DistroWatch Weekly |
Tip Jar |
If you've enjoyed this week's issue of DistroWatch Weekly, please consider sending us a tip. (Tips this week: 0, value: US$0.00) |
|
|
|
bc1qxes3k2wq3uqzr074tkwwjmwfe63z70gwzfu4lx lnurl1dp68gurn8ghj7ampd3kx2ar0veekzar0wd5xjtnrdakj7tnhv4kxctttdehhwm30d3h82unvwqhhxarpw3jkc7tzw4ex6cfexyfua2nr 86fA3qPTeQtNb2k1vLwEQaAp3XxkvvvXt69gSG5LGunXXikK9koPWZaRQgfFPBPWhMgXjPjccy9LA9xRFchPWQAnPvxh5Le paypal.me/distrowatchweekly • patreon.com/distrowatch |
|
Extended Lifecycle Support by TuxCare |
|
Reader Comments • Jump to last comment |
1 • Hooray for KDE (by Vladimir on 2009-08-24 07:42:24 GMT from Serbia and Montenegro)
Finally, KDE is default in suse. This actually proves that openFATE really works, and that it is not just some trick Novell tried to pull on its community.
BTW, has anyone noticed that popular Adblock firefox extension now blocks many images from dw? Even the main distrowatch.com image is blocked. Maybe you should consider moving some of the non-ads related images out of "kotaku" dir which adblock blocks.
2 • Hmmm yummy KDE n yummy Suse... (by Yasser on 2009-08-24 08:09:49 GMT from India)
this is really great news...in my opinion...no one else does Gnome AND Kde as good as Opensuse does. Whether it was KDE or Gnome, I have always liked opensuse's implementation....with KDE 4.4 coming, this is really goin to push KDE into the limelight...hooray to KDE...
KDE is cute, sweet, n a whole lotta fun... Gnome is bland but productive n serious!
3 • KDE as default in SuSE (by LAZA on 2009-08-24 08:10:24 GMT from Germany)
Wasn't that some years ago the same announce? Around version 7.3 or somewho other? I think, GNOME would be EVER also in the distribution... plus one or other dektops also...
4 • New distros in db and waiting list (by Peter on 2009-08-24 08:13:09 GMT from Slovakia)
Nice DWW and hooray for any new distributions that are not ubuntu-based :) Have a nice week!
5 • This DWW (by Christoph Zeiler on 2009-08-24 08:20:57 GMT from Germany)
Great DWW issue! Personally I'm especially happy to see almost zero Ubuntu-related news in it ;D NuTyX sounds really interesting, I was always fond of CRUX's package manager, but the base system is too minimalistic for my tastes. The idea of a CRUX based, desktop-centric distro is a real nice idea IMO. Pitty it's in French only, but hope remains that with growth of the userbase they'll add more languages. Regarding the updated distro layout: I really like it, and coming to think of it, it was about time ;) But seriously, great stuff. Most important information on top of the page, no more need for scrolling down to read distro's description, and a nice screenshot to round it all up! If there's one think I'd like to see changed: Could you add the distro's package manager to the information summary on top of the page. After all, it's an important factor for distinguishing distributions from one another. That's about it.
Keep up your great work, and wishing everybody a happy new week!
6 • But KDE 4.4 should be LEANER...like Windows 7!!! (by John on 2009-08-24 08:23:15 GMT from India)
The KDE 3.5 series was seriously the best and fastest that I have ever tried....but sadly I found KDE4 to be a resource-hog....it ran so slow on my hardware...although KDE 3.5 used to blaze! I've a feeling that KDE 4 is the new Vista...so lets see when we can expect Windows 7...alias KDE 3.5-equivalent!
On ANOTHER note, I've a feeling that the NEW Windows 7 has already CONVERTED some Linux users to cross over to ;D
Windows 7 rocks..n i expect KDE4 to do the same.....
7 • Not as advanced as SUSE Studio but..."PardusBurn" (by Sertse on 2009-08-24 08:35:07 GMT from Australia)
One of the the Google Summer of Code projects for Pardus is a Web based distro maker. You can create for customised Pardus iso from the web interface, selecting what you want etc..
Some info and screenshots of the project are from the dev's site: http://www.sarathlakshman.info/
8 • Ah, Monday morning... (by Cody on 2009-08-24 09:18:55 GMT from United States)
@ 2 You nailed it in your last two sentences.
@ 4 & 5 You shouldn't be so obvious about your "anti-Ubuntu" feelings. Trust me. We all know there are plenty anti-Ubuntu people. However, if you get bored, pick up the latest issue of Linux User & Developer and read the interview with Mark Shuttleworth. I'm pretty sure you will hate him more.
@ 6 If you have made the switch to Linux already, why in God's name would you want to go back. Someone misses WoW a little too much. XD
@ 7 I like your pictures from the May 31st posting on your blog. Lot's o' discs. hehe
========================================================
The funny thing about driving off a cliff is that on the way down, you are still going to try and slam on the breaks.
9 • Puppy (by Joe on 2009-08-24 09:28:10 GMT from United States)
Good review. I have dabbled with Puppy for several years. Excellent option on older, slower, lower memory systems. I installed and still occasionally use an older version (1.9) on an ancient Compaq 486 laptop with only 128 MB of memory.
Valid point about default login is root w/o password, but everything else about Puppy is simple and straightforward. Easy to use, easy to update, easy to remaster or install on USB drive.
One of the things that continues to amaze me about it is that I have been able to easily connect with a network or the internet via ethernet card - even wirelessly. Even when Puppy doesn't automatically detect the wireless interface, it provides a relatively easy process to semi-manually work through and test a series of drivers. It also allows the user to install a windoz driver. When I run Puppy from CD or USB drive, I can install the windoz driver right off the laptop's HDD, otherwise just have it on a USB stick.
Package availability is pretty good for ordinary activity. Several browsers including Opera, several word processing options including Textmaker, likewise with basic graphic and multimedia packages. Remastering the CD or installing on a USB stick can include the additional installed packages, so you can carry a very portable OS setup with a full range of basic programs that can be booted on almost any machine.
There has been some controversy recently about the newer version (new developer) not being up to the standards of the original. I have noticed some differences, and I have copies of versions 1, 2, and 3 still available. Sometimes an earlier version will work better than the newer one - but I have occasionally found that to be so in other distributions too.
Puppy is an excellent simple, basic Linux OS. It's fun and it has worked well for me.
10 • short of memory?!! (by greenpossum on 2009-08-24 09:34:20 GMT from Australia)
"it's a bit short on memory for a modern desktop, with just 2 GB of RAM"
What?!! You think you are deprived with 2GB of RAM? I run a no-scrimping KDE desktop in under 1GB, in fact free shows me that only about 600MB is actually used. I know RAM is cheap now (and I do have lots of it on my workhorse machine), but just what are you running that you feel 2GB is insufficient for a modern desktop?
Puppy will work fine in 128MB upwards. 2GB? Looxury!
11 • Puppy (by fox on 2009-08-24 09:50:42 GMT from Canada)
Nice review of Puppy Linux. I was attracted to it as well by the small download and the prospect of a lightning fast system. Unfortunately, like Jesse, I had a lot of trouble getting it to connect via wireless on my MSI Wind. I gave up on it and am still looking for a fast, small system to use when I just want to use the internet and check email. xPUD and Moblin have a lot of potential, but mail programs are missing on them.
12 • Slackware and Haiku (by uz64 on 2009-08-24 10:06:01 GMT from United States)
I've been anxiously awaiting the next Slackware for a while now. And did anyone hear the news that Haiku will officially have an alpha release on the ninth of next month? I can't wait, it's getting near...
Meanwhile, last week has been boring as hell when it comes to *any* news, not just distro releases... hopefully things pick up this week.
13 • puppy linux 4.2.1 (by Dopher on 2009-08-24 10:16:12 GMT from Belgium)
First of all, the version 4.2.1 reviewed is not the best version. In my opinion version 4.1.2 is the latest stable version. (4.2.1 contains too much bloat)
Puppy linux is ready for every day use, but only by an experienced user (or by inexperienced low demanding people who only use it for surfing or emailing), since keeping the system updated and having useful applications is all about compiling the latest software yourself. Also programs can be run as simple user.
Integrating certain stuff, like software, libs etc, into the system requires a lot of RTFM from lots of different sources.
The live disk is just the base of your own operating system.
If you are into minimalism (and I am), The concept of puppy linux is great. You have a superfast operating system. Encrypted safe file. And it it can be installed on anything. I have it on USB stick.
There are a few big disadvantages:
There is no real quality control, since Since it doesn't have the infrastructure. There are a lot of usefull little apps created by users, that get implemented into the newest version, that really clutter the menu and indeed have cryptic names. And lately it got even worse. Nothing wrong with those nifty apps, but those simple single task applications, although superhandy, should really be hidden in a sub-sub menu.
There is also no real consistency of the used apps in the versions of puppy linux. It all depends on the hairday of the creator. The concept is great, and the creator is a hard and determent and skillful worker (just have a look at his blog), he has his own strong ideas and paves his own road, but an OS is more then just the stuff under the hood, it's a whole concept, and having logical menu's, a nice interface in general (like themes, consistency, etc) is very important for an end user.
If you are look for software and always want to be updated, and don't want to compile yourself, it's a real puzzle to find packages and their dependencies from the forum/blog. It also means you have to trust the competence of the users who created it. My advise in that case is: stay away from puppy!
I can handle all these disadvantages, and puppy is my main operating system. Because after experienced puppy speed and portability, I just can't go back to the traditional linux systems.
My strategy is like this:
Puppy has a layered filesystem. The user will only see the highest layer (as far as i understand). So, I just use puppy linux iso as a base, and mount an sfs with the latest software. If i want to integrate new software, i just add the newely compiled software to that sfs. That way your safe file doesn't get bloated with all the sofwtare you have installed.
I am really looking forward to 4.3 with dual core support and more.
14 • Mandriva and Plymouth (by Simon on 2009-08-24 10:33:28 GMT from United Kingdom)
Nice to see PLymouth getting picked up elsewhere - it is a nice boot process now on Fedora. What I'd like to see is Mandriva modifying KDM to make the plymouth->kdm transition as seemless as plymouth->gdm, so that Fedora can pick that up and make my boot to KDE on Fedora even nicer (or maybe I'll even try Mandriva again...).
Hmm, when I'm getting excited about boot splashes it must mean the rest of the desktop is working pretty well :-)
15 • Re: Puppy (by LinuxUser7 on 2009-08-24 10:43:19 GMT from Macedonia)
"Unfortunately, I had a lot of trouble getting it to connect via wireless on my MSI Wind."
@Fox: Puppy 4.3 going to fix all of these hardware compatibility issues.
Watch this space:
http://www.puppylinux.com/blog/
and test the new 4.3 beta 2 when it comes out.
Puppy 4.3 is on the right track - the original developer is back :)
16 • if memory serves me correctly (by gumb on 2009-08-24 11:05:06 GMT from United Kingdom)
@ 10 I agree that RAM is overrated. I've consistently read comments about how important increased memory is since starting with my first Win95 PC in the nineties, yet every RAM boost I've performed on any computer has made little discernable difference. A good, fast and high-capacity hard disk always provides a more considerable improvement.
I've set up my parents' desktop running latest KDE 4.3 on openSUSE 11.1, with just 512mb RAM, on an old-ish single core P4 2.4GHz, and it runs perfectly smoothly, even with multiple users logged in. KWin effects are turned off but only because they prevent Google Earth from starting, they also work fine otherwise. The generous 2gb of swap space I've apportioned rarely gets used. Prior to this I had the same machine with openSUSE 10.2 and KDE 3 running on just 256mb RAM.
17 • Mandriva to remove KDE 3.5 (by Dave Rafter on 2009-08-24 11:08:00 GMT from Seychelles)
it seems no one wants to commet on the plan to remove KDE 3.5 removed completely from the distribution in Mandriva.
to me it seems to be drastic to removal it as many of us still do not trust KDE 4.x, why can't they jsut keep it in the repo and let some of us who want it get it from the repo ?
More strange if not bad decisions from Mandriva ?
18 • Distrowatch (by Jun Kim on 2009-08-24 11:21:27 GMT from United States)
This Distrowatch is getting better. Puppy is a good distro I use it many times. Wolvix is better than even Puppy or other distros. I wish for the final version of Wolvix so a good review would appear here. I will enjoy reading all of this today. If no one tried Wolvix they should try it for a good operating system.
19 • Puppy Linux 4.2.1 (by Donald on 2009-08-24 11:29:51 GMT from Hong Kong)
I have fooled around with most of the puppy releases and puppy derivatives and never had the slightest trouble connecting to the internet via wireless or non-wireless DSL linkup. The only thing that bugs me is the browser lock-ups or crashes when you're right in the middle of something important and you have to start all over again.Once you get hooked on the speed of puppy,especially when its installed on a SATA2 harddisk and running a fast cpu,then it's kind of addictive to say the least. I'm looking forward to playing with the new release and want to express much gratitude to Mr. Barry Kauler for all his long arduous hours put into developing this great program.
20 • @1 (by Franz on 2009-08-24 11:33:32 GMT from United States)
About blocking not just images on distrowatch site is nothing new. Also if jou doesn't send browser identfication, site doesn't allow you to browse...
21 • Puppy derivatives? (by ceti on 2009-08-24 11:59:43 GMT from Brazil)
Can anyone please name puppy derivatives?
Thanks
22 • KDE4 vs Windows7 (by Miq on 2009-08-24 12:23:50 GMT from Sweden)
Re "KDE4 is the new Windows 7" :D
That's actually quite funny! Seriously, though, it is probably rather the other way around: that Windows 7 has been "inspired" by KDE4. Redmount is VERY good at being inspired, and KDE4 is the slickest, prettiest DE around, while still being highly productive and snappy on remotely decent hardware. KDE4 is as pretty as Windows7 but leaner on resources and the GPU. Windows7 is in fact a testament to that KDE4 was the Right Thing to do.
Using KDE4.3 on Fedora 11 I can say that there are few, if any, snags left from earlier versions, it is now a smooth ride. With new Qt versions there's also further speed and stability improvements. Most significant configuration applications now have KDE front-ends or native applications.
Basically, I'd say that there are only three drawbacks atm: 1) KOffice's KWrite isn't very compatible with MS Word (but you can use OpenOffice Writer instead) 2) KDevelop4 isn't released yet (though you can always use a SVN snapshot) 3) K3B for KDE4 isn't released yet (though you can use the KDE3 version)
Also, Nokia's new mobile phones run native non-proprietised Linux using Qt, which speaks volumes about cross-platform adaptation of the Qt platform. Let's hope they will finally release the Qt port of Gecko/Firefox :)
23 • No Buntu news make me sad (by Sam on 2009-08-24 12:30:57 GMT from United States)
What?! No 'Buntu news of any kind in this issue? Say it ain't so!
Speaking of "say it ain't so..." Mandriva cutting KDE 3.5 out of the distro? You mean, the Mandriva team again does something that doesn't make sense, as it eliminates at least a goodly chunk of potential users? What are they planning to do with all the extra space on the DVD, provide Alien Arena?
24 • -----Can anyone please name puppy derivatives?----- (by PhantomTramp on 2009-08-24 12:35:55 GMT from United States)
How much time have you got?
http://www.puppylinux.org/downloads/puplets
The Tramp
25 • No subject (by Franz on 2009-08-24 12:40:25 GMT from United States)
Basically, I'd say that there are only three drawbacks atm: 1) KOffice's KWrite isn't very compatible with MS Word (but you can use OpenOffice Writer instead) 2) KDevelop4 isn't released yet (though you can always use a SVN snapshot) 3) K3B for KDE4 isn't released yet (though you can use the KDE3 version)
and than you have KDE4 and almost all KDE3 installed. Many users need conversion for MS Office (I am one of them) and whay have twoo offices on computer? For me is OO enough same as KDE3 which is still much better than KDE4.
26 • re:23 (by Anonymous on 2009-08-24 12:51:43 GMT from United States)
Didn't Fedora (or another one of the major distro's) stop providing 3.5 a while ago and didn't openSuse announce (at least at one time) that 11.2 would only ship with 4?
And since 3.5 is no longer actively developed it seems obvious that most distros will follow at some point, though I'm sure some will keep 3.5 as a way to attract new users who still want to use it.
27 • Screenshots (by Elder V. LaCoste on 2009-08-24 12:55:34 GMT from United States)
Very nice review of Puppy. My experience has been the same. Some of the Puppies and Puplets are excellent and some aren't.. I take issue with the reader who criticizes the new Puppy as "bloated". At less than 100 Megabytes it is impossible for it to be "bloated".
Ladislav, very nice work adding the screenshots! This is what was missing. It is very helpful to see a picture ("...worth a thousand words"). Any chance that the overall color scheme will change? Yellow, peach, and reddish brown? Yuck! It is easy to read and it loads quickly though.
28 • Re:@26 (by Franz on 2009-08-24 13:04:22 GMT from United States)
"And since 3.5 is no longer actively developed it seems obvious that most distros will follow at some point, though I'm sure some will keep 3.5 as a way to attract new users who still want to use it."
I don't agree...if stop providing KDE 3.5 many users will swith to GNOME or Xfce or...
29 • Few explanations and comments about Puppy (by George on 2009-08-24 13:06:08 GMT from Czech Republic)
There are already some good comments about Puppy, mainly No. 13 by Dopher). I am not Linux expert. And I am not expert for Puppy, but I am using it about 6 months now every day. Sorry for my English, I am a foreigner. Puppy is quite different from other mini distribution and from major Linux distros. If somebody want to try it, it should understand few things, first of all types of installation and some special features of Puppy.
Things/features to understand before trying Puppy: -------------------------------------------------------------------------- A. Puppy basically has these types of installations (other also available) 1. Frugal installation. Recommended for vast majority of users (unless you have special demands). No partitioning is necessary. It can be on any partition, even on the same partitions as Windows. You can have two or more Puppy versions on the same partition. The whole installations takes very little space on disk and it is only 4 highly compressed and read-only files (plus file with user data/configuration data: "PUP" file). 2. No installation at all, running from CD/DVD (or USB) every times. "PUP" file (user/configuration data) can be saved to almost anything, including CD-R (DVD-R) from which it started, CD-RW or DVD-RW is not required (one of unique features). In despite of this special feature and while Puppy web says many users are running Puppy just this way, I would not reccomended it for long time. However, it is good idea to try Puppy this way. You will see if it suite you and if it detect all of you hardware. 3. Standard installation to separate ext2/ext3 partition, ISO image is decompressed to individual files. Take much more disk space (still low compared to others distros) and have some other disadvantages. B. Layered file system. One of advantages of it are SFS modules. From users point, its one file containing the whole application with all dependencies (e. g. the whole OpenOffice), it can be mark (to be run) or unmark on the fly. Recommendation: install small programs from PET, use SFS for large programs.
Comments to review with above in mind. 1. “..The Puppy installer ... There isn't any disk partitioning or package selection during the install.” a) It is supposed to run from CD or frugal install = no partitioning is necessary. Otherwise, run GParted (included). b) No package selection: for CD or frugal it is even not possible technically. For install on ext2/ext3 it is not big question because of very small size. 2. “the user runs as root.” I fully agree with the reviewer. I did not like this approach when I started with Puppy. And I do not like till now, even if there is a lot of advocacy on Puppy web. But I must admit, it is practically imposible to get virus on frugal install (it is read-only squash file system). 3. “no package updater built into Puppy”. The reviewer is true. I guess it mainly related to the ways PETs and SFSs are made (even “standard programs” are usually patched and made smaller than in other distro.
My opinions: certainly Puppy is not perfect, have some drawback and glitches and it is not for everyone. I would not recommended it for expert user, certainly not for servers. But I would it reccomended it for “average users”, for people coming from Windows, for people looking for small and compact distro (yet with quite a lot of applications). Of course for older hardware, but also for new hardware and is very good for (now so popular) netbooks (use modified version of Puppy for that).
30 • Hmm (by Nobody Important on 2009-08-24 13:14:14 GMT from United States)
I agree with the review of Puppy. Light, handy, but lacking in some key ways that keep me from using it seriously. It's a novelty.
I do agree that 2 GB of RAM is insanely high for Linux Desktops; you won't need to upgrade anytime soon, unless you're doing heavy work in certain fields, like video editing or virtualization. I ran Puppy on a machine with 192 MB RAM and it ran just as well as my 1 GB RAM box, so that should tell you how well this thing scales down.
