything with the normal XP hard disk. Just set BIOS to boot CD before HD and when you want to run Puppy leave the CD in and reboot, oherwise remove the CD and reboot. Puppy can share the HD space (save/read data etc) and be used to store puppy files (SFS's/PET's etc).

Mike
Quote:
what setup/systems/software would they have been using when this happened?
- for individuals mostly your favourite avoid Smile Windows, IE, Outlook etc. I was also involved in both small and large scale, triple layered firewall systems, and systems/protocols spanning a wide range of hardware/software (Honeywell GCOS/DPS's, IBM/Amdahl mainframes, Netware, Unix .. all sorts). More often, most weaknesses/threats/penetrations arose out of practices (human security/error). For instance in one case after spending several million on IT security it took less than half a day to penetrate a corporate system and send a internal memo to the IT director - all because the front desk security staff at one of their offices were too casual. That was however all way-back in a prior millennia.
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 2 of 3 [39 Posts]   Goto page: Previous 1, 2, 3 Next
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Off-Topic Area » Security
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.1152s ][ Queries: 12 (0.0087s) ][ GZIP on ]