Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Sun 20 Aug 2017, 21:09
All times are UTC - 4
 Forum index » Advanced Topics » Puppy Projects
Puli 6.1.0, released April 2017
Moderators: Flash, JohnMurga
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 16 [229 Posts]   Goto page: 1, 2, 3, ..., 14, 15, 16 Next
Author Message
gjuhasz


Joined: 29 Sep 2008
Posts: 355

PostPosted: Sun 21 Dec 2014, 18:32    Post subject:  Puli 6.1.0, released April 2017
Subject description: The ultimate defense against web attacks. Intended to boot from a USB pendrive
 

Welcome to Puli 6.1.0, released April 2017

Announcement and changelog here. Magyarul itt.

Puli 6.1.0 is a member of the Puppy Linux family: a high security, "kiosk" flavor of 666philb's tahrpup 6.0.5, intended to boot from a USB pendrive and run safely even if the boot device is unplugged.

The 32-bit, non-PAE Puli has kernel version 3.14.79.
This is a static Help file. If you need more details, feel free to browse the Puli forum at http://murga-linux.com/puppy/viewtopic.php?t=96964
Earlier barks of Puli are also discussed at http://murga-linux.com/puppy/viewtopic.php?t=88691

The Puppy Linux Project was established by Barry Kauler in 2003. See legal notice at the bottom of this page.

Special thanks to 666philb, smokey01, pemasu, S-kami, Kros54, Sylvander, members of Puppy Linux forums, and to my colleagues, including ethical hackers who helped me with their feedback about Puli.


I. How to install Puli to an USB pendrive:

If you are an experienced Puppy Linux user, consider installing Puli by following the steps written in Appendix A.
However, many users (still) have Windows XP/7/8/10 only, so this section describes a "one-finger-one-minute" method to create a working Puli pendrive.


1. Download Puli and LiLi

a. Puli and its updates are available at smokey01.com/gjuhasz in form of compressed files. Select the Puli-6.1.0_Apr2017 folder and download the Puli_install.zip file from there.

b. Download the latest version of LinuxLive USB Creator from http://www.linuxliveusb.com. Alternatively, you can find its Sep 2015 version next to Puli folders, at smokey01.com/gjuhasz/LiLi.

c. I uploaded validation files, too (sha and/or md5), so you may check the downloaded stuff if you want..


2. Create the Puli pendrive.

Plug in the pendrive (recommended capacity: 4 GB or bigger) and Run LiLi. Complete the install steps from top to down as follows:

Step 1: Choose your pendrive in the selection box (be careful - do not seklect a nother drive accidentally)

Step 2: Choose a source - click on the ISO/IMG/ZIP icon and select the Puli<version>_install.zip file</version>

Step 3: Select Live Mode in the Persistence pane

Step 4: Tick only the second (FAT32) box

Step 5: Click the "lightning" icon. The installation takes about 25-30 seconds. In the below picture, you see the LiLi interface before the installation starts and after it has finished.


3. Unmount the pendrive. You are ready, Puli is installed.


Before rebooting your machine from the Puli pendrive

a. You can download some useful packages, e.g., browser(s), Adobe Flash plugin, Java runtime (jre) environment, Office packages, wine, etc. See the proposed packages at smokey01.com/gjuhasz/packages/Proposed_packages.txt). Download and put them into the /packages folder of your boot pendrive. I uploaded validation files, too (sha and/or md5), so you may check the downloaded stuff if you want. Note that you may find newer versions at the download page of their distributor. See the Useful links section below.
b. I recommend to read the following sections, too.
c. If you know what to do, you may configure some startup parameters in syslinux.cfg and puli.cfg right now.
d. Ensure that the BIOS is configured to boot from pendrive.


II. Puli in a nutshell:

1. Boot-up the PC from the USB pendrive pre-installed with Puli.

a. When asked, log in as root.
b. At the first login, type root as password. (Later you can change it and save it for next logins).

2. The Session Setup dialog pops up.

a. Check whether timezone, numlock, timesync, hwclock, firewall, locale, and keyboard, etc., are suitable for this session and change them if needed. Your changes in this dialog affect the current session but you can preserve them for the future sessions, too.
b. You may right-click the Volume tray icon, select Full window and check/adjust Capture, Mic boost, etc.

3. The USB pendrive gets unmounted. Consider pulling it out when the popup message reminds you.

4. Before you finish, be sure that you left no data on the PC.

5. There are different methods to save your work on the (replugged) USB pendrive:

a. You can preserve the main settings (including passwords, too) by clicking the Save: smart button on the Shutdown dialog or, within the session, in the dialog of the backup desktop icon.. See the next sections for details of this Smart save feature.
b. Clicking the backup icon on the right of the Desktop immediately creates a compressed Puli_backup_YYYY_MM_DD_HH_MM.tar.gz backup file in the /backup folder of the USB pendrive. Backups include Backup description.
c. You can decide to create backup at the end of the session, too, by selecting Save: backup on the Shutdown dialog.

* Note that the password files, the smartloaded packages (installed into /initrd/pup_rw) and the on-the-fly added .sfs files (arrived into the /initr/pup_ro4... ro8 folders) are excluded from the backups.