Heck, Fedora 11 with KDE4, one of the most bloated combinations you can find anywhere, runs just fine on 2.5 Ghz and 1 GB of RAM. I don't see how 2 GB is on the "low side" of things.
Wow, even when there isn't any news about Ubuntu people are still whining and complaining about the brown monolith. Dear lord, you just can't win with these insipid people.
OpenSUSE has always been a top-of-the-line KDE distro. It's about time they admitted that. KDE 4.3 was a great release and I'm now using it on my aforementioned desktop with fabulous results.
Good issue.
31 • re 28 (by Anonymous on 2009-08-24 13:15:07 GMT from United States)
"I don't agree...if stop providing KDE 3.5 many users will swith to GNOME or Xfce or..."
No way - people will migrate to those distro's that still provide 3.5 (creating a new and maybe popular niche). I find it hard to believe kde'ers will be satisfied with either Gnome or xfce (but only time will tell) or with a de that is no longer actively developed.
Personally I'm pretty happy with kde4 and have few if any kde3 apps that I use.
32 • Colours (by Tom on 2009-08-24 13:24:47 GMT from United Kingdom)
Often people with dyslexia find it much easier to read black lettering on a pale yellow background. I have often wondered if DW's colour scheme is a happy accident or a coincidence.
33 • "New layout for distribution pages" (by VernDog on 2009-08-24 13:25:45 GMT from United States)
I like the updated distribution pages. A touch of professionalism. Great work !
34 • RAM issue (by Jesse on 2009-08-24 13:42:47 GMT from Anonymous Proxy)
Some folks (especially comment #10) have brought up my comment about 2GB of RAM being low for a modern system. I'd like to mention that my main system has 2GB of RAM and it's usually about half full when I'm pushing it. My laptop has 1GB of RAM and is usually using 80-90% of that, when I'm running everything. (Everything being KDE4, Open Office, web browsing, listening to music, etc.)
But my comment wasn't about *my* RAM usage at all. It was about the hardware sold in stores today. Most modern systems come with more than 2GB of RAM is you're buying them off the shelf. It's been years since I have seen a workstation with less than 2GB of RAM. Most have quite a bit more. A quick survey of my friends' main boxes shows the average to be above 4GB of RAM.(2GB being the low mark from a three year old machine and 8GB being the high end, one year old box.) This isn't a reflection of how much RAM is being used, it's a reflection of the market. For my purposes, 2GB is more than enough.
35 • re:34 (by Anonymous on 2009-08-24 13:56:37 GMT from United States)
Jesse - there's a perception that one of the reasons people use Linux is because they have older boxes with 512mb (256 or 128 even) or less ram and that some distro's (dsl, puppy, etc) are geared towards this hw so that when reviewing one of the "lighter" distro's it's important for a certain segment of the readers to know how well something runs on that kind of hw.
Personally I'm interested in how a heavier distro with a full de (Gnome, Kde) runs on more limited hw also, as I have an older laptop with a single core Celron.
36 • ÆrieBSD? (by Ærlig talt on 2009-08-24 14:08:51 GMT from Norway)
What is up with this name? Are they purposefully making it harder for people with A-Z keyboard setups to search for this OS? Why not just go all the way and call it something like "ߪÐ"? Or even "GreekΒΣΔ"?
37 • Puppy XP? (by Martin on 2009-08-24 14:09:03 GMT from Slovakia)
"A concern I had while running Puppy is that, by default, the user runs as root. There's no warning regarding this."
OMG what a foolish idea. Stay away from this kind of distributions until they change their approach to security.
38 • Re to 21 (Ceti) Can anyone please name puppy derivatives? (by George on 2009-08-24 14:09:07 GMT from Czech Republic)
Re to 21 (Ceti) "Can anyone please name puppy derivatives?" There are a lot of them. Look at: a) http://www.puppylinux.org/downloads/puplets AND/OR (some are at both URLs, some not) b) http://www.murga-linux.com/puppy/, and go to "Puppy Derivates" headline: Be aware, that some are just one-time attempts. I would recommend few well-known with a lot of users and with proven history, e. g. a) ChoicePup: is oriented to SFS (see post No. 29 for SFS explanation). b) Macpup Opera: very good, it uses Opera as primary web browser (version with Firefox also exists) and uses Enlightenment as the default window manager (user interface resembling Apple's Mac OS X.) http://macpup.org/ for more info. c) NOP (Nearly Office Pup) it is even smaller than Puppy (about 65 to 76 MB depending on version). The Abiword plus Gnumeric is removed (idea is that is run from frugal install or USB stick and you add SFS with your favourite office: usually OpenOffice, but could be Goffice (Abiword & Gnumeric) or Koffice. + using the XFCE desktop. d) Boxpup: if you want to try yet another window manager (Openbox) + Thunar filemanager e) MediaPuppy (did not try) is much larger the most Puppy derivates (about 350 MB) but a lot of program for audio+video editing is added, including ManDVD, Kino, Avidemux, K3b, K9copy, Gimp, Mplayer full (including mencoder), dvdslideshow, dvdauthor, Wine, Pixia on Wine etc. and many other puppy derivates
For netbooks try: a) pupeee: puppy 4.2 plus patches for most Asus netbooks (also for other netbooks) or maybe b) acer one puppy
I am not sure, if they are special Portuguese derivates (I think so), but certainly they are some Spanish. Look to URLs above.
39 • Puppylinux and stuff (by davemc on 2009-08-24 14:10:17 GMT from United States)
I have to agree that running as root is BAD!
BAD BAD BAD!
I do really like Puppy and always have, and I do hope Barry gets over this idea and starts integrating more UNIX Style security into Puppy! The problem is that Puppy was never designed solely to be used as a rescue system, but as a fully functioning mobile system. It is unique and IMO, is more like a fun and very friendly, super portable, desktop/laptop/work system perfect for netbooks too. But again, the MAJOR drawback is running root as default! Because of this, again IMO, it gives off the impression that this is not a serious and professional product, but more of some backroom geeks idea of what he/she thinks is a windows 98 spinoff. Such a shame that such a fantastic distro should be laid low by such foolishness as a flippant attitude towards UNIX security standards; a sure and quick way to become pariah amongst the UNIX faithful crowd.
40 • Puppy Linux running as Root and no Updates, no big deal! (by John Van Gaans on 2009-08-24 14:13:39 GMT from Australia)
Your review of Puppy 4.2.1 has it points but to say that you can't use Puppy installed to your hard drive every day is incorrect. I've used Puppy for 99% of my PC needs for over 2 years and loved the concept so much I created TEENpup Linux to build on that concept. I love being root all the time as I can experiment, make changes and no password manager comes up all the time asking for approval on what I'm doing. So I totally stuff up my system. Just boot up live and transfer any important files, pictures to another partition or burn them to DVD and then reinstall Puppy / TEENpup in about 10 minutes. No big deal. Puppy updates anything important with each release and not having daily or weekly updates hasn't lead to my system getting over run with virus's. Check out TEENpup 2009 Legacy's Menu for ease of use, how does for example "Play my Multimedia with VLC" or "Create a Letter with Open Office 3" sound to you. TEENpup's menu tries to be as easy to follow as possible. Puppy Linux has thousands of happy Users and the number is growing daily!
41 • @1 (by Adam Williamson on 2009-08-24 14:19:44 GMT from Canada)
Asking a site whose revenue comes entirely from advertising to adjust their configuration to make it easier for you to block their advertising is not likely to result in a very positive response. :) I use Adblock too, but I'm not cheeky enough to ask sites to help me do it...
42 • Puppy Linux and security issue (by linux_oid on 2009-08-24 14:26:33 GMT from United States)
Security issue itself is a concept of big one's - Windows and major Linux distros. The whole idea is that the box may be unsecured so you need constantly update the OS. Well, just in case.
Puppy creator did it differently. Puppy OS doesn't mount anything by default. You should take care about your files. If anything is compromised, it is Puppy OS. Just reinstall it.
The whole process - download, burn, install - can be done in about half hour.
43 • OpenSUSE 11.2-Milestone6 widely available (by Anonymous on 2009-08-24 14:49:41 GMT from Italy)
OpenSUSE 11.2-Milestone6 is available from http://software.opensuse.org/developer (officially?). Actually I wanted to write this 2 days ago, but I found the Reader Comments blocked.
44 • #40 (by Notorik on 2009-08-24 14:51:55 GMT from United States)
Finally, the truth! Well stated and you have an excellent Puplet as well which I have enjoyed.
Something to Ponder:
Don't you think if security was an issue that there would be reports from far and wide about the horrible things that have happened while running Puppy as root. I wish people would stop "parroting" these paranoid malcontents. You don't want to use Puppy for a business network without security, but for home use it is wonderful to use as your main operating system which I have done for years.
45 • KDE 4.3 (by Frank on 2009-08-24 15:16:36 GMT from United States)
Great Job Kde Team. I have installed kde 4.3 on my kubuntu machine and is working very, very GOOD!!! thank you so much to all the developer!!!
46 • A few replies (by Jesse on 2009-08-24 16:10:58 GMT from Anonymous Proxy)
@35: I agree, some people run Linux because it uses relatively few resources. One of the things I enjoy about reviewing light weight distros is seeing just how much I can get out of small space. Which is why I briefly mentioned running Puppy in a VM with less RAM, just to see if it would work. (It does.) Even running from a CD with 128MB of RAM, the system was okay.When running larger distros (Fedora and OpenSolaris) I've found they wouldn't run from their liveCDs with less than 512MB of RAM. More if any apps were to be run.
@40: I didn't say you "can't" install Puppy on your hard drive and use it every day. I said I didn't recommend it. I ran Puppy on my test machine for days, getting a feel for it and having fun, but I wouldn't run it on my regular work machine. If you want to run as root all the time, I'm not one to stop you. However, I think it's irresponsible to tell people to run as root on a distro that doesn't supply security updates. Puppy may not mount drives by default, but if someone does take over your system, they can manually mount any devices attached to your PC. For that reason, I don't recommend running Puppy day-to-day.
47 • #44 and things (by davemc on 2009-08-24 16:39:55 GMT from United States)
Heres something more to ponder -
1. If Windows nubs are taking the plunge into the Linux world using Puppy, and they get used to this notion that running as root is just fine and dandy, then this is what they will be accustomed to.
2. The fact is that 99% of the Linux world runs with at least sudo and definitely does integrate at least some security standards, its hard to fathom why Puppy totally disregards this. I am not disagreeing about the fact that many do go overboard on the security side of things and go postal about the whole issue though. Its a juggling act, and to totally disregard security is never good practice, and doing that is the same thing as running Windows and embracing the Windows way of doing things, which is NOT the Linux way of doing things.
48 • My views of PuppyOS. (by Paul Yearwood on 2009-08-24 16:44:10 GMT from United States)
I have a stack of Puppy CDs dating back to the 2.xx versions. I tried installing a few times but that is not what I have used it for in the past.
The small size of Puppy in the Old Days made it great for loading into memory. It has an option for that. Back in the 2.xx days, Puppy was only 80 Meg big. It could be loaded into the memory so you could use the CD-ROM for other jobs. It made my PII with 312 Meg RAM run like my Celeron 430 with 2 Gig RAM. Not something you can do with larger live systems like the Big U. You can also save files to the hard drive, USB, or even the same CD Puppy is on. Or you can run a system without a hard drive. Makes for a very secure system if the OS cannot be hacked.
I keep Puppy handy because it is a good recovery system. You can use it your hard drive dies. It can read any Windows or Linux file systems. Don't know if it can read OSX. I know there are specially designed rescue systems, but I find that Puppy loads quickly and has a format that I find easier to use.
I always liked the small size. The original goal was to keep it under 95 Meg. Seems strange to think of an Linux distro being called bloated at 100 Meg.
Paul
49 • puppy (by Anonymous on 2009-08-24 16:59:56 GMT from United States)
Excellent review of Puppy. My past experience has been better. Puppy has been a fun toy on a computer with hard drive cartridge system that enables me to remove my main OS and data.
The weight of opinion is that web surfing as root is unwise. The failure to highlight this security issue says something about the Puppy community. "Reviews" that don't mention this controversy lack credibility.
50 • re 17 and 23 (by corneliu on 2009-08-24 17:00:55 GMT from Canada)
I like the fact that Mandriva dumped kde 3.5 Mandriva will certainly allow you to install KDE 3.5 if you like. It's just that KDE 3.5 will not get support from Mandriva. I'm absolutely sure that unofficial versions of Mandriva with KDE 3.5 will appear, or at least you'll be able to add a third party repository that will allow you to install KDE 3.5 in Mandriva. So I think it is a good decision to focus all resources on KDE 4.3 rather than spreading the effort across multiple KDE versions. If removing support for KDE 3.5 is what it takes to have a good KDE 4.3 experience I'm all for it. If you still don't like the fact that Madriva does not officially include KDE 3.5 you can use PCLinuxOS. They still ship with KDE 3.5 and it appears they will stick with KDE 3.5 forever.
51 • Totally Puppy (by Lobster on 2009-08-24 17:48:37 GMT from United Kingdom)
Interesting review. Puppy works in a different way. Primarily designed for standalone desktops (not networked computers) Some security conscious Puppy users run from multi-session or CD without a hard drive using a USB to save data They are actually MORE secure than other distros.
about Puppy 4.2 (and 4.2.1) 'Deep Thought' http://tmxxine.com/dt/42.swf
Puppy security http://www.puppylinux.org/wiki/how-tos/general/security
Puppy 4.3 (Beta 2 to be released soon - next few days) http://distro.ibiblio.org/pub/linux/distributions/puppylinux/test/puppy-4.3beta1/release-4.3.htm
The Woof Build System - build a Puppy style distro from existing distros http://puppylinux.com/woof/index.html
Puppy Freedom http://tmxxine.com/free/
52 • Puppy derivatives2 (by ceti on 2009-08-24 17:48:58 GMT from Brazil)
@38
A very BIG thank you!!!
53 • New distributions pages layout... (by M. McNabb on 2009-08-24 17:56:09 GMT from United States)
Hey Ladislav,
I really like the new layout. The screenshots are a really nice addition!
Can I suggest that you add to the summary section, a line like "Package Management" Then you could put: deb, rpm, binary/source, etc like you have on the chart further down. I think that the package management system used in a distro is its most important characteristics, so it should be included in the summary.
Thanks for all your work!
54 • P.S. (by M. McNabb on 2009-08-24 18:06:16 GMT from United States)
Hi again :-)
One more suggestion for the distribution pages; maybe not for the summary section, but I was wondering if it would be possible to add to the chart, a description of the initiation method used? There seems to be a lot more activity here nowadays than in the past, with Mandriva, and Fedora and others working hard to cut down on bootup time with new methods, so maybe that would be fun to see how that is progressing with each distribution.
Here's a great example (though I don't know how they did it): CrunchBang Linux on my older Thinkpad X40 will boot to the desktop AND get the wireless up in less than 30 seconds!
That is so nice -- especially to show Windows users that I can check my email in less than a minute from boot while their harddrives are still grinding away booting and checking for updates on antivirus, critical updates, Acrobat, etc!
Cheers!
55 • Puppy Linux (by Jason on 2009-08-24 18:47:45 GMT from United States)
I think is a spot on distro for system restore or rescue like Parted Magic or System Rescue CD.
Grant it, there is a way to add GDM or SLiM but for an average user, that process can be daunting. i simply don't like the package management system but you can download tar.gz (slackware source) and install em from command line. If you dont know command line, then your only alternative is www.dotpups.de from a community made PETs and PUPs packages.
I learned a lot of command work and i had to run it... 2 of my computers died and i was left with a donated P2 350MHz with 384MB RAM. I distrohopped for a while about 2 yrs ago. Xubuntu just ate RAM and my 6GB HDD at the time. Zenwalk 5.2 was awesome but the same problem. I just didn't like DSL. Puppy flew on that machine... but i had to learn a lot of command lines, talking on puppy's forums, and troubleshooting. After all that, i have to say that i still use Puppy on Pin Drive. This was before i fould other distros like Wolvix Cub LXDE or PCLinuxOS LXDE Edition.. right now LXDE has just as much as XFCE but run a whole hell of a lot faster. for older machines i think Slackware or Arch is the way to go.
It is possible to have Puppy Linux running apps that you love but a lot of things need to change IMHO
its the package management system, a GUI logon screen (GDM or SLiM), GUI user management, and maybe a switch to LXDE would help puppy.
56 • Distro Page revised (by Davey on 2009-08-24 18:51:53 GMT from United States)
The pages look much better and easier to use now. I like how the "based on" info stands out now. Great job!
Just one suggestion: consider dropping the "related news" section, or at least limit it to news other than new releases. New releases are covered more usefully in the chart below, and the "new" box just makes getting there slower.
57 • Mandriva and KDE 3.5 (by Frederik Himpe on 2009-08-24 19:18:26 GMT from Belgium)
to comment #50: Mandriva is completely removing KDE 3.5, there will not be any option to install it anymore. The reason is that there is no time to keep it working. Read: http://neoclust.free.fr/blog/?p=38
to comment #23: (Most of) KDE 3.5 already was removed from the physical installation media in 2009.1 and 2009.0, so no space will be gained. It's still available in the online repositories though for these Mandriva releases.
You want to continue running KDE 3.5 on Mandriva? Then just continue running Mandriva 2009.1. If you still want to run KDE 3.5, you would really have no advantage in upgrading to 2010.0 anyway, even if it had KDE 3.5.
58 • Puppy 4.2.1 Review (by Bill Julian on 2009-08-24 19:44:37 GMT from United States)
I have followed Puppy through a series of releases from 4.0. It has features I find really attractive. I do think it is best run from the LiveCD in "persistent" mode. An HD installation can be done, but there is no particular point to it and as Jesse learned, the installer is - peculiar?
Equally peculiar is the wireless wizard. Wireless probably is going to work, but the configuration tool is clumsy. (I have used an Intel 3945 and an Intel 5100)
Running routinely as Root strikes me as an altogether bad idea. But in fairness to all the Puppies, there is a thread on the Puppy forum where this arrangement is discussed at length. That said, I cannot get comfortable with the idea and so I do not run Puppy.
59 • Puppy Linux and security? That's an oxymoron!!! (by anonymous coward on 2009-08-24 20:09:17 GMT from United States)
I brought up some point about security on their forum at one time questioning the balance between ease of use and security. Guess what? My question disappeared a day or two later. That was a couple of years ago. They can't be bothered with security concerns, I can't be bothered with them.
60 • Well, I need RAM (by Anonymous on 2009-08-24 20:31:06 GMT from Spain)
In my old (dead 1 year ago) pentium 3 128 ram, puppy was slow, specially with firefox opened.
In my new laptop 4 gb ram, mandriva,now I only have like 150 mb free memory, and sometines it swaps. I don't notice it sluggish though, but not fast light.
Anyway I don't believe in that superfast systems with few ram, sorry. When I was using my old pc, I found in forums more peaple asking for light linuxes for old pcs, as linux was sell it like the perfect os for those old pcs. And people complained about being slow.
I think that is a good point of windows, the windows it comes with your pc, it will run nice on it years later, you can install updates or not, or just in a few applications. I don't undestand why in linux for upgrading just an application, I need like a thousand libraries hence the whole distro, that it will need more resources.
You can see it with netbooks now. In forums people ask for an upgrade to 2 gb ram. Xp users normally say that they don't feel the difference, but recommend it for linux.
I'm not an expert, but in my experience with linux, I noticed like it needs more ram than cpu power.
By the way, this windows praise ;) doesn't fit to vista, horrible slow.
61 • KDE (by joej on 2009-08-24 21:16:24 GMT from United States)
KDE 3.5 is featured by several capable, user-friendly, stable distros. These developers have demonstrated their priorities and judgment.
I'm looking forward to at least one more year with one of these. Then I'll take another look around... but there will surely be some reluctance to take a serious look at those distros that ignored my preference in the past.
62 • puppy (by steve on 2009-08-24 21:26:07 GMT from United States)
"It's not a distribution I'd recommend installing on a hard disk or using as a day-to-day operating system or even connecting to the Internet."
funny, but i have been using puppy for a couple of years, installed to a hard disk, day-to-day, even connecting to the internet
[don't tell anyone, but i'm using it right now]
63 • Puppy & MSI Wind Wireless (by davo on 2009-08-24 21:32:26 GMT from Australia)
Re #11 Just fired up Puppy 4.21 on my MSI Wind 100+ Netbook, absolutely no problems setting up wireless and connecting so I don't know what went wrong your end fox.
I agree re the clutter on the desktop and some cryptic program names but I do think it is one of the best distros out there. Looking forward to 4.3
64 • Tiling WMs (by Ian on 2009-08-24 21:49:34 GMT from United States)
About two months ago I decided to try using a tiling window manager. I had been using Openbox (which is very nice) for several months after becoming disillusioned with KDE4 (slow, buggy..even the 'shininess' became annoying after a while).
While I would still recommend Openbox as a good lightweight 'traditional' wm, I quickly grew to love the tiling wm (Awesome, in my case -- I chose this particular wm because when you install Awesome 3 in Ubuntu 9.10 it automatically sets up your menus and system tray, etc.) and now I don't want to go back!
I'd recommend a tiling wm to anyone who uses, or would like to learn to use, the command line a lot; people who like coding and/or web programming; writers who like to input text while referring to another source of information (perhaps a PDF or webpage), and anyone who just wants to get on with their work.
Tiling wm's are especially appropriate if you have a large, widescreen monitor or (even better) two or more monitors to spread your apps over. Awesome is easy to learn (just print out the man page until you learn all the bindings) and extremely fast. Like other tiling wm's, it emphasizes use of the keyboard as much as is practical, but in no way precludes mouse usage. It is also easy to switch from tiling mode to full screen mode as the need arises. NOTE: I have not modified the config files and neither have I felt the need to.
Just like touch typing vs. hunt-and-peck, you'll probably be slowed down initially while in the learning phase, but in short order you'll find that it is much the more efficient way. In short, I think that tiling wm's should not remain the exclusive province of elite gurus, but should be at least investigated by regular computer users (of which group I would count myself a member).
The reason I write all this is because it would be great if someone produced a distro that used a tiling wm as default (there is no such distro at present as far as I know), that was already configured out of the box (for example toolbars, startup apps, wallpaper, etc).
I think it's a shame that there is so much duplication of effort as far as the multiplicity of distros goes, whilst here is a genuine niche that remains to be exploited! I'd be interested to know what other people on Distrowatch think about this.
Happy computing!
65 • No subject (by xclone on 2009-08-24 23:02:03 GMT from Germany)
I always thought RAM is meant to be used in order to!? Here are real people who are thinking like 10 years ago.
66 • Puppy Linux scares me (by Bill Gates at 2009-08-25 00:26:47 GMT from Australia)
Puppy Linux is all I ever wanted Windows 7 to be but don't tell anyone? I am a secret Puppy Linux user.........Again don't tell anyone.
No really your will either fall in Love with Puppy Linux or return to Ubuntu, Mandriva, etc etc. It's your choice...
67 • Puppy (by Notorik on 2009-08-25 00:51:07 GMT from United States)
I have repeatedly implored people not to listen to the paranoid loonies who go on and on about mostly imaginary security issues. They babble on endlessly about all the highly improbable, hypothetical, scenarios. I think most people don't really know so they adopt a "better safe than sorry" attitude. At some point someone is going to point out that there is a little truth there and the rest is all poppycock. There is (comparatively) no security risk running Puppy on a diskless, stand alone, machine. I also think a lot of people just come on here and "parrot" what they have heard their favorite "guru" say. Just do a little reading and come to your own conclusions. Where are all the Puppy users who have had security related disasters? Think please! Really, where are they?
68 • Addition of screenshots to distribution pages (by Gavin at 2009-08-25 01:11:29 GMT from Australia)
Thanks Chris/Ladislav,
Adding the screenshots to the distribution pages is a great idea - well done!
:-) g
69 • security (by Sean on 2009-08-25 01:19:21 GMT from United States)
I'm hoping that those of you new or not so new to linux (or any OS) will not put your security concerns out of your priorities by being called "paranoid loonies" or that your concerns are "poppycock."
Visit a port scanning page with your OS of concern and follow directions. Most are free. Here's one we use at our facility:
http://www.grc.com/x/ne.dll?rh1dkyd2
Go to the parent page there for additional info, the link is to a free scanning page.
Hang in there; there are little bullies here and in other online forums who seem to need to attempt to make others feel dumb or whatever. Just check out your OS of choice, use a firewall, be diligent and yes, "safe rather than sorry." The internet is rife with identity and data thieves. It really is.
70 • @69 (by Notorik on 2009-08-25 02:29:33 GMT from United States)
I have no quarrel with you sir (or madam). I am not trying to make anyone feel "dumb". I also don't see how I am being a "bully" (assuming you were referring to me). I am simply expressing my point of view which I believe to be correct. I understand that this is probably not a popular point of view but that does not mean it is incorrect.
People should be aware of security issues and take some simple precautions to protect themselves and yes, by all means use a firewall. What I don't like is this idea that if you run as root the world will end. It will not.
You disagree with me so you have characterized me as being rude. Did you do this so that you would appear to be the benevolent and wise voice of reason? I do believe that most people reading this will agree with you "just to be on the safe side" so it really doesn't matter what I say.
Once again, where are all the Puppy disasters? By the way I visited your link and learned nothing. Are you sure you posted the right one?
71 • KDE4.2.2 & Gnome on Fedora 11 (by VernDog on 2009-08-25 02:41:06 GMT from United States)
I finally got Fedora 11 running on a KDE4 install. I had the dvd and knew it was in there somewhere. I have Ubuntu jaunty & karmic testing installed. A week or so ago I got Fedora 11 Gnome installed. It took a while to get use to rpm and how Fedora does things. Not better than Ubuntu, just different. In fact if you think about it, most things are just different. Granted, we prefer one thing over another, but give something new a chance. In walks in KDE4. I was expecting the worse, from what I've read here an abroad. Not so. I'm a Gnome user from way back, but this new KDE is just stunningly beautiful. At least that's my first impression.
Another thing is I was expecting a long slow boot up. Not so. I'm running what's now considered to be a slow machine - P4, 2.3Ghz, 2 gb ram, integrated Intel chip-I was expecting the worst from that Intel chip than anything else. BUT, from my already experience with using Fedora 11 Gnome, no problem! None! nada!
It did take me twenty minutes to finally fire up a terminal :) Hey, I'm not use to that desktop.
It appears to me that people want to divide themselves into one of two or more camps. I've been guilty of that myself. I just wanted to try KDE4 and decide for myself. Right now KDE4 has that new car smell to it. I need to take it home and see how it performs on the freeway, in city traffic, if you know what I mean.
My first intro of KDE4 was PC-BSD. I couldn't help but notice how solid that setup was, and made a note to self that I will have to someday get back there again.
Someone made a reference recently about Microsoft is good at copying other peoples work and KDE4 is maybe what inspired Windows 7. If that's somewhat true , I can see why .
72 • Security (by Caitlyn Martin on 2009-08-25 02:52:58 GMT from United States)
Yes, I've made a good part of my living doing security on *nix, including 15 months for the U.S government. I'm sure by some people's standards I'm a loonie spreading poppycock. I'll be equally blunt: anyone who tells you that running as root online without a password isn't risky is an idiot. It doesn't matter what distro you are running. You can create a user account with a password on Puppy no matter how you run it. If you don't take a minute to do it that is your choice, not the distributor's fault.
Sure... you can go years without a problem. It's called security by obscurity. Companies do it all the time. So do individual users. Just because your system is wide open and anyone who wants to can get in and do whatever they want doesn't mean they will. It also doesn't mean they won't.
By all means, go ahead, be an idiot if you want. Don't let me stop you. I'm a self-admitted security paranoid. I make money when people are idiots. They then hire me to clean up the mess. It's absolutely brilliant. Please encourage your employers to follow your example. I can use the income. I could tell you horror stories, all true, but only by violating the confidentiality of my clients or perhaps an NDA or two. Nobody advertises their security problems or wants them advertised.
After cleaning up after security incidents one time to many and after seeing the consequences one time too many I'll happily be a paranoid. If you want to play security roulette by all means go ahead and take stupid risks. Be my guest.
73 • RAM (by Anonymous on 2009-08-25 03:07:35 GMT from United States)
The more RAM the better even if you don't think you (or someone else) would need it now. I don't think it's good advice to simply say something like "512MB is enough".
It's definitely not enough to run the following typical desktop session smoothly: Firefox with multiple pages and tabs w/ some Flash w/ some Javascript + Acrobat Reader + Open Office + GIMP all open
74 • @70 (by Nobody Important on 2009-08-25 03:27:24 GMT from United States)
"Where are the Puppy disasters?"
Think about this for a moment.
Someone walks right into your Puppy installation. there would be no notice on your part - maybe a slow internet speed. It's like when someone is ssh-ing into your computer while you're on it. Unless you actively see or try to find them doing so, then you will not notice.
Your argument, Notorik, is much like of a fisherman who goes out to sea with nothing but a boat and his fishing rod, even though he has been told there are pirates out in the waters - heck, he can see them from the shore.
"No, no," says the fisherman. "There's nothing out there; I'll be just fine. No one else has ever gotten robbed by the pirates."
Would it cost him anything to bring along a weapon, or at least some way to protect his catch for the day? Perhaps a bit of his time. But the risk outweighs the burden.
If you think there aren't people out there trying to figure out a way to find your credit card information, you're wrong. Goodness, even if they don't find anything of merit on your computer, they can still turn the hacked box into part of a botnet for attacking other, more rewarding targets.
And you will be none the wiser.
Think it's hard? Go ahead; ssh into a box you're running a desktop on. Nothing will appear; no window or indication. It's as if you were almost invisible to yourself.
This is why you will never hear about attacks on Puppy Linux installations.
75 • Re 73: (by Sertse on 2009-08-25 03:55:05 GMT from Australia)
I've always wondered in these scenarios. Who the heck running all of those at once at the same time?
Ok perhaps...., I am researching for my paper where I went to some flash using website, and needed to open a pdf document that is on the website.
Fluxbox/Openbox/LXDE/Tiling/...even a tweaked Xfce (mix and match components rather taking the whole default thing) can do it on 512 with few issues. I'm doing it on my computer atm.
In that scenario Acrobat is prob the main killer... evince or epdfview would do it nicely, but I don't know if there is some thing Acrobat only has that you need, I don't.
76 • Puppy user account (by Anonymous on 2009-08-25 04:34:36 GMT from United States)
Can a usable Puppy user account can be set up in a minute!(?) Is that true? A real user account with capabilities a web surfer often wants to have?
Is there even a 5 minute process that sets up printing, access to USB storage, configured browser with noscript, etc? In the past, there were reports that a Puppy user account with typical user privileges was difficult to establish. Spot didn't do it. Derivatives didn't do it.
Could this user account be part of a persistent image that Puppy saves?
If Puppy users can so easily have basically the same security as a typical Linux distro, the criticism of Puppy security becomes far less important.
77 • Security + KDE 3 and Resources (by Landor on 2009-08-25 04:57:03 GMT from Canada)
Here's a better analogy, and everyone here prefers to use cars a lot. You go on a 5000 mile/k road trip with tires that you know are not the best to be on the road with. Meanwhile you leave the spare behind because you've never had a flat, and think of the extra trunk space. Usually, that's when Murphy's Law kicks in.
From time to time I get the odd older computer handed off to me as people know I donate them. Usually I put a KDE3 based distribution on them. There's two reasons for this, it's fairly decent on resources and the closest to what people have become accustomed to with Windows.
Right now I'm on a 3 ghz amd quad, 8 gig of ram (though this Ubuntu install I'm currently using is 32bit) and I prefer KDE3 for a simple reason, I want my resources available to me, not to my desktop, eye candy, services, etc.
In fact right now I'm working on another Debian install on the Lenovo Lappy. In the end I'm going to be running Openbox on it, tweaked (via a usb stick, I love them) without any LXDE components, but a bit of eye candy, in a sense, a low resource dock, no panel. I'll still have some resource hungry apps, but that's what I want my resources available for.
Anyway, if I get to like it enough, it might replace KDE3 for my own personal systems at the least.
Oh, RE: 71
I can't say enough about the Fedora 11 release. As I said last time, very clean, but also very fast and snappy. It was the Gnome install that I was so taken by as well. I like to use Fedora for a benchmark for my hardware too. A couple of my systems are fairly recent builds, wireless n, etc, and I can always go to the latest Fedora release to see how well the drivers for the hardware I'm using has matured.
I'm looking forward to the FreeBSD 8 release too. I want to see how the hardware recognition/configuration has matured based on my specs compared to how it has for Linux. It's really just so polished and very smooth too, of course.
Keep your stick on the ice...
Landor
78 • #76: User accounts in Linux (by Caitlyn Martin on 2009-08-25 05:08:15 GMT from United States)
I'm going to speak about Linux (and UNIX as well) rather than Puppy, which I don't use:
Setting up a user account in ANY Linux distribution at the command line with the adduser script takes less than a minute. I have yet to see a distro that removed this script.
Some of the things you mention have *nothing* to do with an individual user account but rather how permissions are setup on a system. Configuring a browser is a function of the browser, not user accounts. Setting up a printer is a matter of configuring CUPS (or perhaps lpr or lprng if anyone still uses those) and has nothing to do with individual user accounts. Access to USB storage, again, is a matter of how udev rules are configured, not the user account. If the user belongs to the correct groups this should be transparent. You are mixing apples and oranges when you talk about these items as part of setting up a user account.
The discussion of Puppy security is still relevant. Again, I don't run the distro but I am going to assume that Jesse Smith was 100% accurate in the review this week for the sake of discussion. If a distro, any distro, fails to deliver security patches it leaves known vulnerabilities open and becomes insecure. The review states that Puppy fails in this area.
Many live CDs don't run as root but rather use an unprivileged account. Even Damn Small Linux does that. IMNSHO it is just plain poor design to run as root and pretty much unforgivable to do it without a password. That applies to a number of live CD distros, not just Puppy. It is certainly valid to state that a distro that does this is horribly insecure out of the virtual box in default configuration.
Since I don't run Puppy I have no clue what can or can't be saved in terms of settings. However, a number of other mini live CD distros can save configuration information like that. Slax immediately comes to mind.
So... I can't answer your question in a way that's specific to Puppy. I just don't know. OTOH, if a mini live distro doesn't do what you want there are others that do. It can and should be a consideration when choosing a distro like this.
79 • Real Puppy (by Lobster on 2009-08-25 05:36:58 GMT from United Kingdom)
Puppy Black Ops - Pre-emptive security initiative http://murga-linux.com/puppy/viewtopic.php?t=37317
Secure Sockets Layer for Puppy http://puppylinux.org/wikka/OpenSSL
adding password to Puppy http://murga-linux.com/puppy/viewtopic.php?p=138053#138053
something for the tin-foil hat wearers http://www.zdnetasia.com/news/security/0,39044215,62056937,00.htm
Good news for everyone on the Puppy Forum http://murga-linux.com/puppy/viewtopic.php?p=209484#209484
80 • Re: 75 (by Anonymous on 2009-08-25 06:13:54 GMT from United States)
I do. And I think a lot more people do who expect to use their computers without constantly trying to be frugal.
Firefox alone with many pages open will still consume a lot of memory. The typical user or even many advanced users I know will use either GNOME or KDE so you can add 80-100MB of memory usage over something like XFCE.
Still, I don't see why it's strange to think people would have those apps open and switch between them. Why would someone close Firefox just to open OpenOffice? What if they need to create or edit some graphics to incorporate into their documents? Why should they have to close something else just to use GIMP? And if they're making a podcast or some audio presentation to go along with the documents, they would also open up something like Audacity as well.
And I use Acrobat Reader over evince for a couple reasons: with certain PDFs, it's extremely slow (like orders of magnitude slower; really an issue with pdf2ps), Acrobat has a "snapshot" feature allowing you to select an arbitrary rectangular area for copying or directly printing, Acrobat also supports certain encryption and authentication features some PDFs use.
81 • re 57 • Mandriva and KDE 3.5 (by fred ham on 2009-08-25 06:44:09 GMT from Seychelles)
to 57 • Mandriva and KDE 3.5
http://neoclust.free.fr/blog/?p=38
no manpower to maintain KDE 3.5, may be they shouldditch Gnome consider the xbuntus are doing a excellent job on Gnome, but a really bad job of doing KDE in Kubuntu as their implimentation is just not good enough, and we got a very similar treatment in Fedora and consider not very long ago Mandriva was primary a KDE distro, may be we should go back to its root.
PClinuxos is using KDE 3.5 ;perhaps me and many other is goign to switch over, and I think SuSe can also be use wiht KDE 3.5, here another distro to switch to.
82 • Puppy Security (by James c on 2009-08-25 07:04:40 GMT from United States)
I use Puppy 4.20 for my primary OS while I rarely even boot into my installs of Windows 7 or Vista Ultimate. I feel safer on the net in Puppy, running as root, than using Windows with the requisite anti-virus, anti-spyware, Flash blockers, etc.. To each his own........
83 • @ Caitlyn (by Anonymous on 2009-08-25 07:47:18 GMT from United States)
Just because you have more experience than someone else does not give you a license to be condescending to them and act like an elitist jerk. Doesn't the open source community have enough of that attitude from Mr. Torvalds and Mr. DeRaat? Please learn to communicate your ideas without being derogatory towards the individual you are trying to educate.
84 • Putting the fun back into computing.. (by forest on 2009-08-25 08:21:41 GMT from United Kingdom)
Little known facts about Penguins
Did you ever wonder why you never see dead penguins on the ice in Antarctica? Ever wonder where they go? Wonder no more. It is a known fact that the penguin is a very ritualistic bird which lives an extremely ordered and complex life. The penguins have a very strong community bond. They are very committed to their family and will mate for life. They also maintain a form of compassionate contact with their offspring throughout its life.
If a penguin is found dead on the ice surface, other members of the family and social circle have been known to dig holes in the ice, using their vestigial wings and beaks, until the hole is deep enough for the dead bird to be rolled into and buried The male penguins then gather in a circle around the freshly-dug grave and sing....
"Freeze a jolly good fellow..."
85 • @84 Forest+Puppy Review+Puppy Comments (by D1Knight on 2009-08-25 08:57:48 GMT from United States)
@84 Forest-Good one, just what the doctor ordered, a little more humor in this Comment Section.
@Puppy Review- Excellent job giving the good, the bad & ugly. I feel more informed about this distro. I guess I'll have to put on the brakes for giving it spin, until there is a "by default" better security setup in place.
@Puppy Comments-Thank you to everyone for the "heads up", especially the informative warnings.
My 2 cents-As far as what distro anybody uses, as long as it works good for you (no major security issues) that is the main thing. Besides were all part of the Linux/BSD community, right!? Peace.
86 • Distro pages need this more! (by DP on 2009-08-25 10:13:46 GMT from United States)
You should put date stamps next to the review links. Or sort them chronologically. For the distros popular enough to have public reviews of alphas and betas it is nice to be able to find reviews of the latest alpha/beta. At the moment is is sorted by major version number only, and out of order.
87 • Puppy Security (by Craftybear on 2009-08-25 11:12:53 GMT from Australia)
Call me ignorant, foolish, deluded, whatever ... I'm afraid I just don't understand the paranoia about running as root!
My understanding is that Puppy comes with an inbuilt firewall that is ON by default - end of the ssh intrusion? I do know that Puppy's default installation tests as all ports closed on several sites designed to locate holes in the security blanket (Linus blanket? Ha! Sometimes I kill me!).
My understanding is that the underlying Puppy OS is contained in a read-only squash file - end of the OS hijack? Sure you can take over the OS in RAM, but a simple reboot without the save file (puppy pfix=ram at boot) and voila! No more infection.
My understanding is that even surfing the web as root, with no firewall running, will do no serious harm to the average puppy system UNLESS you insist on visiting dangerous sites and saving the trash they supply - end of the foolish Puppy user? Of course you would have to turn Puppy's firewall OFF to do that, and what idiot would take such and action before ... say ... doing their Internet banking for example?
Bottom line? Normal Distros running as root = bad. Puppy Linux running as root = hmmm ... could it really be THAT easy?
Please people, try to avoid Groupthink at all costs. If you have a mind, please put it to good use and investigate before jumping aboard the bandwagon.
Caitlyn freely admits she has a vested interest in you remaining paranoid! It's how she makes her living! I doubt she has EVER bothered to investigate the underlying structure of the OS she is criticising, much less install it and use it! If everyone used Puppy, she'd be out of a job! Sheesh!