6. You can restore a previous status from a backup if you open the /backups folder on the pendrive then drag-and-drop a backup file onto the Restore icon next to it. Of course, the selection of the smartloaded packages should be the same as it was previously. You will receive notification about the packages omitted during backup.

7. Puli provides you with a secure environment. It helps you fight against malicious attackers.

* Be wary of hardware keyloggers. From the tray, open the virtual keyboard and use it any time to enter passwords or other sensitive text. This way your data will not be disclosed.

* Some features, such as Office programs, evince, etc., may start in offline mode for your security.

* See more details about the available security profiles in the next sections.

* It is recommended to change your session password as follows:
a. Open console
b. Issue the passwd command and follow the instructions.
c. At shutdown time, save your environment with smart save. The new password shall be used for future logins. See the next sections for details.

* If you right-click on a folder, you can encrypt / decrypt its content. See more details in the next section.


III. For advanced users:


1. To have additional packages, browse the content of smokey01.com/gjuhasz/packages/Proposed_packages.txt) and download the selected ones into the /packages folder of your USB pendrive. Among those packages, you can find advanced Office programs, the latest Java runtime module and other useful software - each of them tested in Puli.

2. You probably don't use all downloaded packages in a given session. Puli offers easy selection among them in boot time, with the help of the smartload feature:

* Together with the built-in Puli packages, you can boot any number of extra .sfs, .pet, .tar.7z, .deb and/or .rpm files simply by referencing their file name in separate lines of the /profiles/Common/smartload file of the USB boot device. See the default smartload file included in the release. Puli seeks those referenced packages in the /packages folder of the boot device and loads them during bootup. Note that the .tar.7z packages can be encrypted - Puli asks for password at boot time.

* For example, to load SoftMaker FreeOffice, put a SoftMaker line in smartload file on your USB boot device. (This is a kind of free but licensed software thus you need to register and obtain your personal license at Softmaker Software GmbH. See the related legal restrictions at /opt/freeoffice/license.txt. Alternatively, you can use LibreOffice (without registration) by putting a LibreOffice line in smartload file.

* You may have more smartload type files prepared, i.e., smartload, smartloada, smartloadb, etc. Then, you may select one from them during bootup by hitting a character (e.g., a, or b, or c) when asked. If you don't act, the default smartload file will be used. If your selection refers to a non-existing file or you hit space, then the smartload feature is omitted.

3. Other settings:

* You may add boot parameters, e.g., pkeys=hu plang=hu_HU.UTF-8, to syslinux.cfg on the pendrive (see among the install files).

* Further configuration options for timezone, numlock, timesync, hwclock, firewall are available in the files of the machine specific environment folders in (the root of the) pendrive. For example, take a look into the /usr/share/zoneinfo folder for correct timezone strings such as Australia/Perth It is recommended to put the plang and pkeys settings also in the puli.cfg file of the environment folder. You can find the default env folder as env-0. See more details later.

* Just after boot-up, the advert-blocker feature updates the /etc/hosts file to block annoying commercials.

* By clicking on different Office files, the appropriate program opens based on MIME type, i.e., abiword gets the .docx files while textmaker handles the .doc; clicking an .xls opens planmaker while .xlsx invokes gnumeric, etc.

* In the Puli package, you can find tricky security profile examples realized by different file structures. They can be selected/activated by clicking their fantasy-named security profile selector icon (the profile name will be copied into the /patch folder on the pendrive) .


Mild-tempered
a. This is the default security profile, the only profile in which multiple browser windows or even multiple browsers can run simultaneously.
b. Iron, Slimjet, and Vivaldi browsers open here in Incognito mode. I propose to not change this setting.
c. The network_tray icon becomes red while suspicious connections are active. They are logged in /var/log/suspicious_connections file.

Rigorous
a. In this profile, you cannot run multiple browsers/browser windows simultaneously. Iron, Slimjet, and Vivaldi browsers open in Incognito mode. I propose to not change this setting.
b. Puli barks as soon as suspicious connections are detected (only during browsing). Then, to prevent hacker attacks, updates the firewall's blacklist with the suspicious hosts.
c. Puli does not release the suspicious host but occupies its available ports in SYN_SENT or similar mode. For details, see profile-specific scripts such as /usr/local/apps/defaultbrowser and /usr/bin/chromium.
d. If you accidentally get false alarm(s), move those friendly IP addresses from /etc/suspicious_hosts to /etc/friends file (and update your patch structure accordingly).

Crazy
a. According to the profile name, Puli makes hackers crazy. It disables the network periodically to prevent their session become effective.
b. Iron, Slimjet, and Vivaldi browsers open here in Incognito mode, and you cannot run multiple browsers/browser windows simultaneously. I propose to not change this setting.
c. Opera browser may fail in this profile if the communication with the selected server is wery slow.

Lazy
a. Similar to the mild profile with one tricky exception. While browsing in this unique profile, your lovely Puli becomes lazy and goes asleep. More precisely, the Linux utilities (those in the /bin folder) become inexecutable, preventing a hacker or even a trojan malware to initiate shell scripts or issue commands. In the script behind the lazy profile selector icon on your USB boot device, you can define the full path where you want to run the "disappeared" Linux utilities in lazy mode. You may leave the default /ban/ setting as is, or write a path like lazybin="/usr/share/foo/" (with slash at the end). Of course, you need to re-activate the lazy profile by clicking its profile selector icon, then reboot. Be careful! If you put an existing folder name above, its original content may be overwritten! Warning! Do NOT select a folder from those in the search path!
b. Iron, Slimjet, and Vivaldi browsers open here in Incognito mode, and you cannot run multiple browsers/browser windows simultaneously. I propose to leave this setting "as is".
c. Some features behind icons file, info, edit, write, calc, phone remain active only for you.
d. During browsing, clicking on the leftmost dog icon toggles between the lazy and the mild profiles. While you see a "glowing" mild icon, you can click on the rest of desktop icons, and the menu items.
e. The drive icons are replaced by an inactive drives icon during browsing in lazy mode. While toggled to mild mode, clicking on the drives icon invokes Pmount.
f. Warning! Do not unplug any mounted drive while browsing in lazy mode!
g. If you close the browser, all features are restored in a few seconds (i.e., the dog icon initiates backup and the drive icon(s) appear again).


* It is preferred to browse with the latest version of a properly sandboxed Chromium flavor, or use a modern Mozilla based version.

* Puli supports the following 32-bit browsers (in order of preference, which is NOT the order of quality): Iron; SlimJet; Vivaldi; Firefox; Mozilla Light; Opera; Links and runs them by spot user. It is recommended to use the smartload feature for booting them by selecting one of them in the smartload file. (Note that you if you install more than one browsers, they may interact or even block each other).

* Due to licensing issues, some Chromium based browsers cannot play mpeg4 videos. In those cases, installing or smartloading extra ffmpeg codecs can be a cure. A couple of extra ffmpeg packages are available in the Puli codec repository.The Opera version is probably compatible with Slimjet and Vivaldi browsers, too.

* In all profiles, clicking the info icon invokes the preferenced browser (in case of the Chromium-based browsers, in non-accelerated, Normal mode). If nothing selected, the Links browser appears. It is configured for smart media recognition capabilities.

* Puli supports the fully localized ESR channel of Firefox. You can download a relatively new version from my packages or the latest one from here. (You may need to change the language code which appears at the end of the link.) Auto-update to the latest version is configured in Puli. However, you can update my pet package by replacing its /opt/Firefox folder with the latest version.

* You can download the latest Flash player plugin from this link. Its filename is like "adobe-flashplugin_<latest date>.1-0ubuntu0.14.04.1_i386.deb". Put this smartloadable .deb file in the /packages folder on your boot device. Be sure that only one adobe-flashplugin*.deb file appears among the packages. It installs to the /usr/lib/adobe-flashplugin folder.

* Parental control: Append IP addresses or even domain names (e.g., 1.2.3.4 and/or somename.com) as separate lines to the /etc/suspicious_hosts file (of course, copy it into your favorite patch structure on the UBS pendrive, together with /etc/friends). Puli interprets them and feeds the blacklist automatically.

* If you right-click on a folder, you can encrypt / decrypt its content with the menu items. I propose storing your sensitive files in /root/my-documents/Secret/ folder which is encrypted (with AES 256 and password "root") by default. Of course, it is strongly recommended to change the default password to your one at your earliest convenience. The encryption-related options can be found in the dialogs behind the right-click menu items. Note that the Secret folder will be automatically unmounted (i.e., its content toggled to encrypted status) if you create a backup or select smartsave.

* If you connected an MTP (Media Transfer Protocol)-capable device (e.g. a mobile phone) via USB cable but the device is not recognized automatically, open a terminal window and issue mtp+. Now, you can access the device thru the /root/MTP folder. If you finished, issue mtp- before disconnecting the USB cable.


IV. For enthusiasts:

You may need to customize Puli if you want to run it on the same computer. Puli supports this in many ways as follows. But keep in mind that different computers' settings can be incompatible with each other thus their settings should be stored separately, i.e., in different environment folders on the boot device.

* The naming convention for the environment folders is: env-<macaddress> where macaddress is a 12-position hexadecimal number, for example, env-0123456789ab. Puli recognizes whether the name of one environment folder matches with the given machine at boot time. If no matching folder found, it will be created in /root/tmp using the content of the env-0 folder and your actual settings (and will be saved at shutdown time if you select Save:smart)

* During bootup, as mentioned above, the .sfs, .pet, .tar.7z, .deb and/or .rpm files listed in the (dynamically selectable) smartload file on the USB boot device, either as /patch/smartload or preferably in /profiles/Common/smartload, (don't mix - the former overrides the latter, other locations are ignored) will also be loaded if they exist in /packages folder of the USB boot device. You can reference there as many files as you want - even a truncated but unique basename, e.g., "wine", or (if you are unsure about capitals in the filename) "?ine" is enough to locate "wine-19.21_v2.1.pet". Note that while, on the one hand, only the memory limits the number of the auto-loaded packages; on the other hand, they cannot be uninstalled.

* The auto-loaded files are merged into the /initrd/pup_rw folder: first, the content of the Common folder, then the content of the environment folder, then the content of the smartloaded files (in the order of their appearence), then the content of the patch folder, then the content of the security profile. That is, you can overwrite a just loaded file with another one, e.g., files loaded from /Common folder with files loaded from /patch folder, etc.