Ok, before I get burned in the holocaustic reaction to this post, let me say that I do NOT advocate Puppy Linux for daily mission-critical work. It's horses for courses in my book. I use Linux Mintu (my pun) for the heavy stuff, but I spend more than 95% of my time in Puppy without a care in the world. I guess that makes me ... um .... you fill in the blanks.
BTW, Caitlyn, you should know that Puppy delivers new releases more frequently than many of the bigger distros release patches. Which is more secure? Which is easier for users to accept and manage? Puppy releases installed frugally can be updated quicker, including download time, than most people can download the latest *buntu, slack* etc patches and install them. New OS, data files in tact and data available. Easy as .... um .... petting a Puppy? :)
88 • Security and Puppy (by Xtyn on 2009-08-25 11:16:23 GMT from Romania)
I have used many distros over time. I have used Puppy, it's a great distro. I believe it's the best lightweight user-friendly distro out there. I even tried it on a AMD K6-2 at 350 MHz and 64 MB RAM. It worked great.
Am I an idiot because I have used Puppy? I don't think so. I don't think that Puppy users are idiots, although Caitlyn Martin seems to think that. There are a lot of small projects which don't have very good security. Are the users of those distros idiots? Again, I don't think so.
Desktop distros don't need to be as secure as server distros or as enterprise distros. Would I recommend Puppy for sensitive stuff? No way. Puppy is for casual computing, like surfing the net, watching a movie, listening to some music, writing some documents.
Every computer user NEEDS to have his important data in more than one place in case the HDD crashes. If you have sensitive stuff on your computer, encrypt it and keep it somewhere safe.
If someone did hack my Puppy, what could he have done to affect me? Nothing, really. I have all my important stuff on DVD's and on an external HDD. I have nothing sensitive or intimate on my computer (or anywhere for that matter).
I believe Puppy is safer than windblows. Most people use windblows, even with their sensitive data. For the paranoid, even CentOS isn't safe enough. The paranoid should use openBSD, or better yet, stay away from computers, that's really safe.
Yeah, we all have highly classified government information on our computers.
89 • #72 (by Notorik on 2009-08-25 11:52:29 GMT from United States)
Lol, that was a bit harsh but I am not easily offended. Most of us know you don't like Puppy for whatever reason (won't even put it in your machine). I simply disagree with your conclusions.
#85 I'm sorry to hear that you are going to give in to all the "fear mongering". You are missing out on one of the best little distros out there. You should be aware that some people use security issues to cloak political and/or personal agendas. Some of them have gone so far as to state on Distrowatch that they are incapable of reviewing or using certain distros based on their agendas. So my point is that when someone presents themselves as an I.T. professional be forewarned; listen, but listen with some healthy skepticism. Please have a look at Puppy's ranking on the Distrowatch home page and ask yourself if all those people are wrong? I guess they must all be "idiots" counting on "obscurity" to protect them. Yes, they must be incredibly lucky, thousands of them, running Puppy every day...if you run Puppy the way I suggested you will have no trouble. If you really just can't bring yourself to do it, then try AntiX or Wolvix Cub. Both are very secure, wonderful, small distros. I can't recommend DSL because it is outdated and presumably dead.
Well anyway, now that both sides of the subject have now been presented with "dynamic clarity" I won't belabor the point. So, moving on now...
@84
Interesting. Is that true? I just watched a documentary called The March of the Penguins and it seems I recall that they live a really horrible existence where they make this long trek from the sea inland to a big empty spot in the middle of nowhere and most of them eventually just fall over at some point and freeze to death or get eaten by sea lions.
90 • Computer security (by ladislav on 2009-08-25 12:20:05 GMT from Taiwan)
Notorik, can you please do me a favour and drop the subject? I think we've heard enough of your opinion on computer security (some of which gave me goose bumps, to be honest). Since you are unlikely to change your opinion (or even listen to the opinion of others), there is no point in continuing to argue.
The way you run your computer is your own business. But for the sake of other readers, please stop defending poor or non-existent computer security practices on this web site (or anywhere else for that matter). It's totally irresponsible.
91 • #90 (by Notorik on 2009-08-25 12:26:12 GMT from United States)
It is your website sir, so I will disagree with your terse misguided remark but I will humbly acquiesce.
92 • security and Puppy (by Andy Axnot on 2009-08-25 13:10:46 GMT from United States)
OK, I'm intrigued now.
I find it hard to argue with Notorik's assertion that "There is (comparatively) no security risk running Puppy on a diskless, stand alone, machine." (#67)
Most of us don't run such machines however.
Lobster (a Puppy enthusiast) has posted some links re enhancing Puppy security.
Maybe this would make a good article for an upcoming Distrowatch Weekly: just **exactly** are the security risks of running something like Puppy as it comes 'out of the box'. Certainly quite a few people here seem to think it's safe enough, though most don't agree. Me, I don't know enough to say.
If you don't have a hard drive in the machine, no sensitive info, is it safe? Does Puppy pass the scan tests at GRC? Is there a firewall? How about other live CDs?
Maybe we need some real and detailed info rather than cutting off discussion.
Andy
93 • computer security (by jack on 2009-08-25 13:11:48 GMT from Canada)
We have had statements that one can ssh into a desk top with no visible sign that it has happened. We have also had statements that a firewall will prevent this. What we have NOT had is any type of "chapter and verse" references. depressing. I believe that there are graduate computer courses on "security", with articles in academic journals and even books. All of which would have either been "peer 'reviewed or subject to academic critical reviews.
So discontinuing this topic will allow us to proceed happily in "cloud cuckoo-land"
94 • Security (by Jesse on 2009-08-25 13:43:13 GMT from Canada)
For what it's worth, a computer that doesn't connect to the net, does not have a hard drive and is not used for sensitive information is pretty secure. I mean, there's not much there to hack. But no one here uses that kind of machine (if you did, you couldn't be reading this).
I guess each person needs to make their own choice about how concerned they are about security. I admit that, like Ms Martin, I get more work when people don't secure their systems. That might colour my judgment on the topic.
I can't provide verifable chapter and verse evidence, but I have seen Linux machines, that were patched up to date, hacked without the knowledge of the user. They had a firewall, they had services on non-default ports and there was very little evidence the hack had taken place. I don't see it often, but it happens.
In the end, my best advice is to keep regular backups. Any networked machine can be hacked, the question is, what would you do if it happened to your computer? It might never happen, but a little preperation is well worth the effort in my opinion.
95 • RE: 92, 93 (by ladislav on 2009-08-25 13:44:03 GMT from Taiwan)
It's OK to continue the discussion on security. All I want is to stop people who already presented the same arguments several times during the past couple of weeks from posting it again and again. Especially if those arguments reveal complete ignorance of even the most basic principles of computer security.
96 • No subject (by forest on 2009-08-25 13:57:39 GMT from United Kingdom)
Without mentioning the "s" word, surely folk have worked out by now that to be almost "totally" s----- is simplicity itself.
This wheeze works only if you have "spare" hardware btw, and can be arsed to do the cobbling (cobbling = work in UK slang btw).
To continue: take one PC and either remove the hard drive completely or disconnect so it has no more function than a paperweight.
Connect via usb or e.sata, your choice, an external hard drive. Said hard drive should be reserved solely for this experiment...prolonged series of similar experiments...
Plug in a usb stick with your favourite flavour of Puppy.
Remove all other connections from your firewalled router.
Fire up PC with Puppy and establish an internet connection, and, you are able to save to said ext h/d.
Surf "wotever" takes your fancy...job done.
I presume you will see where I am heading on this?
Any nasties on the h/d stay on the h/d. The usb can be tricked up for no permanent memory AFAIK.
I suppose you might have a potential for attack on the BIOS, but has anyone ever experienced this? I have not seen any reference about this topic in DWW, but, see here:
http://threatpost.com/blogs/researchers-unveil-persistent-bios-attack-methods
Before you/me/we persuade ourselves all is safe in the GNULinux/BSD garden, there is a remark about OpenBSD...
Your main online work would of course be accomplished on your usual protected machine, with your home network replugged.
Please feel free to pick any holes, it's all good science, LOL.
97 • No subject (by forest on 2009-08-25 14:14:55 GMT from United Kingdom)
Ref #96
oops should have included this nugget...
More on the subject, featuring the Ortega guy:
http://whatis.techtarget.com/definition/bios-attack.html
I believe this reinforces the point made by folk who know what they are on about and have said repeatedly...running in root is NOT a good idea.
98 • Hoho (by Nobody Important on 2009-08-25 15:01:14 GMT from United States)
So, Notorik's idea is that Puppy Linux is a read-only operating system, and is reinstalled everytime it is booted, right?
Puppy Linux, when running, is still a read/write media. While you cannot actively delete the CD media (which can be ejected, mind you), you can delete files from the copy that resides in your RAM. Don't believe me? Boot up Puppy and start deleting things. You may get some error messages, but as root, you have little to no issues doing so from the terminal.
Now, while the idea of a computer without any saved files is a nice one, I cannot say I'd ever be able to use one effectively. I'm sure that anyone using Puppy has a saved file around somewhere that holds their settings for them for Wi-Fi or screen resolution.
Saved files can mean that you get hijacked once, and then you get hijacked again and again. So if you have sort of storage media being used for Puppy, you automatically lose any security benefits that Puppy would entail. in the end, a Puppy with a save file is like any old operating system, and the security risks are just as valid and crucial.
99 • @80 (by Adam Williamson on 2009-08-25 15:39:41 GMT from Canada)
"The typical user or even many advanced users I know will use either GNOME or KDE so you can add 80-100MB of memory usage over something like XFCE."
Last time I compared them (Mandriva 2009), a stock Mandriva GNOME session used 10MB _less_ RAM than a stock Mandriva Xfce session. Xfce is not a low-resource desktop any more. You want LXDE for that.
100 • @81 (by Adam Williamson on 2009-08-25 15:41:49 GMT from Canada)
It's been a long long time since MDV was 'primarily a KDE distro'. The whole time I used / worked for MDK/MDV - from 2001 or so up to this year - it's been desktop-agnostic. GNOME has had equal status with KDE for all that time.
101 • Secure Puppy (by LinuxUser7 on 2009-08-25 15:44:11 GMT from Macedonia)
"Now, while the idea of a computer without any saved files is a nice one, I cannot say I'd ever be able to use one effectively. I'm sure that anyone using Puppy has a saved file around somewhere that holds their settings for them for Wi-Fi or screen resolution."
There's no need for a save file if you do a custom remaster (all your hardware-specific settings will be saved to the CD)
102 • No HoHO (by Rex on 2009-08-25 16:21:54 GMT from United States)
When I was on about this topic, I never claimed that computers don't get hacked. Nor did I imagine that it was possible to guard any material sent out of the computer, into the net, whether encrypted or not. Nor did I desire to run as root all the time; Puppy has never been my Distro of choice. However I did maintain to a large extent, not that running a live cd made me invisible or that someone could not "see" what I was doing on the computer during the live session, but I did imagine that I would see evidence of bad things happening if the "hacker" tried to actively alter my HD and I really did imagine that that I would see evidence of their local activity as well, as naive as that seems to me presently. Now I see all that view as really naive. Now I am incredibly paranoid, to say the least, because no one can prove a negative fact, only a positive. The negative fact would be that no one has hacked your computer. But this can never be proven as a positive fact, because no one has all knowledge, and therefore, the greatest expert in the world cannot know "what it is that they don't know or understand" and so therefore it may always be the case that someone may have discovered a way to compromise every computer in the world with no signs of their accomplishment manifested by any "publicly known' technical tool. Now I know that the risk potential is always 100% no matter what precautions one takes. This is exactly the risk that ones life may be forfeit at any moment , only with my life I at least know an attack has emerged or else I am dead and so no longer embarrassed by an attack. But with a computer, I can never ever be sure. Never. I was much happier I think, being naive. A rather paranoid naive to be sure (hardly ever used a browser unless it was sandboxed, use an AV etc.) But naive none the less.
103 • Security again... (by Landor on 2009-08-25 18:30:03 GMT from Canada)
One thing I encourage anyone and everyone using a computer (especially a mobile device) is to encrypt their hard drives/partitions. This has to be one of thee most common sense things you can do to help protect your information.
What I find astonishing is that only now people using encryption is really starting to evolve.
When I do an install, depending on the layout of course, the very basic is a three partition install, Boot/System/Home. Boot I leave unencrypted but the other two are always encrypted. To me it just makes sense, even more so if someone was using a mobile device.
Another thing, and any really good admin will tell you the same thing (any admin should do this or they're not really good) sign up for security alerts/bug fixes. Make sure you are "aware" of the potential problems and the fixes available for such. Not just from your distribution's mailing list or other medium. There are lists available just for this purpose. The Open Source Vulnerability Database (OSVDB http://osvdb.org) comes to mind first, and you can choose which programs (ones that you use) vulnerabilities you receive alerts about.
HTH someone, somehow...
Keep your stick on the ice...
Landor
104 • Re:103 Good Advice (by Eddie Wilson on 2009-08-25 18:54:55 GMT from United States)
Sound advice on the encryption of hard drives. The three partition install has always given me problems in that I have trouble figuring out the correct partition size for my needs. I'm always shortchanging someone.
105 • Firewalls; isolated systems; harsh language (by Caitlyn Martin on 2009-08-25 18:55:15 GMT from United States)
#87: @Craftybear: A firewall blocks access on certain ports but leaves others open for legitimate access. For example, if a firewall blocked everything you couldn't get a response from a web site. So long as a port is open and it is one where your system will responds I can waltz right in if you're logged in as root without a password. A firewall does not protect against that.
I should also note than firewalls aren't perfect. Now and again there are vulnerabilities in firewalls. Not running as root and using a password are the first steps in Security 101. They are the minimum every user should do.
#94: @Jesse: You are absolutely correct that an isolated machine not on any network is secure from attack no matter what. The only time someone could access the machine who shouldn't is if they have physical access to the box. How many people run their systems routinely that way?
#83: I have discussed this topic politely on numerous previous occasions. Sometimes a virtual slap to the head is needed when really horrible advice is being repeated over and over and over again. I felt this was such a time. You have the right to disagree, to dislike me, to call me elitist for doing it, etc... However, in this rare case I do think it was called for and I won't apologize for writing it.
Condescending? Yep, it sure was. Sometimes that is the only way to wake people up and stop the blind from leading the blind.
106 • #103: Excellent advice, frequent releases (by Caitlyn Martin on 2009-08-25 19:16:24 GMT from United States)
For the second week running Landor is giving excellent advice when it comes to security.
OSVDB is one good source for keeping up on vulnerabilities. Another is the Common Vulnerabilities and Exposures database/website at mitre.org. See: http://cve.mitre.org/ That site also links to the U.S. National Cyber Alert System (US-CERT) run by the Department of Homeland Security. See: http://www.us-cert.gov/cas/alldocs.html
If you keep up with these sites you will know if your distro is doing a good job of issuing patches on a timely basis. Also, if you decide for whatever reason to run a distro that doesn't do security patches or do them well you have the option of going upstream for code and resolving the problems yourself. This may defeat your distro's package management system but at least your system will be secure.
With regard to encrypted filesystems, again, it's an excellent idea. The only issue is that there is some overhead involved. If you're using old, slow equipment then encryption will slow it down further. You will have to make a decision if the performance hit is worth it or not. I'll also point out that many mini distros don't support encrypted filesystems.
#87: Frequent releases are no substitute for security patches. If a distro releases every couple of weeks you still have up to two weeks with a known vulnerability that can be exploited.
ALL: I never called Puppy Linux users idiots nor do I think that is true. I made clear that any Linux distro can be secured. What I said was directed at people who try to convince others that running as root without a password has no risk.
107 • Puppy Linux (by imnotrich on 2009-08-25 19:30:29 GMT from Mexico)
I've been using Puppy for several years now, have experimented with versions 1-4 and am currently running 4.1.1
I've used Puppy to rescue files from many a dead Windows install. I've run Puppy from the live cd. I've run Puppy as a hard drive install. I've run puppy as an .sfs (save) file using the live cd to "wake up" the installation, and then removing the live cd to free up the drive.
Overall, I've got to say it's amazing, superfast distro though my perception is when the community took over the day to day stuff from Barry K. they lost sight of the "just works" goal and went more with the Debian model, ie stuff doesn't work without lots of tinkering.
Wireless connectivity even in the most current versions continues to be an exercise in frustration, I could not get Puppy to work with my very common Realtek 8185 b/g extensible onboard card in WPA2-tKIP+AES mode. Went to the forum for help, and a few folks were kinda snippy with me. I guess Puppies are like that.
The good news is I fell back to WEP and now my Puppy laptop is wireless!
Printing - Puppy has always had amazing support for HP printers.
Home networking to other computers is a bit of a chore, but it can be done. Printer sharing across the network is a breeze though.
Web - Getting Java and flash to work can be a huge pain, I guess most distros are like that? The Sea Monkey browser is a bit clunky and the fonts are not very clear. It doesn't render some web page formats correctly but I think this has something to do with the distro's size. No matter, I installed Firefox and it's working a little better.
DVD support - it's there, with some tinkering.
Updates and additional programs - Another frustration. You can get a very small number of additional programs from the official "puppy package manager" site but when updates or additional programs become available there is no mechanism to update the list, so you have to dig and search and dig and search through the forums for hidden treasure or ask someone on the forums for help.
The problem with this approach is that you are often find or are pointed to outdated packages that will overwrite/break something else on your install. No big deal if you use a live cd but if you are a save file or hard drive install guess what - time to reinstall.
What is needed, and a suggestion I have made on the forums is that installs check versions and give you a dialog box before silently mucking up your system.
Another concern with additional software...even though you can usually get stuff to work, you're often caught in dependency purgatory. If you're lucky, the program downloads a script that also fetches (haha fetch puppy) the dependencies. If you have to track them down by hand, it's a real pain.
I don't have a lot of experience with other minis but it seems to me that lately puppy developers spend too much time creating whole new versions of programs with every release, and not enough time on quality control.
I would rather see them not abandon programs that work well...even if that means they're less bleeding edge.
108 • "based on" line in distribution pages (by Sean on 2009-08-25 19:56:31 GMT from United States)
This is just a query about how the based on distribution(s) is(are) arrived at for a given distro's page at distrowatch.
I noticed that Zenwalk is listed as based on Slackware alone. So is Slax. Those are the only two Slackware distro's pages I looked at besides Vectorlinux, which is listed as based on Slackware and Vectorlinux.
Is the Vectrolinux entry a mistake? Or is there some criteria I don't understand (yet) that has it listed as being derived from itself? Such as change of ownership or something? Really don't know. Sorry if this is so off-topic.
109 • Re # 103 and other person # (by Rex on 2009-08-25 22:11:28 GMT from United States)
Gee I may be paranoid and rightfully so, but if I'm doing something that needs encryption, I'm just not going to do it on a computer that connects to the internet. After all, there is hardly any encryption that cannot be broken. Then too, even if my encryption is fabulous, I can't read encrypted files so I am going to have to, at some point translate to and from. If I do it on any computer that ever connects to the internet, then I have no way of knowing that my computer hasn't been compromised and that I'm just locking the barn door after the horse has left. I say this advisedly since the paranoids of here have convinced me to learn that there is no such thing as a secure system ever. Worse, that a system may have been compromised and no one ever finds out except the bad guy. So rather than engage in dark fears and lots of work with over the top security protection, maybe an attitude of "the internet is public space and a "Puppy" that can be raised from the dead in ten to thirty minutes" is a whole lot less stressful. Re # Another person Someone might be said to owe me an apology for unnecessarily stating that I would never be converted to the dark side of paranoia, (figure of speech sorta), no matter what evidence I was presented with. Perhaps that rudeness was intended for my own good (as they claim above to practice love slaps so to speak.) However, I converted despite the rudeness, which only motivates one to dig in heels* The person above indicated that they are not the apologizing kind; however they might consider that God has not assigned them the job of "fixing" others just because it suits them. I mean, I don't think God has given them that job, but perhaps I am wrong. I hope I'm not wrong because love slaps and condescending swipes rarely make the eyes of the blind to see. *(It was other nicer people who influenced me)
110 • RE: 109 (by Landor on 2009-08-25 22:27:00 GMT from Canada)
You can feel free to do exactly what you want. I just hope you never lose, or worse yet, have a laptop stolen.