* Note that although Puli can accept .rpm files, they mostly need additional libraries to run properly.

* The firewall can either be set as strong or lite. If you need to create a different firewall, you may set up the firewall rules manually in /usr/sbin/firewall_install.sh-lite AND ACCORDINGLY in /etc/rc.d/rc.firewall-lite files, then put them in your patch structure. Later, you can easily recognize the active one based on the color of the tray icon (green = strong, yellow = lite, blue = user-configured).

* Notice that the strong firewall cannot be overwritten by the Firewall Wizard but by the Firewall Genie. The Auto menu item of the Firewall Wizard restores the preset strong or lite firewall, however.

* In the Session Setup dialog, you can decide whether the current session settings are valid for the future sessions, too.

* After you accept the session environment by clicking OK in the Session Setup dialog, the files in the /root/Startup folder will be executed in alphabetical order. The last one among them is zsupp. It does worth looking into it for the tricks it does. Of course, even zsupp (which comes from /initrd/pup_ro2/root/Startup) could be updated from /patch before it (zsupp) would run.

* As in other Puppies, you may install five additional .sfs files on-the-fly later (into /initrd/pup_ro4 ... /initrd/pup_ro8). However, Puli offers a workaround if you need to load more than five .sfs files on-the-fly. Menu item Setup > Merge SFS files gets (based on their alphabetical order) the *.sfs files found in /root folder, then merges them into /root/puli.sfs. Move it to the pendrive and reference it as a single item to load/unload it using the Settings > SFS-Load menu item from the desktop.

* In contrast to other puppies, you cannot save your session as puli.2fs on the USB pendrive or elsewhere. Instead, use the backup desktop icon or the Save: backup option at the Shutdown dialog. Note that the auto-loaded extra packages are not included in the backup file thus you may need to use the same smartload file next time to restore the same environment.

* As already mentioned, you can save some session settings to auto-load them next time by clicking the Save: smart button either in the Shutdown dialog or, within the session, in the dialog of the backup desktop icon. If clicked, then the control files within the /smartsave folder will be executed. Note that some Puli-specific .pet or .sfs packages may add their own control files to the /smartsave folder on the boot device as /profiles/Common/smartsave.

* If you are experienced enough, you may activate the restore_latest.pet package by the appropriate row in your smartload file (as an example, see the /smarloadr file in the install kit). With these settings the latest backup will be auto-restored at boot time. Note that cumulative backups are possible, i.e., you may restore more backup files after each other, even those created in different security setups on different machines. Puli tries to manage this, and sends warning messages if needed. You may see unforeseen behavior in extreme cases, however.

* Beyond the above mentioned dynamically changing "latest" backup, you can auto-restore another "fixed" backup, too. For this, activate the restore_fixed.pet package in your smartload file. With these settings, Puli will seek a backup file placed in the /backups/fixed folder of the boot device to auto-restore it at boot time. Note that this is independent from the restore_latest feature, so you can apply them even together if needed. Restoring backups begin after the security profile is in place. Note that no security profile will be restored from backups.

* In your smartload file, you can reference a specific package (force_mild.pet, or force_rigorous.pet, etc.,) to replace the preset security profile with another one. With this feature, the single-key boot-time setup can include a smart security profile selection.

* You may refresh the puppy_puli_6.1.0.sfs file, e.g., to update it with the content of the actual patch structure:

a. Ensure that the pendrive is plugged in (either mounted or unmounted).
b. Open a terminal and issue refresh
c. The temporary files are in the /root/squashfs-root folder. When the script asks for this, you can manually edit the content of /root/squashfs-root, update it with patch files, etc. Be careful with adding new links: relative links should not point out of the /root/squashfs-root folder.
d. Wait until all operations are finished.

* The shrink script does the same as refresh except that it calls the Remove Builtin Files utility before writing back to the USB pendrive. The temporary files are in the /root/squashfs-root folder. You can manually edit the content there when the script asks for this.

* The paint desktop icon has this preference order to open: Gimp, Mypaint, LazPaint, nomacs, mtpaint - depending on which one is installed.

* The draw desktop icon has this preference order to open: Inkscape, AzDrawing, Inklite - depending on which one is installed.

* The record desktop icon has this preference order to open: SimpleScreenRecorder, XvidCap - the latter is the default.

* The phone desktop icon has this preference order to open: Skype, https://appear.in, xchat - depending on which one is installed. Note that usage of https://appear.in is limited in some browser versions because they do not allow camera/mic in WebRTC API.

* Skype installed from Skype-4.3.0.37ap-puli.pet runs as spot.

* The zip desktop icon opens PackIt. Xarchive remains available via the menus.

* Notice that some common Puppy utilities, e.g., default applications chooser, have been removed in favor of the patch-based features.

* Notice also that the .DirIcon of the selected profile folder appears on the Desktop as backup icon.

* Warning! Puli detaches the pendrive at the end of the shutdown process to prevent the dirty bit set. Some machines remember this detached status until they are physically removed. In this case, unplug the pendrive after Shutdown. Never fix the dirty bit in Windows! Puli resets it next time during the bootup process.

* To accelerate its boot process, Windows 10 doesn’t fully shut down by default. Instead, it actually hibernates. Thus, the NTFS filesystem of Windows 10 appears as read-only in Puli (as in all Linux flavors). If you need to write to this partition from Puli, either permanently change the default power options of your Windows 10 or keep the Shift button while selecting Shutdown in your Windows 10.

* Some USB install tools, other than LiLi, do not accept .zip files. In this case, simply rename the Puli_install.zip file to Puli_install.iso. This renamed file will be accepted for installation.

* To update the common CA certificates included in Puli, see the Useful links section below.



V. Useful links:


Appendix A. How to install Puli in Linux environment

In the first section above, I described an easy method for installing Puli in Windows XP/7/8/10 environment. For an experienced Linux user, the below alternatives are also easy and straightforward:

If you have a Puppy Linux distro/puplet such as Puli 6.x.x or Puli 3.8.3 bark 6 or pemasu's Upup Precise 3.8.3.1:

1. Create a bootable USB pendrive

a. Click the Install icon on the desktop. Then in the Install dialog, click the BootFlash USB installer button and follow the instructions there. (If you don't have Install icon, try to select menu item Setup / BootFlash install Puppy to USB.)
* Bootflash may not be on your Puppy's menu. It may, however, be builtin. Try opening a terminal and typing bootflash
* Worst case, download and use smokey01.com/gjuhasz/sfs/bootflash-0.6p.pet
b. When finished, delete all files from the pendrive except ldlinux.sys.

2. Copy Puli to the pendrive

a. Puli and its updates are available at smokey01.com/gjuhasz in form of compressed files. Download then unpack the Puli_install.zip file that contains the Puli runtime structure.
b. Open the unpacked structure and copy its content into the (root of the) USB pendrive.

3. Unmount the pendrive.

If you have another Linux

a. Download the latest Puli_install.zip from smokey01.com/gjuhasz/Puli-(latestversion_issuedate) folder
b. Simply rename the just downloaded Puli_install.zip file to Puli_install.iso
c. Download one from the Linux based USB install tools.
d. Start the Linux based USB install tool, and follow the steps there. In the appropriate selection box, choose the "fake" Puli_install.iso file as source.

Before rebooting your machine from the pendrive

a. You can download some useful packages, e.g., browser(s), Adobe Flash plugin, Java runtime (jre) environment, Office packages, wine, etc. See the proposed packages at smokey01.com/gjuhasz/packages/Proposed_packages.txt). Download and put them into the /packages folder of your boot pendrive. I uploaded validation files, too (sha and/or md5), so you may check the downloaded stuff if you want. Note that you may find newer versions at the download page of their distributor. See the Useful links section below.
b. I recommend to read the above sections, too.
c. If you know what to do, you may configure some startup parameters in syslinux.cfg and in puli.cfg right now.
d. Ensure that the BIOS is configured to boot from pendrive.

You are ready. Puli is installed. Give it a go!


Have fun!

Regards,
gjuhasz
PuLiLi.jpg
 Description   Installing Puli with LinuxLive USB Creator
 Filesize   70.88 KB
 Viewed   8722 Time(s)

PuLiLi.jpg

Puli_profiles.png
 Description   Profile icons in Puli (Mild, Rigorous, Crazy and Lazy)
 Filesize   17.13 KB
 Viewed   11545 Time(s)

Puli_profiles.png


Last edited by gjuhasz on Thu 20 Apr 2017, 20:41; edited 135 times in total
Back to top
View user's profile Send private message 
gjuhasz


Joined: 29 Sep 2008
Posts: 355

PostPosted: Mon 22 Dec 2014, 15:45    Post subject: Puli 6.0  

A nice screenshot showing a little lazy puli dog.
Puli-6.0.jpg
 Description   See http://whitepuli.hu/new_home/2013_c/2013_cinkos_sunny_04.jpg
 Filesize   29.87 KB
 Viewed   19039 Time(s)

Puli-6.0.jpg

Back to top
View user's profile Send private message 
Dpup

Joined: 05 Aug 2008
Posts: 83

PostPosted: Sat 27 Dec 2014, 08:52    Post subject: Puli 6.0
Subject description: Testing
 

Thanks for another great release.

In addition to testing on various netbooks laptops, desktops that I posted about for Bark 6, I am also testing Puli 6.0 on a new Dell 17 inch Laptop with AMD Quad-Core A8-5545M that came with Win 8.1 installed.

The party guests mostly thought no way was Puli 6.0 going to work on such a new Laptop. But surprise, when I took the USB drive from my key chain loaded with Puli 6.0 which I have been using on more than half dozen other computers, it booted and connected to WPA2 AES account and worked just fine for all functional areas that we tested.

The only downside was using the new Win 8.1. It seemed to me and the other technology guests that for all the $Billions spent developing Win 8.1 the released product is a step backwards. Puli 6.0 along with other Puppy Linux releases just do more of what most of us need and use day to day, is more responsive, and much easier to use !!!
Back to top
View user's profile Send private message 
gjuhasz


Joined: 29 Sep 2008
Posts: 355

PostPosted: Thu 01 Jan 2015, 20:10    Post subject: Re: Puli 6.0
Subject description: The best time for relax
 

Dpup wrote:
The party guests mostly thought no way was Puli 6.0 going to work on such a new Laptop. But surprise, when I took the USB drive from my key chain loaded with Puli 6.0 which I have been using on more than half dozen other computers, it booted and connected to WPA2 AES account and worked just fine for all functional areas that we tested.