For those that doubt there's a very serious need there's tons of info on the amount of laptops stolen/lost, and their direct relation to privileged information being compromised, whether that information is personal or corporate in nature.
So, if you actually understood the area in which I was speaking (not just, or mainly, pertaining to "online vulnerabilities) you would not have ran off on the internet tangent.
As Ladislav spoke of earlier, people who have very little understand of the rudimentary aspects of IT/Computer Security shouldn't even be discussing the matter as they are only doing a disservice to the wider community on a whole. In my opinion you fit with that premise.
Keep your stick on the ice...
Landor
111 • Re # 110 (by Rex on 2009-08-25 23:03:54 GMT from United States)
I've converted to the true paranoid side of the matter. Admitted that there is no such thing as a secure system. Said that I should not put sensitive data on a computer that connects to the Internet. Said that I did not want to run as root. Said I used Sandboxie and AV etc. This was before the conversion by the way; never did I deny that there were hackers and invasion vectors.I just had one little delusion about the relative safety of using a live cd. But not good enough. The elite(?) must still slam me. What advise exactly did I give that will lead all to their doom? The Internet as I am meaning it, includes the computer I and others use, must use if we are to make use of the net. After all, no computers, no Internet. To make a distinction between the two is false, in light of the vast and endless vulnerabilities that I have been made to acknowledge.
112 • No subject (by forest on 2009-08-25 23:25:42 GMT from United Kingdom)
Ref #110
Hah, you certainly got that right Landor, see here:
http://news.zdnet.co.uk/security/0,1000000189,39450422,00.htm
And that's the number they ADMIT to...
Doubtless the ones which contained shared NATO stuff say, did NOT get lost...(hollow lafter off...) cue our allies hastily reviewing shared info treaties...
Curiously there are some organisations in UK which simply use the lappy as a terminal on the end of a VPN. Machine (wouldn't even need a h/d), gets switched off there's nothing sensitive to worry about, it's just hardware and the keeper/owner gets a slapped wrist.
Mind you, any adversarial foreign power opens up an MOD box then the end result would probably be the charlady finding a 5 renminbi note slipped under the doormat of No10, with a get well card containing a message along the lines of "you need this more than we do...and can we interest you in some second hand sports facilities going cheap...handy for 2012? Easy terms.
113 • @105 (by Adam Williamson on 2009-08-26 00:08:15 GMT from Canada)
"#87: @Craftybear: A firewall blocks access on certain ports but leaves others open for legitimate access. For example, if a firewall blocked everything you couldn't get a response from a web site. So long as a port is open and it is one where your system will responds I can waltz right in if you're logged in as root without a password. A firewall does not protect against that."
That's...um...a gigantic over-simplification, at best. I'm going to simplify too, but a little less, to hopefully be slightly more accurate. (A physics teacher of mine once remarked that education is basically a process of lying slightly less to your students each day :>)
Getting a response from a website is a completely different proposition from an attacker 'waltzing right in' to your system. Actually the link between firewall-type security and user privilege separation is, at best, indirect, and not at all as simple as you say it is here.
Most firewalls block all _incoming, remote-initiated_ connections by default. That is, if a remote system tries to simply connect to your machine without you having first initiated contact with it, the firewall will block the connection. This doesn't stop web browsing working, because that's a different type of connection: you initiated the connection by poking the webserver, and your firewall knows that's a different type of interaction than some remote machine effectively 'cold-calling' you, and lets it through. (This is what's meant by a 'stateful' firewall, btw).
What a firewall actually protects you from has little direct relevance to whether you're logged into your desktop as root, and is also a more limited range of attack types than Caitlyn's post suggests. A firewall is good, more or less, for stopping any system outside the firewall connecting to a server running on a system inside the firewall. That's pretty much all it does. A firewall has no relevance to any type of attack which _doesn't_ involve a direct connection from a remote machine to yours.
Given that it's very unlikely that any particular server running on your system was run interactively by the user (you) - you don't tend to log in to your system and then manually run the sshd or apache or whatever server - whether you 'run as root' or not isn't particularly relevant in this context. It also doesn't affect, much, whether a server can be compromised. If you're running a server that is exposed to the outside world and that server has some kind of vulnerability, then it can be compromised; it doesn't matter whether it's running as root or joe or nobody. However, where the user it's running at _does_ matter is the *potential impact* of the compromise. The more privileges the compromised server has, the more damage the attacker can do to your system. Obviously it makes sense, therefore, to run servers with as few privileges as possible, and distributions go to fairly great lengths to achieve this. But whether you log into your desktop as joe or root doesn't impact on this area much at all.
To take the practical case we're talking about here - Puppy - firewalls aren't particularly relevant, because you're not likely to run any outward facing servers on a Puppy machine. Maybe an ssh server, but sshd is pretty damn secure these days. The type of attack you're most likely to be subject to when running a basic desktop like a Puppy-type system would probably be some kind of vulnerability in a web browser, I'd say. Firewalls don't come into the picture here at all: if you've got a vulnerability in your web browser, no firewall is going to stop it, otherwise you wouldn't be able to do anything _useful_ in the browser either. Whether you're running as root or not may be significant, depending on what the attacker wants to do, what stuff is present in the system, and how Puppy's configured out of the box. If it, say, mounts the hard disks in any system you boot it on automatically, or allows a regular user to mount the disks without root privileges, it doesn't matter whether you're running as root or not. The worst thing an attacker can do is attack the data on the hard disks in the system.
For this type of attack, it would be best from a security perspective for a distro like Puppy to run as an unprivileged user by default, and only allow root to mount any disk drives present in the system. This would reduce the likelihood that this kind of vulnerability would let an attacker screw with the data on the disks in the system where Puppy was running.
In _practical_ terms you're very unlikely to be attacked this way, because it would be a lot more work to write an exploit that attempts to mount disks before screwing with them, and that would only be necessary to attack someone running in a live environment, so unless someone was targeting you specifically they'd be unlikely to bother. But just looking at it from a theoretical perspective, that's the breakdown.
Honestly, I'd probably be happy with the 'risk' of running a live booted system as root. I think the chances of some random skiddie taking the trouble to write an exploit that explicitly mounts hard disks before attacking them is so slim as to not be worth worrying about. But it would be good practice for Puppy to run unprivileged by default, as most other live distros do in my experience.
114 • @113 (by Adam Williamson on 2009-08-26 00:18:58 GMT from Canada)
ok, so my thoughts ran off in different directions and that's not really a response to what caitlyn wrote. never mind! take it on face value :)
115 • 'nix (by curious on 2009-08-26 03:23:51 GMT from United States)
How many "home" users actually have two or more seperate users logged in and simultaneously using their computers?
It seems most people simply use one computer per person.
116 • Weekly Education (by dedguy on 2009-08-26 06:39:58 GMT from United States)
Every week I'm learning something new that actually get's me noticed at work. I love all of you that contribute comments to this site. Mr. Williamson, Ms Martin, & Landor... this week was especially good advice, I never once considered encrypting my hard drive. Now I'm going to ask the IT guys @ work if they've done this for our laptops, just to see how good they are. I'm relatively new to Linux, about a year now. But I've been able to get up to speed thanks in large part to the people here. Thanks a lot :o)
117 • Secure it, or rebuild it? (by DG on 2009-08-26 06:48:39 GMT from Netherlands)
So rather than engage in dark fears and lots of work with over the top security protection, maybe an attitude of "the internet is public space and a "Puppy" that can be raised from the dead in ten to thirty minutes" is a whole lot less stressful.
I had my credit card details cloned recently, and seeing as the card never leaves my sight, I can only assume it was leaked/harvested after some on-line purchases -- all via https connections. Believe me, ten to thirty minutes to rebuild your system is the least of your problems.
118 • Please - can I play my audio cds on Linux? (by gnomic on 2009-08-26 07:10:33 GMT from New Zealand)
Has anyone else noticed a tendency for Linux distros to be unable to play audio cds? Only today I installed a major distro, and was taken aback by there being no software available out of the box for this purpose. Hello? Call me a fossil, but I still own some music CDs, and it would be rather nice if I could play them when running Linux. Maybe all you dev types are totally digital, but not everybody is in that space. As Puppy was under discussion, that is one thing they have got right, I have yet to encounter a version that won't play a CD.
119 • Re #118 (by Mandriveiro on 2009-08-26 07:24:37 GMT from Spain)
Well, I have no problem when listening my CDs with Mandriva 2009 Spring with KDE 4 and plf...
120 • firewalls (by Xtyn on 2009-08-26 07:49:15 GMT from Romania)
#113 AdamW, thanks for the info, now I understand a bit more about firewalls and security. Sometimes I have the impression that you are the only one here who knows what he's talking about.
#105 "if a firewall blocked everything you couldn't get a response from a web site."
I just checked, my firewall blocks ALL my ports (HTTP, FTP, SSH, DNS, Telnet, POP3 etc) and, obviously, I use the internet just fine, even torrents work fine (although Transmission tells me that my port is closed). So, "security expert", you have no idea what you are talking about.
"So long as a port is open and it is one where your system will responds I can waltz right in if you're logged in as root without a password."
If it's that easy, I'll install Puppy, run it as root and you can try to hack it if you can. It will all be legal, I give you my blessings, try it, I'll even give you my IP (it's my real one, I'm not behind a proxy) if you need it.
Let's make this a challenge: any hacker here can try to do this, just to prove how vulnerable Puppy is, just tell me so that I will install it (I'm not currently using it, I'm using Debian).
P.S. Puppy has a pretty secure kernel (2.6.25.16), Seamonkey is 1.1.15, so I think it's pretty safe. I don't like the fact that Puppy runs as root by default, because a successful attacker could install a keylogger (although there are exploits that give root access). It should have sudo at least.
121 • @113 Firewalls & Puppy (by craftybear on 2009-08-26 08:13:29 GMT from Australia)
Adam Williamson wrote: "Honestly, I'd probably be happy with the 'risk' of running a live booted system as root. I think the chances of some random skiddie taking the trouble to write an exploit that explicitly mounts hard disks before attacking them is so slim as to not be worth worrying about. But it would be good practice for Puppy to run unprivileged by default, as most other live distros do in my experience."
Most Puppy installs are Frugal in nature and hard disks are only mounted if the system is booted from them or the user explicitly mounts them. Even if the hard disk is mounted, all data and OS files are contained in a Squash file system. Save files can easily be encrypted at install with Puppy.
For those who are super paranoid, you can run Puppy applications as an unprivileged user called "spot" if you wish e.g. [#su spot seamonkey]. That takes care of the browsing.
Thank you for a reasoned and detailed explanation, Adam. It is much appreciated. I didn't think I was that far off the beam when it came to firewalls blocking externally initiated exploits.
I would love Caitlyn to take a "proper" look at Puppy, and its architecture, to truly appreciate the unique if not innovative approach adopted by Puppy creator Barry Kauler. Certainly he never intended Puppy to compete for the commercial desktop space, or the Linux server market. It's purely a personal use distribution designed to make it easier for refugees. When they are well and truly penguinated [(c) Lobster] - takes longer for some than others - then they can choose to move on to Mandriva, Vector, Ubuntu, PCLinuxOS or in my case Linux Mint.
122 • PCLinuxOS and KDE (by davecs on 2009-08-26 09:01:13 GMT from United Kingdom)
Just to point out that PCLinuxOS ships as standard with kde3, but kde4 is in the repositories, and a simple change you can make in the Synaptic package manager, followed by installing a "task" package, will upgrade to kde4, full details on forum. PCLinuxOS users therefore have the choice.
PCLOS still sees kde4 as a "testing" choice though, and will continue to support and recommend kde3 for day to day use until kde4 is considered up to scratch.
123 • Hackers are overrated (by Ludro on 2009-08-26 10:17:41 GMT from Italy)
@120 Firewalls: Your challenge remind me of a similar challenge that I launched some years ago in a large gamers' community. I did that because someone was trying to spread the story that "firewalls are useless and any good hacker can get in your PC anyway".
So I posted the IP address of the target PC (Win98 with free Sygate firewall) on the forum, put down my Voodoo 2000 card as the prize for the first one that got into the computer, then I sat back and waited while keeping an eye on the traffic. Which completely proved my point, since in a whole month all those fearsome l33t hakerz were able to do was a lot of port scanning, a great deal of pathetic attempts at sneaking trojans via email and IM, and for some reason better known to themselves even a couple of DOS attacks.
Long story short, nobody managed to even getting near to "waltz in" the machine, and I still have the V2 card doing service in Slackware (works great with the Banshee drivers, btw).
Ah, and my boss is still wondering why during that month most people with a internet connection were attacking his own PC...
124 • No subject (by forest on 2009-08-26 10:44:51 GMT from United Kingdom)
Ref security of another kind...quite a few folk will know by now that Google is not particularly high on Beijing's Christmas card list...what with tainting it's youth with access to western comparative anatomy sites, youtube and twitter.
Well, the home grown version of Google, so to speak, is known as "Baidu"(now nearly 10 years old), with an enormous fan base...according to UK's Daily Telegraph they profess to a nearly 60% share of China's 300 million plus internet users...but, guess what... the comparative anatomy sites along with local Chinese iffy sites, such as book-a-prostitute-by-email are accessible from Baidu, but, not the political stuff. It seems China has observed the effects of "free" internet usage during Iran's recent elections, and are not keen to see it happening from China.
On a numbers front it seems (again from DT) that there are "only" 300million internet users in a population of 1.3 billion or 26% if you prefer percentages.
The growth potential is enormous it seems and when you think there are more folk online in China than the population of the US say.
I have no doubt the Chinese gov't would prefer their citizens not to use MS...which is great news for open source stuff but a bit sad in that is is being "exploited" you might consider, by a not altogether liberal gov't.
125 • Linux (by Katherine on 2009-08-26 11:42:08 GMT from United States)
Hi,
My name is Katherine and I am 7 years old. I have been using Gnu/Linux for 2 years. My Daddy is a programmer for IBM and he has helped me understand the value of open source. I will be entering the 4th grade this year and am excited and sad at the same time. All my friends, my age, are going into the 2nd grade and I feel somewhat alone. I am learning the Ruby language right now because it is easier for me than C. I love Linux because I can play games and program for free. My Daddy said most people don't realize the importance of open source and complain a lot. He sometimes gets mad when visiting this site. He said my Brother and I are the future and he hopes we behave like intelligent adults when we grow up. I am not sure what he means but I know he is always right.
xoxox
126 • Re #117 (by Rex on 2009-08-26 12:53:25 GMT from United States)
Please don't quote me and then talk about a problem that supposedly resulted from doing the exact opposite of what the quote advocates and the opposite of what I have in other language made clear that I do not advocate. Or do people not understand that 'public space' is public? Does one reveal their credit info or any sensitive data in public and act surprised that it was misused? And Internet means both that thing out there and that space inside your computer!
127 • Ref#116 What new ! (by Anonymous on 2009-08-26 13:36:31 GMT from United States)
I don't know what you mean by learning something new. For two weeks running all we have been hearing is the rant about security. Don't use Puppy. Use Puppy. Don't use Slax. Yes, it's okay to use Slax. It's all nonsense and not much to learn here, except herd instinct - One person mentions using a "non-secure" livecd and that's all is talked about- bring out the cattle !
Can't you people be a little more original. Your NOT going to convince anyone to stop using what they love, period. It's egos run rappid.
Adam Williamson is the only voice of reason in his arguments.
Isn't there anything to talk about except hackers and security. Give it a rest. Enough already.
128 • No subject (by kirkpuppy on 2009-08-26 13:57:20 GMT from United States)
No don't stop. The paranoid are entertaining! Anytime some one brings the "security" scare out I always ask the same question, please provide a link that I can go to and infect my computer. Yes I'm running as root, and have been for many years. I'd love to see how that would work. After many years of asking for this, no one can provide a link. And please, no Rick Astley links. :)
129 • No subject (by forest on 2009-08-26 14:34:40 GMT from United Kingdom)
Ref the anti paranoid-about-security clique...but would you know enough to discover whether your machine(s) was infected anyway? If you can tell then you could consider sharing your wisdom...this is supposed to be a "community" after all.
I believe the advice was if you can do something about security you are strongly encouraged to do so. If you could but can't be arsed then you might be said to deserve everything that's coming to you, LOL.
And of course, if you are perhaps disenchanted with the security thing there is nothing to stop you posting something on your own distro related topic, is there?
Perhaps you could be proactive as opposed to be reactive?
130 • @127 (by Notorik on 2009-08-26 14:47:16 GMT from United States)
That hurts. I actually thought I was being "the voice of reason". I am not voicing my views about security at this time per Ladislav's request. However, if it is permissable, I would like to make my own request:
Could someone please provide a link for Kirkpuppy?
If my views are erroneous then provide the link and prove it.
Snide remarks and "virtual slaps to the head" are not the way to carry on an intelligent discourse. I also find the violence inherent in these statements...worrying...
131 • "Reasonable" Security (by Pearson on 2009-08-26 15:14:45 GMT from United States)
Can we discuss security with using the word "paranoid"?
Most of what's been described as paranoid appear to me to be extreme examples to prove a point. I haven't heard anyone say that running as root (like in Puppy) is inherently evil, just that it's more dangerous and that the danger should be justified by the benefits. Surfing the web isn't generally a sufficient benefit.
I really don't think that anyone believes that running as root will guarantee that you will be hacked, just like driving under the influence of alcohol does not guarantee that you will have an accident.
Those who say "I've been running this way for years without a problem" remind of some who say "I've been driving under the influence for years without an accident."
NOTE: I am NOT saying that running as root is the same as drunk driving. I'm drawing an analogy, don't read too much into it.
Again, there are times when you need to run as root. There are times when it's just more convenient to run as root for a while, such as evaluating a Live CD. But, for "normal, everyday" or "normal, business" uses (online banking, contract proposals, listening to music, etc.), the dangers of running as root generally far outweigh the benefits.
132 • re: #130 (by Eyes-Only on 2009-08-26 15:33:39 GMT from United States)
re: #130
Notorik wrote:
[i]"Snide remarks and 'virtual slaps to the head' are not the way to carry on an intelligent discourse. I also find the violence inherent in these statements...worrying..."[/i]
AMEN! I couldn't agree with you more my friend!
I'm starting to question why I even bother to come here and read each week if all it does is work up my angina to the point where I have to go back to bed?
As someone else stated above, Adam was about the only voice of reason here as he politely took the time out of his busy day to explain the facts rather than try to stand on laurels of their past achievements and brow-beat the same words over and over into us without explaining, "Why?" Adam explained the "why" rather succinctly I believe - all without grandstanding ( which we well-know he of all people here could have done if he had wanted to ). Thank you Adam for your time. At least now I understand - after nearly 25 years of computer usage - quite a bit better the "HowTos" on firewalls!
Oh yes... and for the record? I, too, am a Puppy user ( 4.2.1/3.0.1 ). Yet I also use Debian-Lenny-5.0.2, and am thankful for Ms. Martin's review on Debris as that's also my "Default Distro". Yet more often than not I'm in Puppy. Worried? Not in the least. Why? Because FOR ME my computer is solely a HOBBY, ergo there are no sensitive data anywhere on the drive period. And if my wife is welcomed to read my emails... then the whole world is as well. ;)
But don't get me wrong! I may not agree with the ever-increasing violence each week in the comments section here, nor the way in which Ms. Martin said things. I may not like the fact that I feel she is somewhat prejudicial towards Puppy ( albeit with good reasons but let's not go there again PLEASE! ), and wished that she'd let by-gones be just that and do an honest review...
Yet there is one thing I WILL stand by here: If I weren't into computers "solely as a hobby", but instead as a business, regardless of how I feel, I'd want Ms. Martin - or at least someone like her or someone she could recommend - for the security of my computers and company network.
Now? Can we all please play nicely in the sandbox before Ladislav takes away our Tonka Toys? Please?
Eyes-Only "L'Peau-Rouge"
133 • Puppy User account - running "live" (by Anonymous on 2009-08-26 15:42:14 GMT from United States)
The answer seems to be, "No", it isn't an easy thing to set up a functional user account where the user has the capabilities of a typical user, and only those capabilities.
From the Puppy forum, 3/31/09...
"While Linux is inherently multi-user, Puppy has been hacked to be single-user, and you always run as root... The underlying commands to create users still exist, but even if you use them, various things in Puppy assume the user is root, and a lot of hacking would be required to make it fully multi-user."
-- About Mr. Williamson's comment, "Honestly, I'd probably be happy with the 'risk' of running a live booted system as root."