Dear Dpup, thanks for your presentation.

As there is a New Year starting today, many of us feel this is the best time for relax. Yeah, a day for laziness. And we let our pets do the same.

My Puli buries his bone before he "turns inward".

Similarly, Puli 6.0, in its "lazy" profile, hides the files of the disarmed (access-denied) /bin/ folder from strangers before letting his Master browse alone. Of course, the Master can tell him where to hide. By default, those files (bash, busybox, etc.) would act in the /ban/ folder, but since this a holiday today, why not drink to you with such a folder name like:

"Best wishes to all of you. Hope you have a great time in 2015 and always!"

Using the accurate Linux syntax, on the USB boot device, in the second line of /mnt/sdb1/3-lazy script:

Code:
lazybin="/Best_wishes_to_all_of_you_Hope_you_have_a_great_time_in_2015_and_always/"



Have fun!

gjuhasz
Happy_New_Year.jpg
 Description   
 Filesize   47.96 KB
 Viewed   11146 Time(s)

Happy_New_Year.jpg

Back to top
View user's profile Send private message 
gjuhasz


Joined: 29 Sep 2008
Posts: 355

PostPosted: Sun 08 Feb 2015, 20:33    Post subject: Puli 6.0 and updates of Tahrpup  

Just to confirm:

Puli works fine with the updated vmlinuz and zdrv files included in tahrpup 6.01 and/or 6.02. Kudos to 666philb and the tahrpup team!

Only the zdrv shall be renamed from zdrv_tahr_6.0.2.sfs to zdrv_puli_6.0.sfs - the vmlinuz file is applicable "as is".

FYI: Puli update is coming soon with

* Minor bugfixes and security patches
* Comfort features
* Smaller footprint

Have fun!

gjuhasz
Back to top
View user's profile Send private message 
totolanio

Joined: 03 Jan 2015
Posts: 192

PostPosted: Tue 10 Feb 2015, 22:59    Post subject:  

You should write a little description of the purpose of Puli, maybe ? Such as usage examples etc...

It's too vague for a non pro like me.

_________________
Main puppy used : LxPup tahr.
Multiple package installer/remover.
Back to top
View user's profile Send private message 
gjuhasz


Joined: 29 Sep 2008
Posts: 355

PostPosted: Wed 11 Feb 2015, 12:15    Post subject: purpose of Puli  

totolanio wrote:
You should write a little description of the purpose of Puli, maybe ? Such as usage examples etc...
It's too vague for a non pro like me.


Dear totolanio, let me explain the purpose in a form of a FAQ:

Q: What is the difference between Puli and other distros?
A: Most of the Linux distros are optimized for hard disk installation, although many of them can boot from live CD/DVD or from pendrive. Puli is for pendrive only.

Q: Then what is the advantage of Puli compared to other distros that boot from pendrive?
A: There are unique security features. The user is asked to unplug the pendrive just after the system starts. Also, Puli has some tricky profiles specially designed to resist the known (and even some unknown) web attacks. Advanced users can create their own profiles e.g., by combining the features of the existing ones.

Q: Do you mean surviving any kind of web attacks, or defense against new viruses etc?
A: I am dare to say yes, but the level of protection and the behavior depends on the selected profile. For example, code execution of viruses/trojans is prevented while browsing / skyping in the "lazy" profile. Man-in-the middle attacks have no chance to build up themselves in the "crazy" profile. Beyond this, a firewall is in place and the critical web apps are executed by spot user.

Q: What about preventing phishing?
A: Puli cannot do too much if the user intentionally responds to a malicious "phishing" request and shares, e.g., his/her IDs with passwords and other pieces of sensitive info. But Puli can be rigorous and has sharp teeth...
What it can do for his "crazy master" in such cases? Barking, blinking red icons, terminating the network connection, blacklisting suspicious sites, and/or even hiding the operational system from attackers. Smile according to the selected profile. Note that Puli automatically updates the (black)list of malicious websites just after it starts.

Q: What is the size of Puli?
A: Puli consists of a "skeleton" (about 188 MB, including all security features mentioned above) plus a configurable set of extra packages than can be co-loaded at boot time. Users can preset the features according to their current needs thus omit all "nice to have" modules that only waste time and resources for the actual session.

Q: How to save the session? To the unplugged pendrive???
A: Puli is unique in this aspect, too. In other distros, if the user deletes a file or makes something wrong, then the system can be corrupted forever - maybe a king size backup helps. But in Puli, you can return to any previous status.

There are three options:

    1) Save your files manually (during the active session), then log out without auto-save. In this case the pendrive remains untouched thus you boot into the same environment next time
    2) A “smart save” as part of the shutdown process. There are selected files to appear next time. Note that the next version of Puli (expected in March) provides a configuration file for this.
    3) Create a surprisingly small size backup file from the session any time. Beyond optimizing Puli for “multiple use case”, this kind of backup also resolves the “different user” and “different machine” issues (supported by a free-text backup description). The filename contains the timestamp thus the backup remains intact for good.

Of course, Puli asks the user to re-connect the pendrive to save files (You may use a dedicated USB stick for save/backup purposes.)

Have fun!

Regards,

gjuhasz

Last edited by gjuhasz on Thu 12 Feb 2015, 12:54; edited 24 times in total
Back to top
View user's profile Send private message 
gjuhasz


Joined: 29 Sep 2008
Posts: 355

PostPosted: Wed 11 Feb 2015, 12:15    Post subject: purpose of Puli  

Please find an example of the loadsfs file used by my son (Puli 6.0.2 beta, mild profile chosen). Remind that this is the config file to select the extra packages to be loaded at boot time :
Code:
-audacity
-azdrawing
-AzPainter
-Blender
-Calibre
-devx
-dreamchess
-fonts
-gimp-2.4
-gimp-precise
google-chrome-stable_34
-inkscape
jre-1.7
-jre-1.8
-lazpaint
-LibreOffice
-linphone-3.6.1-xv
-LP2_GimpPainter
-mypaint
Minecraft
-Skype-4.3.0.37ap
-SoftMaker697
-SweetHome3D
-teamviewer-10
-wine_puli_wt-1.7.21

I prefer loading another set of extra files (by removing the "dash" character that precedes the package names by default): google-chrome (lazy profile), fonts, Skype, SoftMaker and teamviewer, sometimes Calibre. They can be anywhere on the boot device, either as .pet or .sfs packages (except chrome, which must be .deb).

My daughter selected google-chrome (mild profile), mypaint (or LP2_GimpPainter, or sometimes Blender) and Skype .

An average user does not need to deal with configuration details deeper than the above selections in loadsfs.

That's all. Our machines are: one HP6600 (3GB, ATI HD 5400) and one HP7600 (2GB). Swap installed in both (same size as the memory). I also use a fast 64-bit Dell laptop (i5, 4GB, no swap).
Puli runs fine on all of the above machines booted from any of our pendrives. There is no need to reconfigure anything.

See the post of forum member Dpup, too.

----------------

A couple of additional comments, just FYI:

I am among the users who dislike the "carved in stone" distros because they (we) feel discomfort if one or more features become obsolete. Most of those distros face a risk that altering/replacing/upgrading a single module crashes the whole installation. In contrast, Puli was designed to support such upgrade attempts, e.g., no other distros tolerate upgrading Chrome then returning to a previous one (e.g., to compare stable/beta/dev versions).

In the promised new Puli (probably 6.0.2, already in beta), the extra modules may include "rampup" and "after party" scripts to prepare and/or clean up the module environment before and/or after running it.In our case, for example, the "rampup" script of the Minecraft module
1) looks around for saved worlds and loads them,
2) force installs the java runtime if it is missing,
3) disconnects the network
4) starts the game as spot.
The "after party" script adds its two-cents to the "smart save" configurator describing which worlds shall be saved to where in the frame of the shutdown process.


Have fun!

Regards,

gjuhasz
Back to top
View user's profile Send private message 
Q5sys


Joined: 11 Dec 2008
Posts: 1124

PostPosted: Thu 19 Feb 2015, 11:43    Post subject: Re: purpose of Puli  

gjuhasz wrote:
Barks as soon as suspicious connections are detected (only during browsing). Then, to prevent hacker attacks, updates the firewall's blacklist with the suspicious hosts.


what metrics is it using to determine whats 'suspicious'?
Im on the road right now so i can download and test this until tonight, but please tell me that everything web facing isnt running as root. Smile

_________________



Back to top
View user's profile Send private message Visit poster's website 
gjuhasz


Joined: 29 Sep 2008
Posts: 355

PostPosted: Thu 19 Feb 2015, 14:29    Post subject: Re: purpose of Puli  

Q5sys wrote:
what metrics is it using to determine whats 'suspicious'?


Dear Q5sys,

Please take a look into the defaultbrowser file of the "rigorous" profile (you can find it on the boot device, as /profiles/1-rigorous/usr/local/bin/defaultbrowser).
Between Lines 70 ... 77, the established connections are checked based on some specific patterns set, e.g., if only the IP address and non-standard ports are evaluated as "suspicious".
If this (example) pattern matches, then Puli disconnects the networks (Line 90), updates the firewall (Line 94), then barks before reconnecting (Line 104).

Similar patterns are built in the default "Mild" mode but the consequences are not as rigid there as in the Rigorous mode.

Of course, as I wrote above, the pattern(s) here are only examples. You can borrow ideas from Snort or similar systems or even create your own.

Note that preventing web-attacks is a complex task thus other modules need to co-operate (with the help of config items in /etc/hosts, /etc/friends, /etc/rc.d/rc.firewall and so on.)

There are other funny methods within Puli. For example, you are browsing while " /bin is in the bin " Smile thanks to the Lazy profile of Puli.
I do hope that my examples in Puli inspire users to combine them or invent something new.

Q5sys wrote:
please tell me that everything web facing isn't running as root


Puli is a funny dog. Of course, for example, Skype runs under spot user in each mode. See details in /profiles/3-lazy/usr/local/bin/defaultchat file.

Have fun!