There are several of ways to run Puppy. Running 100% live from CD is different than running with changes stored in a hard drive file.
If changes are stored on a hard drive file, then, depending on what changes are stored, Puppy might store whatever malware has been introduced. Subsequent boots would load whatever has been stored in previous sessions.
However, it isn't this simple. For example, if changes are stored to an SD card, and then the SD card is write-protected, and if the changes are stored after a fresh boot and before the user has gone online, then the changed Puppy is as pristine (from a malware point of view) as CD-based live Puppy.
134 • re:129 (by kirkpuppy on 2009-08-26 16:02:17 GMT from United States)
"Ref the anti paranoid-about-security clique...but would you know enough to discover whether your machine(s) was infected anyway? If you can tell then you could consider sharing your wisdom...this is supposed to be a "community" after all."
No problem, If you're using a virtual file system (Unionfs/AUFS) like Puppy does. Puppy's file system only appears R/W, in reality it consists several branches or layers that Unionfs/Aufs manages. The main file system is a read-only branch and any changes you make goes into the R/W branch. If someone was to provide a link to test, I would boot without a R/W branch, then go to the suspect web site and see if something shows up in the new R/W branch. Any changes to the file system will be written in the R/W branch. The original files are always available in the read-only branch.
BTW, with Puppy you can have many R/W branches. You choose which one to use when booting. You can choose to encrypt them with AES128 if you want.
Sorry if the word "paranoid" is offensive. I think it's the correct word in relation to the discussion about Puppy. Paranoia is a excessive anxiety or fear. The amount of risk that people find acceptable is inversely proportional to the amount potential loss. If you spent hours setting up and configuring your system then the amount of risk (real or only perceived) you are willing to take will be lower than someone who spends minutes.
135 • @133 (by Adam Williamson on 2009-08-26 16:32:05 GMT from Canada)
Ah, I hadn't considered that wrinkle.
In that case you have to fall back on the other question people frequently don't ask themselves when talking about this stuff: what can root do on my system that my user can't?
The answer usually isn't one they particularly like, because the answer is usually 'well, root can access system files'. But your regular user account can run any kind of code it likes, and access all your _personal_ files, which are usually the ones you care about.
So a web browser process running as root that got compromised could wipe out all your system files (although, with the way Puppy runs, it sounds like it actually couldn't anyway...) or modify them not to work properly (that would work, until you blew away the compromised RW layer). But most people don't really care about that, and that's not what most in-the-wild compromises actually do. Usually they just smuggle in a process that uses the compromised computer to do something - either use it to 'attack' other systems in some way (act as a server hosting an attack page, send out spam email, whatever), or just use it to show you adverts. The nastiest thing an attack could do would be to delete all your personal data - since that's the stuff you can't restore with a simple reinstall - and a compromised process running as your user account is perfectly capable of doing that.
So on a typical single-user system, privilege separation doesn't save you from much, in terms of what real-world attackers are likely interested in doing. What it's mostly useful for in a single-user context is saving you from making stupid mistakes - accidentally blowing away your /usr directory is far less likely to happen when you're running as a regular user :)
Privilege separation is much more significant from a 'minimising the impact of intentional attacks' perspective on a true multi-user system, because it means a process running as Andy can't compromise files owned by Bob (but a process running as root could compromise files owned by both, which is why it's a bad idea). If you're the only user on your computer, it's not such a big deal.
I'm not saying running as root is a good idea. It isn't, mainly for the _second_ reason (PEBKAC). But it's good to have a realistic understanding of _why_. It's far more important to save you from making a silly mistake than it is to protect you from The Bad Guys.
136 • Re # 131 (by Rex on 2009-08-26 16:43:49 GMT from United States)
Pearson, you are always a very reasonable person, but in this one case, I think the choice of analogy is an extremely bad one and very prejudicial as well. There is no way that peoples minds are not now associating Puppy users with drunk drivers, and that is just not fair nor remotely accurate. If a drunk driver did actually drive for years for any amount of time as the Puppy user drives the Internet, and got away with it one would have say that that driver can do it. As an extreme exception! There are presumably thousands of puppy users and if it was in any way as risky as drunk driving, then you would see people not just talking about the risks without real blow by blow examples, as they do here, but citing crashes galore with pictures of the blood just as they do for drunk driving. Basically the elite(?) here are calling Puppy users morons, but where they fail is when they are asked to explain how so many people can use Puppy for low all these years and yet disaster stories do not abound, they return dead silence or cite stolen laptops that were not encrypted which has naught all to do with Puppy use and such like.
137 • RE: 133 (by Landor on 2009-08-26 16:58:30 GMT from Canada)
You stated "(but let's not go there again please)", but you did go there, no?
So, just to get this straight we're NOT going all the way back to (I think it was this) "Why I haven't reviewed Puppy" and the subsequent "A death threat from a puppy linux supporter"
To be honest, after the crap that came here after MS' article and some of the ensuing battles regarding puppy over the Oreilly blog, I wouldn't blame Ladislav one bit if he actually refused to publish any article regarding Puppy and am quite astonished, but not also, that he does. Mainly this is due to the fact that out of all the fanbois I have encountered in Linux, the ones of puppy are even more fanatically zealous than those of PCLOS of old.
Regardless though, the last few weeks have been tame. For the most part, I've come to the conclusion (and Ladislav will probably delete this for the language) a couple of the people are purposely inciting the argumentative exchanges and they truly don't give shits about the topic. They're doing it because they can, that's all.
Anyway, here's to next week when there might something more interesting to talk about. Maybe Linus Torvalds will get a hangnail.
Keep your stick on the ice...
Landor
138 • Re#136 @Rex - security (by Pearson on 2009-08-26 17:16:03 GMT from United States)
Rex,
I'll admit that my analogy was extreme. Perhaps it was too extreme - time will tell. I was pointing out that sometimes a person can habitually do a dangerous thing for a long time successfully; that doesn't make the thing less dangerous. I certainly do *not* intend for users to associate using Puppy with driving drunk, since there are legitimate reasons to (occasionally or casually, in my opinion) use Puppy.
Maybe I should've compared it with Russian Roulette? ;-)
There are several reasons that I can postulate (off the top of my head) for not hearing the "horror stories". None of these are researched, and one or more may be totally bogus. These are just thoughts. 1. Puppy just doesn't get hacked very easily. This is *not* because Puppy is inherently more bullet proof. 2. Puppy users don't keep much private data available, minimizing the impact of being hacked. 3. Puppy users are generally behind firewalls, etc. which help (but aren't foolproof) to protect against hacks. 4. Puppy users aren't "newbs" and are more careful about visiting web sites, opening SPAM, etc. They avoid "the bad neighborhoods." 5. The results of a hack are attributed to something else. For instance, if their credit card information is stolen the user might assume that it was a waiter, or sales clerk, or someone dumpster diving. 6. Puppy, being more lightweight, has fewer services to hack.
139 • RE: 132 and my post 137 (by Landor on 2009-08-26 17:19:51 GMT from Canada)
My post should have been "RE: 132" not "133.
RE: 132
One point I forgot to make, I don't believe you read DWW properly, it was Jesse Smith that did the review.
Keep your stick on the ice...
Landor
140 • @138 (by Adam Williamson on 2009-08-26 17:36:08 GMT from Canada)
I've never heard a reliable report of any Linux system being hacked, in the real world, via the typical kind of exploit you'd expect to encounter on a Puppy-type system (compromise in a client application like Firefox). In practice I suspect the potential returns on writing such an exploit just aren't worth doing it. There _have_ been vulnerabilities in Firefox and other apps which would, in theory, allow such an exploit to be written, though. Follow some security notification services if you're interested, vulnerability reports often come accompanied with proof-of-concept code, and several vulns have been cross-platform.
141 • Firewalls (#113), security in general (by Caitlyn Martin on 2009-08-26 18:07:11 GMT from United States)
Actually, Adam, despite some people calling you "the only voice of reason" I'm going to disagree with what you wrote here. Most firewalls close most, but not all ports. You are correct that port 80 (http:) will not allow a remotely initiated connection unless a web server is running on a given system. For a personal web server to work port 80 does have to be open. Generally most firewalls don't block all incoming traffic. Certain ports are left open to allow legitimate connections. Many mini distros (again, I can't speak to Puppy directly) do have the ability to enable sshd and some do it by default. That means your ssh port is open. Now, let's say I know your IP address. If root has no password and your ssh configuration file doesn't disable root connections all I have to do to access your system is:
ssh root@<your ip address here>
and I can, in fact, waltz right in and do whatever I want. Adam, did you miss that point? You talked about root, not root without a password. There is a huge difference between the two. Don't you agree?
The fact is that neither Adam nor I nor anyone else knows how a firewall is configured on your system. You should know but nobody else should.
A live CD or unionfs does NOT protect your hard drive. A frugal install protects the OS only, not the data. The issue isn't just running as root. It's running as root without any password as Puppy does.
I've had my identity stolen with pretty nasty consequences. My system was secure. The mail server run by the hosting company I was using at the time was not secure and was compromised. Call me a security paranoid all you like; I've lived with the consequences of a breach and they are no fun at all. All someone needs to do is to harvest your social security number and/or your name, address, and account number(s) and you are toast.
I did cleanup after a security incident where an SGI Irix box was compromised and used as a jumping off point to attack other *nix systems. One young woman had her PhD thesis on the box that was compromised and the attackers wiped the hard drive when they were done. That should have meant she only lost data back to the last backup. Unfortunately for her the last backup was after the security breach and the people in charge wouldn't allow it to be restored. She lost a month of work very close to a due date. This happened behind a firewall.
Now, you can believe Xtyn, who attacks me ever week in the DWW comments section, or you can stop by and look at the nice Lockheed-Martin award hanging on my wall for my security work. You can believe those who dismiss security as unimportant or overblown or you can check on my certifications. Yes, I'm guilty of oversimplification as Adam charges. That is certainly true. I kept it simple to make a point.
142 • Correction to #141 (by Caitlyn Martin on 2009-08-26 18:08:39 GMT from United States)
That should read ssh root@[your IP address here] in the example in #141.
143 • No, I won't look at Puppy unless... (by Caitlyn Martin on 2009-08-26 18:10:55 GMT from United States)
Every time Puppy Linux comes up fans insist I should revisit the distro. Landor already related why I NEVER, ever will. I always reiterate what it would take for me to change my mind:
1) Removal of all the hate directed towards me from the Puppy Linux forum 2) An apology from those responsible for that forum
I think hell is likely to freeze over before any of that happens. Enough said.
144 • Netbook sales us 398% (by Caitlyn Martin on 2009-08-26 18:24:30 GMT from United States)
In Australia netbook sales are up 398%. See: http://www.itwire.com/index.php?option=com_content&task=view&id=27226&Itemid=53
It seems the netbook craze is anything but over and people are buying them and ignoring larger and more powerful systems. So... does anyone want to tell me I shouldn't be reviewing distros on netbooks again? It seems that is a representative system; representative of what people are actually buying.
145 • 126 • Re #117 Secure it or rebuild it? (by DG on 2009-08-26 18:26:03 GMT from Netherlands)
Please don't quote me and then talk about a problem that supposedly resulted from doing the exact opposite of what the quote advocates
Now that I re-read the quote without the rest of the context it does indeed appear that I am arguing against you. Please accept my apologies.
146 • beating a dead horse (by Nobody Important on 2009-08-26 18:33:50 GMT from United States)
Well, now all this has devolved into is all the people who claimed the security concerns are overblown just posting over and over again about how everybody is being mean to them.
I see few unfriendly remarks from Ms. Martin, except a forthright tone that this subject deserves. Mostly facts and anecdotes. Even if they aren't true, every story she has posted is quite plausible and conceptually frightening.
The cold, hard fact is that running as root is dangerous, not only for you but everyone else as well. Period. End of story. You cannot argue this, regardless of feeble attempts to do so.
It would be like removing all of the locks on your house. Relying on Linux' obscurity is dangerous; I agree with Adam that the chances of a Linux-based attack are very unlikely, but that doesn't mean it doesn't happen. Mac OS X just added anti-virus to their default installation, and they only have a fraction of Windows' market share. Besides, just because your cabin is twenty miles out of town doesn't mean you should forgo locks, right?
And like I said earlier, Eyes-Only, your computer doesn't need to have anything on it to make it valuable to a hacker. Botnets are becoming widespread in the Windows world, and I doubt that Linux is completely impenetrable to this growing trend. You could also start dropping exploits on the websites you visit if you've caught a virus - much like a real disease, these can spread quite quickly. Just because you treat computers as foolish toys doesn't mean to need to discard security entirely - if a hacker uses your processing power to attack my server, then you're just as much at fault as the hacker for being lazy and lax.
But, well, I see that no one is going to discuss much beyond continuing to whine about those mean people who pick on them on Distrowatch. Fine. I don't care. Just don't leave your computer gaping open for possible attacks that might effect me or my family (especially the ones who struggle to keep their Windows installations clean), and we can move on from this boring, common sense topic that shouldn't even have to be discussed in the first place.
---
I was installing Quake Live on my Fedora computer, and found that it blocked the application be default thanks to stringent SELinux settings. I turned it off for that one exception without any problems; the game was quite fun. But this extra step didn't bother me; in fact, it's the reason why I might convert to Fedora entirely. I value being safe.
Do any other distros have good SELinux installations?
147 • #138 (by Rex on 2009-08-26 18:51:13 GMT from United States)
As I said, you are always very reasonable Pearson.
I am interested in the subject of security and it's a bit much to have people, not you, making up opinions and conclusions about other peoples motives, which is of course is their right, but is it really their right to publicly publish those guesses as if they are fact?
When I raised the live cd issue a couple of weeks ago, I kept asking, begging someone to tell me "But how do they see" which was relevant to me because I figured that someone invading my live cd would have to open something on my computer in order read/see anything, for that is what happened when I used Logmein to see anything on my computer at home from a remote computer. Finally someone mentioned the terminal which I had already thought was the only possible 'invisible avenue, but they did not mention it a context that applied. Further saying that one sees via the terminal does not really explain how they can be invisible. Then someone nicely, was it you Pearson, mentioned that more than one window can be open at a time. Now that was a concept that I could grasp, though of course the technical details I do not know but wish I did. Tried to find out by googleing but did not succeed. (Now I am hoping that by 'windows' being opened it was not meant virtual desks which I know about and which are not invisible.) If one hacks invisibly via a remote computer, and if they were executing commands, and at that time I had open my local terminal would the executed commands of the remote terminal show up on the local terminal? I'd like to know the answer to that. Also in MS windows, if I run the Task Manager and click on users, it only shows me. If someone was hacking me via a remote terminal would they show up as a user? Also I would like to know this. I already know that people can hack, not necessarily live but via script, to erase log evidence of their presence, shut off AV detection etc. but I want to know beyond HDD's grinding away unexplainablely or unexplained copious amounts of data being sent out of the computer (which can also be scripted to hide in the users normal outflow) I want to know what if any definite evidence a non expert computer user can look for that unambiguously identifies a baddie in action on a live cd. If there were such, that would be wonderful. Say all I had to do was leave my terminal open at all times and watch out for executions I did not initiate. That would be sweet.
148 • #147: System traffic monitoring with snort (by Caitlyn Martin on 2009-08-26 19:09:36 GMT from United States)
I want to know what if any definite evidence a non expert computer user can look for that unambiguously identifies a baddie in action on a live cd. If there were such, that would be wonderful. Say all I had to do was leave my terminal open at all times and watch out for executions I did not initiate. That would be sweet.
The program you are looking for is called snort. It is packaged for most major distributions. See: http://www.snort.org/ You can watch all inbound and outbound traffic on your system. You may need to teach yourself to read the output but it will all be there.
Another thing you can do is make sure your system log (syslog) is turned on (many mini distros don't do this) and set to a fairly high level of logging. When I did the government support we had scripts which summarized the logs for us and flagged any entries that were questionable. Learning how to read your logs and summarize them would be a great way to learn more about how things work under the hood in any case.
149 • #146: SELinux (by Caitlyn Martin on 2009-08-26 19:20:53 GMT from United States)
Any Red Hat based distro (Scientific Linux, CentOS, StartCom) should have a good SELinux implementation enabled by default. I haven't used SUSE in a while but I would be very surprised if they don't since their commercial distro is targeted at enterprise space.
Note to self: Take a good, long look at OpenSUSE 11.2 when released :)
150 • @Caitlyn (141, 149) (by Adam Williamson on 2009-08-26 19:35:43 GMT from Canada)
What you say in 141 is correct, yes: if a distro runs an ssh server by default or makes it easy to enable one and automatically punches a hole in the firewall if you do, it should be careful about the server's configuration. I don't know what Puppy's default ssh server config looks like; on the distros I do know about, direct root login is always disabled by default. The question of how vulnerable Puppy is to this attack vector depends to a great extent on the default sshd configuration, so someone should probably check that. Install ssh server on Puppy and do:
grep PermitRootLogin /etc/ssh/sshd_config
that should tell us.
It's worth noting that some other distros have live CDs where root has no password by default. Mandriva One is like this, for instance. Of course, that's not designed for you to run your system in that state for a long period, sshd isn't running by default, and its default config denies root login.
On 149 - I believe OpenSUSE uses AppArmor, not SELinux.
151 • RE: 146/149 (by Landor on 2009-08-26 19:36:47 GMT from Canada)
openSUSE as of 11.1 had the option of using SELinux instead of AppArmor. I'm not sure of any other distributions. Slackware maybe?
Keep your stick on the ice...
Landor
152 • @146 (by Adam Williamson on 2009-08-26 19:39:41 GMT from Canada)
"The cold, hard fact is that running as root is dangerous, not only for you but everyone else as well. Period. End of story. You cannot argue this, regardless of feeble attempts to do so."
It really isn't that simple, as I said in 135. Particularly the 'for everyone else as well' bit. That's true if you're actually using a system to which other people log in directly, but not really so much in other cases. As I said, given the typical configuration of most Linux distros, an attack which compromises a process running as a normal user can do just as much 'nasty stuff' to the rest of teh intarwebs as an attack which compromises a process running as root. It can still run a process that makes the system act as part of a botnet, or serve up spam, or whatever.
yes, it would be marginally easier to detect and clean up an attack like this - a non-root attack can't compromise the system logs and tools like snort to hide itself, whereas a root attack can, and you can effectively 'clean up' after a compromised user by just blowing away that user account - but let's face it, most people aren't going to _check_ in that way.
153 • #152: It's not just ssh (by Caitlyn Martin on 2009-08-26 20:11:21 GMT from United States)
Adam, sshd was only one example. Damn Small Linux, for example, allows for a simple mail server to be launched at startup as well IIRC. (DSL does NOT run as root by default.) Also, once a port is open it can be used in ways other than intended if there is a vulnerability on a system that allows it. Other mini distros do have small web server apps (i.e.: monkey) that can be run at startup.
The point is that there are a lot of variables here. There are a lot of services that could be started that must have holes punched in the firewall in order to work. If you run as root, particularly without a password, any one of them can be a point of unauthorized entry, which brings us back to the premise that running as root without a password is an incredibly bad idea in general.
154 • @153 (by Adam Williamson on 2009-08-26 20:33:37 GMT from Canada)
Again you're talking about 'running as root', but I don't see the relevance. Whether the root account has a password or not and whether the lump of flesh sitting in front of the computer is logged in as 'root' or 'lumpofflesh' has no implications on the potential impact of a compromise in a web or mail server.
155 • #154: Why it matters (by Caitlyn Martin on 2009-08-26 20:42:46 GMT from United States)
If the mail server or web server are used as designed you are absolutely correct. My point is that once a port is open it can sometimes be exploited in a way not as designed to gain access.
It doesn't matter how someone at the console is logging in, no. It matters that if someone who isn't supposed to does find a way in the lack of a root password means they can become root at will and do whatever they want. It's the lack of a password that is the problem here.
156 • @139 & 141 (by Eyes-Only on 2009-08-26 20:49:49 GMT from United States)
@139: Hi Landor. Yes, I do realise that it was Jesse who reviewed Puppy this week. I didn't misread the by-line. But thanks for reminding others who may have not noticed or forgotten. :)
@141: Caitlyn? You wrote the following in your post of this number:
"The issue isn't just running as root. It's running as root without any password as Puppy does."