Regards,

gjuhasz
Back to top
View user's profile Send private message 
gjuhasz


Joined: 29 Sep 2008
Posts: 355

PostPosted: Sun 22 Feb 2015, 17:39    Post subject: In cases of Bootflash not found  

I received a PM from a friend:

Quote:
Your installation instructions require the use of bootflash, suggesting employment of prior version of Puli or Upup 3.8.3. I used Upup before I remembered that almost all of my current Pups employ Openbox or Lxde. Sometimes the Menus produced by those window-managers fail to list installed applications. They're finicky about having the category definition end with a ";", sometimes about the first of multiple categories, and sometimes just for sport.

With the exception of Carolina, every recent Pup I examined which didn't show bootflash on its menu had bootflash built in. It could be started by typing "bootflash" in a terminal.

Suggest your instructions include something like:

Bootflash may not be on your Puppy's menu. It may, however, be builtin. Try opening a terminal and typing,
Code:
bootflash

I searched several repos --including Carolina's-- but couldn't find a "bootflash" pet. Maybe its called something else. If it can't be found on any repo, perhaps you could offer a pet. Not being kernel or hardware dependent, it will probably be compatible with any Pup.


Thanks for your recommendations. I modified both the first post above and www.smokey01.com/gjuhasz/readme.html accordingly.

Please find www.smokey01.com/gjuhasz/sfs/bootflash-0.6p.pet attached, too.

Thanks again.

Have fun!

Regards,

gjuhasz
bootflash-0.6p.pet
Description  MD5sum: 3fa226bfd2cf7281e32ef0d2647549cc
pet

 Download 
Filename  bootflash-0.6p.pet 
Filesize  162.84 KB 
Downloaded  433 Time(s) 
Back to top
View user's profile Send private message 
gjuhasz


Joined: 29 Sep 2008
Posts: 355

PostPosted: Sun 08 Mar 2015, 09:12    Post subject: Announcement: Puli 6.0.2  

Let me proudly announce the new Puli 6.0.2

Available at http://smokey01.com/gjuhasz

See details in the first post.

* Some updates kindly applied from Tahrpup 6.0.2 CE - kudos to 666philb and CE Team.
* Minor bugfixes (e.g., in /etc/rc.d/rc.local)
* Improved security: known link redirectors / URL shorteners (often used by hackers for man-in-the-middle attacks) blocked in /etc/hosts
* New comfort feature: "After party" tasks can be put into /smartsave folder in separate files. They will be auto-executed before shutdown. See details in my above post sent on Wed 11 Feb 2015, 12:15.
* Smaller footprint

Have fun!

gjuhasz[/quote]
Back to top
View user's profile Send private message 
gjuhasz


Joined: 29 Sep 2008
Posts: 355

PostPosted: Fri 13 Mar 2015, 13:36    Post subject: Re: Announcement: Puli 6.0.2  

gjuhasz wrote:
Let me proudly announce the new Puli 6.0.2


Let me attach a nice screenshot:

http://commons.wikimedia.org/wiki/File:Feh%C3%A9r_puli_kiskutyak.jpg

Have fun!

gjuhasz
Little_white_puli_dogs.jpg
 Description   GNU Free Documentation License, see background pic at http://commons.wikimedia.org/wiki/File:Feh%C3%A9r_puli_kiskutyak.jpg
 Filesize   60.39 KB
 Viewed   10286 Time(s)

Little_white_puli_dogs.jpg

Back to top
View user's profile Send private message 
PFan


Joined: 14 Oct 2011
Posts: 14
Location: Vermont

PostPosted: Mon 16 Mar 2015, 14:37    Post subject:  

Hello,
I just wanted to say thank you for this puppy. I'm not using it exactly as you intended, but it works very well for me. My concern was less about on line security, and more about the ability to remove the USB drive once everything was running. It works beautifully on this oldish Dell Latitude

[/img]
screeny.jpg
Description 
jpg

 Download 
Filename  screeny.jpg 
Filesize  131.29 KB 
Downloaded  539 Time(s) 
Back to top
View user's profile Send private message 
gjuhasz


Joined: 29 Sep 2008
Posts: 355

PostPosted: Fri 20 Mar 2015, 12:27    Post subject: Python/Blender bug fixed  

I uploaded a pet file for my favorite 3D tool Blender 2.74 rc2 to http://www.smokey01.com/gjuhasz/packages/Blender/2.74/

Tested with Puli. Probably works with other puppies, too.

My two-cents to this thingy: I fixed the always-resurrecting Blender/Python bug: Invoking Help (or any external URL from within Blender) creates a ROX-Filer zombie.

If you can live with this bug, you may restore the original webbrowser.py file from the "original" subfolder of the above URL to your machine as


Code:
/opt/blender/2.74/python/lib/python3.4/webbrowser.py



The patched version is already included in the pet file but you can also find a copy in the "patched" folder there.


Have fun!


Regards,

gjuhasz
450px-Splash_274.jpg
 Description   
 Filesize   28.66 KB
 Viewed   9972 Time(s)

450px-Splash_274.jpg


Last edited by gjuhasz on Mon 09 Nov 2015, 11:00; edited 2 times in total
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 1 of 16 [229 Posts]   Goto page: 1, 2, 3, ..., 14, 15, 16 Next
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Advanced Topics » Puppy Projects
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.1216s ][ Queries: 12 (0.0075s) ][ GZIP on ]