One small correction, if I may? ( Rhetorically speaking of course. ;) ) And this is for everyone as I think others have stated likewise - even some Puppy users as well - but Puppy does NOT run in root "passwordless". It's set up as some of these other LiveCDs are with a seamless auto-login. In Puppy's case BarryK uses "tiny-login" I believe it's called? The password can be found in the wiki and the forum quite readily. Using the "passwd" command in CLI one can change it easily enough.
Also Caitlyn: Please accept my apologies for my posting earlier if I upset you or bothered you in any way. That was very ungentlemanly behaviour on my behalf using my own philosophy "If you can't say anything good - then say nothing at all." Likewise my apologies to anyone else I may have offended as well. Life is just TOO SHORT to be spent quibbling - especially my own time - so please one and all, I hope you will accept my apologies before the sun has set on this day.
I'll be glad when it dawns a new day...
Eyes-Only "L'Peau-Rouge"
157 • Caitlyn...again... (by Xtyn on 2009-08-26 21:01:20 GMT from Romania)
#141 "Now, you can believe Xtyn, who attacks me ever week in the DWW comments section"
I checked all my 65535 ports, none is open and I use the internet just fine, so you're wrong. I'm not attacking you.
#144 "So... does anyone want to tell me I shouldn't be reviewing distros on netbooks again? It seems that is a representative system; representative of what people are actually buying."
Let me quote the article in your post: "According to a report from analyst firm Gartner, mini-notebooks now account for more than 14% of the total PC marke"
14% is representative? Come on... Look, I'm not saying you should not review distros on the netbook, I'm just saying it should be done on a REAL computer too, not only on a toy one. You know how a real computer looks like, don't you? Let's say a core2duo, at least 2 GB RAM, a decent graphics card, SATA 3Gbit/s HDD etc. I'm not talking about an i7 with 10 GB of RAM and the latest nvidia graphics card here, ok?
158 • darn, did I do something wrong? (by Xtyn on 2009-08-26 21:02:07 GMT from Romania)
159 • No subject (by Xtyn on 2009-08-26 21:03:16 GMT from Romania)
it's ok now, sorry about it
160 • Bad information (by kirkpuppy on 2009-08-26 21:11:15 GMT from United States)
Just to correct some BAD information.
"It's running as root without any password as Puppy does. "
This is false. Just because you autologin as root doesn't mean there's no password. And of course you can change the password anytime you like. Also the only daemons that Puppy runs by default, that isn't kernel spawned, is syslogd and cupsd. And cups might fork it's self to run as user nobody, don't really remember. If someone was to run ssh, I would assume they would no enough to change the default password. If you did install a web server, most run as user nobody. On Puppy the suid bit is not set, so even if user nobody knew the root password he couldn't su to root.
It is better to keep your mouth shut and be thought a fool than to open it and remove all doubt. (Mark Twain)
161 • No subject (by kirkpuppy on 2009-08-26 21:25:33 GMT from United States)
I forgot, newer Puppys run udevd as well.
162 • Xtyn, enough already! (by Caitlyn Martin on 2009-08-26 21:28:17 GMT from United States)
A netbook isn't a toy. FWIW, by Xtyn's definition all my computers are toys and I don't own any real ones. Maybe you should try and convince Ladlislav I'm unqualified to write reviews. Wait a minute... isn't that what you always do??? You also directly attacked my expertise on security, or rather claimed I didn't know what I was talking about.
Any guess how many people here only run "toys"?
You wanted to incite a reaction. You've done it. Happy?
I'm done for this week.
163 • RE: My Post 137 about MS (by Landor on 2009-08-26 21:50:07 GMT from Canada)
I'd just like to state for the record that I personally had no problems with his article a couple years ago.
Although I cannot verify what he said as fact or not, I could indeed come to some conclusions that led me to personally believe the community was not all that 70's hippie-ish, let's embrace and be happy. Not by far.
Regardless, if you're reading this Mark, I hope you didn't take my inclusion of your article in my post as a negative...
Keep your stick on the ice...
Landor
164 • CentOS (by Joe on 2009-08-26 22:21:55 GMT from United States)
Not wanting to change the subject, but I connected a USB DVD drive to my Acer Aspire One netbook (8GB SSD Linpus Lite configuration) and ran the Cent OS Live CD. It ran reasonably well. As a matter of fact, it ran as well as Windows XP on my other 8GB SSD Acer Aspire One. Just wish the CentOS team provided an Install to Hard Drive option.
165 • Adam Williamson & Caitlyn Martin+Info? (by D1Knight on 2009-08-27 01:53:22 GMT from United States)
1.) Mr. Williamson and Ms. Martin, I thank you both kindly for your thoughtful and insightful advice and information. I have learned a lot. I appreciate you both. Thanks.
2.) Mr. Williamson, where can I find some info about the latest updates for Fedora 10 & 11? (FWN use to have it, still does?) Last question, is F9 still being supported?
Thank you much! Peace.
166 • No subject (by Nobody Important on 2009-08-27 02:29:04 GMT from United States)
@164: Thank you for changing the subject.
CentOS isn't a performance speed demon, but it's solid and it works. No unexpected surprises, which is a feature too many Linux distros lack.
@165: Fedora releases are supported for 13 months, or as wikipedia puts it, when the release X+2 is a month old. So Fedora 9's support ended in July.
I remember Fedora 10 as a much better release anyway, and Fedora 11 is a great follow-up, so maybe it would be worth upgrading for the sake of doing so. Their recent laptop work alone has saved me dozens of hours of battery life.
167 • @165 (by Adam Williamson on 2009-08-27 03:06:56 GMT from Canada)
166 has the right answer on support lifetimes; F9 is out of support now.
For updates, I believe what you should do is subscribe to the fedora-package-announce list - https://www.redhat.com/mailman/listinfo/fedora-package-announce - and set up appropriate filters. You should get an announcement email when you subscribe to the list which advises you how to set up filters.
168 • @155 (by Adam Williamson on 2009-08-27 03:08:24 GMT from Canada)
for the presence or lack of a root password to be relevant it would have to be an arbitrary code execution vulnerability, I think. and once you hit one of those, all bets are pretty much off, because it's a rare system which doesn't have _something_ with a privilege escalation vulnerability in it installed...
169 • Toys that Kick and Puppy Services (by RO on 2009-08-27 04:13:08 GMT from United States)
1. Caitlyn is quite justified in taking Netbooks seriously. 14% is statistically significant. I had a 1.6 Ghz Atom-powered Asus 900A for a while earlier this year, and found it ideal to run CentOS under VirtualBox for a PHP/MySQL programming class I was taking. At 1.6 Ghz and 2 GB of RAM it had more raw power than anything else I had available, and that was quite adequate "for educational purposes" in running a LAMP stack virtually. The one weakness in disk capacity/speed (over the slow SSD I got on the cheap) was easily remedied with an external disk drive attached via USB 2.0.
2. As Adam Williamson has pointed out, the services running on a computer that can be compromised are a key consideration for the security profile (as well as data exposed on the box itself), and as kirkpuppy pointed out in #160, Puppy is not running much in the way of services to hijack. As a matter of fact a 3.x version I was working with for a digital photo frame experiment on an old Fujitsu Stylistic Tablet would not even install sshd so I could transfer pictures to it over the home network from my regular PC (running a more conventional Linux distro with all that good security stuff like sudo). I think of Puppy as more like my Nokia N810 Internet Tablet which just turns on running (not even sure what Id it is running - need to check in a xterm session with the "id" command I suppose).
How and whether Puppy can be misused deserves a closer examination since it clearly is not a "typical" Linux setup with server capabilities and multi-user focus, and, on the other hand, does have those potentials, but to an uncertain degree. Balanced assessment, anyone?
FWIW RO
170 • @166 & 167 (by D1Knight on 2009-08-27 04:40:29 GMT from United States)
@166-Thank you for the info.
@167-Thanks for the link. O.K., to just confirm, there is no longer a weekly list of updates (security fixes/upgrades) listed in FNW? So, the link is (download text file) for only on a month to month basis-list of updates, instead of weekly, correct? Thank you, all.P.
171 • Ooops! @170 (by D1Knight on 2009-08-27 04:56:50 GMT from United States)
Wrong short-cut, not FNW, but FWN (Fedora Weekly News). Have a great week/end everyone.P
172 • No subject (by forest on 2009-08-27 08:19:51 GMT from United Kingdom)
Readers might find this link of interest on the security issue issue, only caveat is some page links appear not to be working:
http://searchsecurity.techtarget.com.au/contents/35024-Screencast-BackTrack-4...
173 • No subject (by forest on 2009-08-27 13:39:02 GMT from United Kingdom)
Ref #134
Thanks for your explanation, kirkpuppy, ref Puppy and the rest of its litter. I should have been more general with my remark in that I was including all distros, as in better to be a distro rather than a "disastro".
I find the subject of distros quite fascinating in all senses, not least the appeal of not playing host to the MS nasties and the waste of time having to find an anti-whatever, d/l, install, scan, check for updates every day, rescan every day, do the vault thing etc, etc, etc.
Therefore, it was something of a "shock" when I/we read that there were ways to breach a distro's defences without too much trouble at all if, and it is a very big IF, someone else could be arsed to do so...and you were too laid back to consider properly the running in, or not, root thing, how your firewall was configured and so on. I don't mean Puppy here.
I found it riveting, no really, to read the to-ing and fro-ing 'tween CM and AW..all stuff unknown to me before, so ditto the thanks to you two as well...more googling to do, LOL.
BTW, paranoia means, very, very broadly, delusions of grandeur or persecution. It is a mental illness and can be very severe in its consequences...a word used indiscriminately and insensitively sometimes.
My mate was diagnosed as suffering from it and spent a few miserable years in and out of mental hospital before being dismissed on a medical pension, he has not worked in over 20 yrs and never will.
174 • @170 (by Adam Williamson on 2009-08-27 13:49:12 GMT from Canada)
We're not running an update list in FWN any more AFAIK, no, but if you subscribe to the mailing list you get a mail as soon as an update is released.
175 • N810 and security in general (by Michael Raugh on 2009-08-27 15:13:12 GMT from United States)
@169: By default the N810 logs in and runs its apps as "user" without a password. The "user" account is able to install packages and start services, though, so it has to be a little more capable than a normal non-privileged user. In order to gain root access you actually have to install an app called gainroot and run that vs. just using sudo. Failing that the root account is locked -- it can be used by init to run services but can't log in.
(For the benefit of the lodge: Nokia tablets run Maemo, which is a tiny distribution based on Debian and optimized for tablet use.)
Now, as to the hot topic of the week: I believe computer and network security is a lot like economics: there are a few universal truths that almost nobody argues against, but beyond that there are many schools of thought all of which are valid and useful but also incompatible or downright contradictory. Caitlyn deserves a lot of respect (more than she gets here, for sure) for her experience and knowledge; so does Adam, so does Landor, etc. That they disagree doesn't mean anybody is wrong; they just differ in approach. The key is to listen to all of them, decide what level of risk is acceptable for your purposes, and go from there.
For instance, in my day job doing senior admin work at a government site, a high degree of paranoia is important. We run multiple layers of firewalls, log everything to a degree that would be considered excessive in some private sector shops, patch diligently, and keep an iron grip on what services are allowed to run on each box and which users/workstations are allowed to access them. (No, that's not an exhaustive list of our security layers, but it's enough to make the point.)
On my home network, things are a lot more relaxed. We don't host anything meant to be accessed from outside the house, so I block every incoming origination at the border using a firewall appliance which allows management only from its inside interface. That means internal firewalls are far less necessary -- I only run them on the house server where all of our user data lives and on the one Windows box we keep around for gaming. The Windows box is also the only one running antivirus, antispyware, et al. All of the boxes are configured to automatically download and apply updates but I leave it up to the user to reboot at their convenience (again except for the Windows box). The wireless access points use WPA2 and MAC address filtering and have advertising turned off.
Some security experts would look at my home network and scream that anyone who gets past my border firewall can have their way with every machine on the network, and they'd be right. Others might say that with no externally-advertised services the odds of someone putting in the work to breach that firewall just to see what's behind it -- or of them parking a van outside my house for a day while they hack away at WPA2 -- are pretty low, and they'd also be right. With only one Windows box (the rest are various Linuxes and my daughter's Macbook) and some strict rules about what it can be used for in place, I feel sufficiently protected. It's always possible that I'll come home to find out that I was wrong, but the possibility is remote enough that I don't lose sleep over it.
-mr
176 • @nice post 175 (by Sean on 2009-08-27 17:44:00 GMT from United States)
"On my home network, things are a lot more relaxed. We don't host anything meant to be accessed from outside the house, so I block every incoming origination at the border using a firewall appliance which allows management only from its inside interface."
"SO I BLOCK EVERY INCOMING...."
Security. I kept waiting for you to say you didn't use any of it at home. But you didn't say that.
:o)
177 • Security (by Michael Raugh on 2009-08-27 19:46:38 GMT from United States)
> Security. I kept waiting for you to say you didn't use any of it at home. But you didn't say that.
That would be foolhardy. ;^)
No, the point was more about deciding what risks are acceptable for a given environment. At my work environment we have to be diligent and defend against potential threats from inside the network as well as from outside. At home I put reasonable effort into defending against intruders (firewall and secured wireless) but I can afford to trust my users a lot more. They do carry 50 percent of my DNA, after all. ;^D
-mr
178 • No subject (by forest on 2009-08-27 20:44:24 GMT from United Kingdom)
Ref #175, #177
Too much info MR. I can't believe you just said all that...LOL.
You mentioned you work in a senior position in a very secure environment...for the US gov't...with layers of firewalls against external and internal threats...sophisticated protocols to determine which staff are able to access which part of goodness knows how many internal protected networks.
Audits to discover who accessed what file when and for why. (Possibly the P/Ws are unique to each user on any particular system, from day to day...are changed on a mandatory NTK basis but at infrequent intervals as trips?)
Hmmm...security...a lot of folk now know a bit more about US gov't methodology than hitherto...
Crikey, it's almost as bad as our MoD blokes virtually donating their laptops to all and sundry...on average 3 times a WEEK! It seems that even the PCs are thieved too...wonderful thing security.
179 • @174 & more ?'s (by D1Knight on 2009-08-27 22:29:48 GMT from United States)
@174-Thank you for the clarification.
Noob ?'s 1.) When doing an install of Fedora, there is a check box option for encrypting HDD (complete). Choosing to encrypt the whole HDD, is there anything that needs to be modified/setup before doing so?
2.) To keep my current OS then, how do I add an install of Fedora? (adjusting partitions) I am not aware if the Fedora install, recognizes other OS's and during the install if you are given options for adjusting sizes for each OS on the HDD (End result-2 OS's, half of the HDD for each OS)
Thank you very much.P.
180 • @179 Your Answers: (by RollMeAway on 2009-08-27 22:57:23 GMT from United States)
http://docs.fedoraproject.org/install-guide/
http://fedoraproject.org/wiki/FAQ
http://forums.fedoraforum.org/
181 • Firewall -- blocking all ports (by Jesse on 2009-08-27 23:04:31 GMT from Anonymous Proxy)
@Xtyn:
Firewalls make a distinction between incoming connections and outgoing connections. If you get a service, like grc, to scan your computer, they will be checking to see if your computer has any ports open for incoming connections.
Most firewalls (at least ones for home use) block all/most incoming connections. However, it it very rare to have a personal firewall also block outgoing connections. An outgoing connection is what happens when your computer attempts to contact another machine (for example, a web server).
This is why when you check your 65535 ports, they all appear to be closed. You're testing for incoming connections. However, your firewall is NOT blocking your outgoing connections. This is why you're able to connect to web sites, like DistroWatch. If your firewall was blocking ALL connections in both directions, you would be unable to web surf, check e-mail, etc; you'd be completely shut off from the outside world.
Some work places block various outgoing connections too, for various reasons. I hope this clears things up for you.
182 • @180 RollMeAway (by D1Knight on 2009-08-27 23:46:38 GMT from United States)
Thank you for the links.
183 • Re # 145 (by Rex on 2009-08-28 02:01:39 GMT from United States)
To DG from the Netherlands
Sorry I didn't thank you sooner for your graceful thoughts sooner. :(
184 • root vs no password (by Anonymous on 2009-08-28 02:52:05 GMT from United States)
Running as root, I see no problem.
Setting up a root account without a password, I see a HUGE problem.
185 • Password (by Anonymous on 2009-08-28 03:53:12 GMT from United States)
Again, The comments that Martin posted over and over again, that Puppy has no root password, are a COMPLETE FABRICATION. She does not know what she is writing about.
186 • My "Swan Song" (by Notorik on 2009-08-28 04:13:13 GMT from United States)
I was told to shut up about my views on security. I have been called an "idiot" among other things. It is interesting that I still have not seen that link for Kirkpuppy. Poppycock! I stand behind my original statements. Now, let's be clear, I have simply stated an (informed) opinion. I have not threatened anyone with any kind violence (virtual or otherwise). I understand that my opinion is not popular but it is not uninformed despite what other supposed authorities have said. Regardless of whether or not you agree with me, this issue has sparked a robust debate with many interesting points being made on both sides of the issue. Let's agree to disagree, leave the violence at the door, and debate.
187 • jolicloud (by ismail arslangiray on 2009-08-28 04:36:56 GMT from United States)
I wonder is anyone will cover it? It is the worst clone of Ubuntu I ever seen.
188 • #185 - No fabrication here, and that's Ms. Martin to you (by Caitlyn Martin on 2009-08-28 05:16:55 GMT from United States)
First, I said clearly and straightforwardly that I didn't run Puppy and was basing my comments on Jesse Smith's reviews.
Second, running as root with a well known and published password is as good as running with no password at all. Six of one, half a dozen of another.
Oh, and anyone who says that there is no problem running as root with no password or a published password is an "informed" opinion, well... that's a new definition of informed with which I am not acquainted.
189 • #181 (by Xtyn on 2009-08-28 05:53:32 GMT from Romania)
Thanks Jesse, but I already knew that. AdamW said it too.
190 • No subject (by forest on 2009-08-28 08:32:30 GMT from United Kingdom)
Changing the subject...but very much on topic...this may be of interest to those who would like to know more of the range of distros:
http://en.wikipedia.org/wiki/IMagic_OS
And, from whence the first "real" (independently installable) distro evolved...who'd have thought it?
191 • #185 (by BillWho? on 2009-08-28 10:47:11 GMT from Australia)
"Second, running as root with a well known and published password is as good as running with no password at all. Six of one, half a dozen of another."
Hmm let's see; 1/ Boot Puppy 2/ ctrl+alt+F2 (because my eyes are going and this is easier to read than in a console) " puppypc login :root Password : well known and published password #passwd Changing password for root New password : a new and unpublished password Retype password : a new and unpublished password Password for root changed by root " 3/ ctrl+alt+F3 (back to GUI)
You were saying Ms Caitlyn???
An additional thought on on line banking (just a thought, not having a go at anyone) 1/ Is your system compromised? (As either root or an unprivileged user ) Lets assume not . 2/ Is your bank's system compromised? Even if it is not it will be under constant attack. After it is finally compromised (and it will happen eventually) by someone it will still be under constant attack from others.
192 • No subject (by forest on 2009-08-28 12:51:46 GMT from United Kingdom)
Well, the security issue certainly held folks' attention...for the second week, and why not?
We've ALL learned something useful, if only to be a tad more concise when describing a particular issue...not to rely too much on hearsay and to concede, gracefully, that you might possibly have got it wrong...not to be too free with certain aspects...and particularly the "dangers" of running in root.
The running in root issue applies in any event...it is entirely possible to make a muck up of your own system, online or not, by forgetting you have "terminal" priviledges over your system, LOL.
A prime example of learning something you may not even have considered is Billwho?'s last comment in #191. A third party being compromised, ie, a bank, just because you assume it HAS to be secure means absolutely nothing...this third party knows your banking details as well as you do.
193 • Spilling the beans? (by Michael Raugh on 2009-08-28 12:55:04 GMT from United States)
@178: I don't think anyone's going to come for me over that post, forest. If anyone really wants to know what security controls are mandated for all US Federal Government agencies they have only to do a little Googling -- the requirements are all spelled out in publicly-available documents just waiting to be downloaded.
Exactly how we meet those requirements is the "secret sauce" and I didn't tell any of that. ;^)
-mr
194 • re:191 (by kirkpuppy on 2009-08-28 13:05:14 GMT from United States)
Or you could just open a terminal and type passwd.
I'm trying to wrap my head around this idea, that the user that someone logs-in as on a terminal has something to do with the system's vulnerability on a network. The ways I know about how to "hijack" a computer falls in to two basic categories, 1) Trick the user into installing a piece of software 2) Directly attack a daemon, (http is a good one, still very difficult). Nether one of these approaches depend on what the user is logged in as. If your malicious software needs to be root to install, which is not necessarily the case, the user will sudo or su to do it, unless the user does not know the root password. If someone downloads software, they have already made the assessment that it's safe. If administrator password is required to install, that what they'll do.
195 • RE: @164 CentOS (by Johnny Hughes on 2009-08-28 13:45:59 GMT from United States)
@164: You really wish that RHEL provided one (because then CentOS would as well).
The problem is, in order to get a live install option from the DVD/CD we need to make technical changes to Anaconda, anaconda-runtime, and also add kernel modules and other things to the distro.
Since CentOS is about NOT changing the distro and instead all about being as close to upstream as possible, it prohibits us from making the changes ... at least from making them on our "Official Release" DVDs and CDs.
You CAN do a net install from the Live CD, just like you can from a normal install.
You can't have as close as possible to 100% binary compatibility and also an unsupported installation that upstream does not offer :D
196 • Installable Live CentOS CD (by Johnny Hughes on 2009-08-28 13:51:42 GMT from United States)
https://projects.centos.org/trac/livecd/
The above link has all the instructions so you can create your own Live CentOS CD which has an installable option.
So if you have a need to make one of these, you can make it. It will have some mods from the upstream distro if you make it.
197 • No subject (by forest on 2009-08-28 13:54:59 GMT from United Kingdom)
Ref #193
LOL only about 4 million hits in google...as I said before, far too much information.
The more info of any kind the more the dodgy characters have to go on.
But as said before, here in UK, our lot think nothing of leaving stuff around on buses, taxi, trains or cars.
I would play devil's advocate and suggest that any finder "could" come to realise what (s)he had stolen/found and try to flog it round the tradesman's entrance to "a" foreign embassy. Who knows how long it might take their crypto kiddies to gain access? Assuming of course there was any encryption. If they were careless enough to lose control over the machine...were they careless enough to ignore the P/W protocol.
This is a true story...some years ago an army suplus store in Oxford, UK, bought up a job lot of MoD PCs.
Some were bought by Joe Public and one in particular was bought by an undergraduate, reading computer science at one of the colleges. On firing up his new machine he found the h/d had not been wiped and suddenly became privy to stuff not meant for his eyes. The files were not encrypted. He flogged the story to a tabloid who "covered" said PC's return to the authorities.
The point of this tale is that even if you have all the protocols going it still comes down to them being followed. I/anyone can buy from "a" recycling shop a PC which almost certainly will not have been wiped...it is ASTONISHING (but not really, LOL) what some folk keep on their PCs...or have no idea of deleting their "history".
198 • Re #188 (by Rex on 2009-08-28 15:15:01 GMT from United States)
The people that attack the Puppy users, and attack is the correct word, repeat themselves over and over. Yet Notorik was told to shut up for this when his comments are usually much more polite than his attackers. CM has proven that she talks without knowing what she is talking about, as even I a non Puppy user had read the prior comment that one can change the root password in Puppy after logging in. Knowing CM she will violently offer a rationalization for her error. But what irritates me more is that she like Landor will promise that they "are through for the week" and then barge right back in again at the slightest provocation with their nastiness .And Notoriks Swan song post was was thin gruel indeed to inspire such a hateful reply by CM. I feel that this is a legitimate issue to raise because I know posts do get deleted here and the bullys in this case are more in the favor of the forum editor than the people being called idiots so they seem to abuse that fact and have an unfair advantage. And no, I am not whining as per Nobody Important's nastiness, just stating that the deck seems stacked and that is straight up wrong in any world.Nor am I inciting as per CM and Landors pet ploy attack; just read the harshness of their comments and see that the pot is indeed calling the kettle black.
199 • Slackware - Exciting News! (by Elder V. LaCoste on 2009-08-28 15:16:16 GMT from United States)
Congrats to Patrick V. and the Slackware team on the new release. This is wonderful news for many derivatives including my new favorite, Wolvix.
This whole debate on security has been very educational. I have learned a lot. It seems you should, at the very least, change the root password.
200 • #191, #198 - Why don't you read what I wrote before replying? (by Caitlyn Martin on 2009-08-28 17:19:00 GMT from United States)
#191: I, myself, made the comment repeatedly, very early on that Puppy (or any Linux distro) can be secured and that all a user had to do was change the password. If you had read what I had written instead of going into attack mode you would not have had any disagreement with me, would you? I also, when talking about root without a password said very clearly that I was writing generically about any number of live CDs, not Puppy alone or specifically. Adam Williamson pointed out that Mandriva One runs this way. Why do you take this as some sort of attack on Puppy Linux? Why is the Puppy community so defensive? Think about it.
#198: Read what I just wrote re #191. Read what I wrote before that. When I said the idea of ignoring security basics was "stupid" I was responding to Notorik but you got all bent out of shape. If the shoe fits... Anyway, Landor called you on your posts about security as well. Why all the anger at me? Someone tries to educate you about security and you call it bullying? I would have been done for the week if it wasn't for personal attacks on me.
When I get something wrong I say so. I've done so often. I acknowledge my mistakes.
Here's a challenge for you: show me, quote me, where I got something wrong this week. Show me where I responded "violently". You are attacking me for one word posted early on. I wasn't the only one who was seriously concerned about the really bad advice being given out here. Ladislav was. Landor was as well. Instead of disagreeing with that advice (which you can do) you decided to shoot the messengers. Very nice.
201 • In reply to 200 (by Eyes-Only on 2009-08-28 18:07:12 GMT from United States)
Here's your proof - which I brought up in reply in #156 and you must not have seen apparently:
Ms. CM in #141: "A live CD or unionfs does NOT protect your hard drive. A frugal install protects the OS only, not the data. The issue isn't just running as root. It's running as root without any password as Puppy does."
Of course, all of these will be deleted just as REX has said they'll be. I was only a little upset before... but now the tires on my chair are flat from smoking.
For the record: I'm a Puppy user - but not a Puppy fanatic as I rarely login/comment on the Murga forums. My Distro of choice is Debian-Lenny and Debris, but I also have my play and funtime in Puppy.
@Forest: Thankfully I don't have bank accounts either. ;)
Eyes-Only "L'Peau-Rouge"
202 • Comments Section (by Landor on 2009-08-28 18:07:35 GMT from Canada)
I honestly believe the comments section has descended to a point where people are openly baited to respond. I for one don't like to be owned in any way. I'm not saying others do either. What I am saying is, being aware of that, there's no one to blame but myself if I allow it to continue. Hell, make it even worse, it could be someone like 18, or even younger trying to do it.
So, I'm going to take account of my own "security", change my root password, and put such posters (which of course is only my opinion) on what I like to call, MI, or Mental Ignore.
Life's easier that way...
Keep your stick on the ice...
Landor
203 • #201: One line out of context (by Caitlyn Martin on 2009-08-28 18:16:24 GMT from United States)
Yes, I wrote that one line in #146. I also clarified it, repeatedly, by saying I hadn't run Puppy and was basing that off the review. I also said, repeatedly, that I wasn't referring to Puppy exclusively as I did again in #200. Finally, I also said, repeatedly, than running with no password or a well known, published password was essentially the same thing. Puppy runs as root with a known password, not no password.
Also, what have you proven? I'm not sure I see how this responds to #200 at all. Maybe I'm being dense but I clarified or corrected that statement. I certainly didn't "violently defend" it as Rex claims. I also can't imagine why post #200 bothers you so.
204 • Me (by I at 2009-08-28 18:35:12 GMT from Seychelles)
Comment deleted (off-topic).
205 • Puppy security (by PaulB on 2009-08-28 19:10:37 GMT from United States)
If you look at the Puppy forum there are many threads on this subject. It comes up over and over. I've read a lot of these and keep coming back to the point that, given the usage model of Puppy, concern about running as root is more religious than anything.
Anyway, Puppy does not have to be the most secure distro. It just has to be more secure than Windows, because it is THE most important escape vehicle from Windows. It is certainly way more secure than Windows is. Hardly anyone runs with more than a firewall, yet whenever someone asks if anyone has EVER had a security breach with Puppy, the silence is deafening.
Personally, I wish Barry would allow the option to run as a regular user, if only to stop this incessant complaining about how scary it is to run as root. One can convert Puppy to be that way, but it is tedious.
206 • No subject (by forest on 2009-08-28 19:36:57 GMT from United Kingdom)
Ref the acrimony laden debate ref security...perhaps it might be a "Good Idea" for DW to do an article in the newsletter on security...or at least the bare bones of..correct the myths and suchlike...with links for more in depth info?
This way we will, as said earlier, ALL be a bit wiser. If "we" were hoping to encourage folk to try GNULinux this sort of "debate" is not perhaps the ideal way to do it. I note MM has not been around lately...let's hope MM has been on hols, without internet access, LOL.
There's nothing wrong with an animated debate in the slightest, but getting a bit personal is going a tad too far.
207 • Re #204 (by Miq on 2009-08-28 20:10:40 GMT from Sweden)
Comment deleted (off-topic).
208 • Fair play, please. (by Antony on 2009-08-28 20:26:04 GMT from United Kingdom)
Hmmm.....
It is really disappointing when people fail to fully read posts (or ignore relevant points).
Having read (and considered) the security comments, I see no problem whatsoever with CM's comments (or responses).
The point was presented that running as root without a password is not best practice. That is valid isn't it?
And, the advice was given (I'm sure), out of a desire to help other people. It is so depressing to see people who's motivation is purely to help others avoid potential problems......sheeesh!
I know I will not be the only one who thinks this is bad 'sport'.
Yet another sad fact of life.
209 • Security (by pstef on 2009-08-28 21:31:00 GMT from Poland)
"For the paranoid, even CentOS isn't safe enough. The paranoid should use openBSD, or better yet, stay away from computers, that's really safe." Couldn't agree more. If you care about security so much, you shouldn't use Linux.
210 • @209, etc (by Sean on 2009-08-28 21:41:21 GMT from United States)
Baloney. If you care about safety so much you shouldn't drive a car?
How about using your seat belt plus have good tires,etc and don't drive drunk.
How about using your computer sensibly and take prudent cautions as outlined here there and everywhere?
No need to throw the baby out with the bath water; just be informed in your use of these great machines.
211 • Warsow (by Nobody Important on 2009-08-28 21:57:15 GMT from United States)
One of the better free Linux games out there (GPL engine, freeware assets), Warsow has finally made its 0.5 release.
The last release was not quite my taste (too much of a focus on bunnyhopping and jumping) but it's certainly polished and fun. I am a sucker for any shooters on our lovable platform, so I'm sure I'll dive into it once out internet works itself out.
208, I can't agree with your post more.
212 • @210 (by pstef on 2009-08-28 23:11:14 GMT from Poland)
If car A is popular but car B is safer, and all you talk about is how to drive car A safely, you shouldn't drive car A at all. Don't be CM, just choose car B.
213 • @195, 196 (by Joe on 2009-08-28 23:38:05 GMT from United States)
Thanks for the link.
I made the hard drive install option comment after booting CentOS from the live CD. It automatically detected my hardware and loaded the drivers needed to get the Acer up and running. I liked the desktop and it ran well enough. I wouldn't mind running this as my regular desktop. However, I find that the install from the standard CD is a little more challenging. When I have the time to work on it again, I'll pop over the the CentOS forums for assistance.
Again, thanks.
Number of Comments: 213
Display mode: DWW Only • Comments Only • Both DWW and Comments
| | |
TUXEDO |
TUXEDO Computers - Linux Hardware in a tailor made suite Choose from a wide range of laptops and PCs in various sizes and shapes at TUXEDOComputers.com. Every machine comes pre-installed and ready-to-run with Linux. Full 24 months of warranty and lifetime support included!
Learn more about our full service package and all benefits from buying at TUXEDO.
|
Archives |
• Issue 1091 (2024-10-07): Redox OS 0.9.0, Unified package management vs universal package formats, Redox begins RISC-V port, Mint polishes interface, Qubes certifies new laptop |
• Issue 1090 (2024-09-30): Rhino Linux 2024.2, commercial distros with alternative desktops, Valve seeks to improve Wayland performance, HardenedBSD parterns with Protectli, Tails merges with Tor Project, Quantum Leap partners with the FreeBSD Foundation |
• Issue 1089 (2024-09-23): Expirion 6.0, openKylin 2.0, managing configuration files, the future of Linux development, fixing bugs in Haiku, Slackware packages dracut |
• Issue 1088 (2024-09-16): PorteuX 1.6, migrating from Windows 10 to which Linux distro, making NetBSD immutable, AlmaLinux offers hardware certification, Mint updates old APT tools |
• Issue 1087 (2024-09-09): COSMIC desktop, running cron jobs at variable times, UBports highlights new apps, HardenedBSD offers work around for FreeBSD change, Debian considers how to cull old packages, systemd ported to musl |
• Issue 1086 (2024-09-02): Vanilla OS 2, command line tips for simple tasks, FreeBSD receives investment from STF, openSUSE Tumbleweed update can break network connections, Debian refreshes media |
• Issue 1085 (2024-08-26): Nobara 40, OpenMandriva 24.07 "ROME", distros which include source code, FreeBSD publishes quarterly report, Microsoft updates breaks Linux in dual-boot environments |
• Issue 1084 (2024-08-19): Liya 2.0, dual boot with encryption, Haiku introduces performance improvements, Gentoo dropping IA-64, Redcore merges major upgrade |
• Issue 1083 (2024-08-12): TrueNAS 24.04.2 "SCALE", Linux distros for smartphones, Redox OS introduces web server, PipeWire exposes battery drain on Linux, Canonical updates kernel version policy |
• Issue 1082 (2024-08-05): Linux Mint 22, taking snapshots of UFS on FreeBSD, openSUSE updates Tumbleweed and Aeon, Debian creates Tiny QA Tasks, Manjaro testing immutable images |
• Issue 1081 (2024-07-29): SysLinuxOS 12.4, OpenBSD gain hardware acceleration, Slackware changes kernel naming, Mint publishes upgrade instructions |
• Issue 1080 (2024-07-22): Running GNU/Linux on Android with Andronix, protecting network services, Solus dropping AppArmor and Snap, openSUSE Aeon Desktop gaining full disk encryption, SUSE asks openSUSE to change its branding |
• Issue 1079 (2024-07-15): Ubuntu Core 24, hiding files on Linux, Fedora dropping X11 packages on Workstation, Red Hat phasing out GRUB, new OpenSSH vulnerability, FreeBSD speeds up release cycle, UBports testing new first-run wizard |
• Issue 1078 (2024-07-08): Changing init software, server machines running desktop environments, OpenSSH vulnerability patched, Peppermint launches new edition, HardenedBSD updates ports |
• Issue 1077 (2024-07-01): The Unity and Lomiri interfaces, different distros for different tasks, Ubuntu plans to run Wayland on NVIDIA cards, openSUSE updates Leap Micro, Debian releases refreshed media, UBports gaining contact synchronisation, FreeDOS celebrates its 30th anniversary |
• Issue 1076 (2024-06-24): openSUSE 15.6, what makes Linux unique, SUSE Liberty Linux to support CentOS Linux 7, SLE receives 19 years of support, openSUSE testing Leap Micro edition |
• Issue 1075 (2024-06-17): Redox OS, X11 and Wayland on the BSDs, AlmaLinux releases Pi build, Canonical announces RISC-V laptop with Ubuntu, key changes in systemd |
• Issue 1074 (2024-06-10): Endless OS 6.0.0, distros with init diversity, Mint to filter unverified Flatpaks, Debian adds systemd-boot options, Redox adopts COSMIC desktop, OpenSSH gains new security features |
• Issue 1073 (2024-06-03): LXQt 2.0.0, an overview of Linux desktop environments, Canonical partners with Milk-V, openSUSE introduces new features in Aeon Desktop, Fedora mirrors see rise in traffic, Wayland adds OpenBSD support |
• Issue 1072 (2024-05-27): Manjaro 24.0, comparing init software, OpenBSD ports Plasma 6, Arch community debates mirror requirements, ThinOS to upgrade its FreeBSD core |
• Issue 1071 (2024-05-20): Archcraft 2024.04.06, common command line mistakes, ReactOS imports WINE improvements, Haiku makes adjusting themes easier, NetBSD takes a stand against code generated by chatbots |
• Issue 1070 (2024-05-13): Damn Small Linux 2024, hiding kernel messages during boot, Red Hat offers AI edition, new web browser for UBports, Fedora Asahi Remix 40 released, Qubes extends support for version 4.1 |
• Issue 1069 (2024-05-06): Ubuntu 24.04, installing packages in alternative locations, systemd creates sudo alternative, Mint encourages XApps collaboration, FreeBSD publishes quarterly update |
• Issue 1068 (2024-04-29): Fedora 40, transforming one distro into another, Debian elects new Project Leader, Red Hat extends support cycle, Emmabuntus adds accessibility features, Canonical's new security features |
• Issue 1067 (2024-04-22): LocalSend for transferring files, detecting supported CPU architecure levels, new visual design for APT, Fedora and openSUSE working on reproducible builds, LXQt released, AlmaLinux re-adds hardware support |
• Issue 1066 (2024-04-15): Fun projects to do with the Raspberry Pi and PinePhone, installing new software on fixed-release distributions, improving GNOME Terminal performance, Mint testing new repository mirrors, Gentoo becomes a Software In the Public Interest project |
• Issue 1065 (2024-04-08): Dr.Parted Live 24.03, answering questions about the xz exploit, Linux Mint to ship HWE kernel, AlmaLinux patches flaw ahead of upstream Red Hat, Calculate changes release model |
• Issue 1064 (2024-04-01): NixOS 23.11, the status of Hurd, liblzma compromised upstream, FreeBSD Foundation focuses on improving wireless networking, Ubuntu Pro offers 12 years of support |
• Issue 1063 (2024-03-25): Redcore Linux 2401, how slowly can a rolling release update, Debian starts new Project Leader election, Red Hat creating new NVIDIA driver, Snap store hit with more malware |
• Issue 1062 (2024-03-18): KDE neon 20240304, changing file permissions, Canonical turns 20, Pop!_OS creates new software centre, openSUSE packages Plasma 6 |
• Issue 1061 (2024-03-11): Using a PinePhone as a workstation, restarting background services on a schedule, NixBSD ports Nix to FreeBSD, Fedora packaging COSMIC, postmarketOS to adopt systemd, Linux Mint replacing HexChat |
• Issue 1060 (2024-03-04): AV Linux MX-23.1, bootstrapping a network connection, key OpenBSD features, Qubes certifies new hardware, LXQt and Plasma migrate to Qt 6 |
• Issue 1059 (2024-02-26): Warp Terminal, navigating manual pages, malware found in the Snap store, Red Hat considering CPU requirement update, UBports organizes ongoing work |
• Issue 1058 (2024-02-19): Drauger OS 7.6, how much disk space to allocate, System76 prepares to launch COSMIC desktop, UBports changes its version scheme, TrueNAS to offer faster deduplication |
• Issue 1057 (2024-02-12): Adelie Linux 1.0 Beta, rolling release vs fixed for a smoother experience, Debian working on 2038 bug, elementary OS to split applications from base system updates, Fedora announces Atomic Desktops |
• Issue 1056 (2024-02-05): wattOS R13, the various write speeds of ISO writing tools, DSL returns, Mint faces Wayland challenges, HardenedBSD blocks foreign USB devices, Gentoo publishes new repository, Linux distros patch glibc flaw |
• Issue 1055 (2024-01-29): CNIX OS 231204, distributions patching packages the most, Gentoo team presents ongoing work, UBports introduces connectivity and battery improvements, interview with Haiku developer |
• Issue 1054 (2024-01-22): Solus 4.5, comparing dd and cp when writing ISO files, openSUSE plans new major Leap version, XeroLinux shutting down, HardenedBSD changes its build schedule |
• Issue 1053 (2024-01-15): Linux AI voice assistants, some distributions running hotter than others, UBports talks about coming changes, Qubes certifies StarBook laptops, Asahi Linux improves energy savings |
• Issue 1052 (2024-01-08): OpenMandriva Lx 5.0, keeping shell commands running when theterminal closes, Mint upgrades Edge kernel, Vanilla OS plans big changes, Canonical working to make Snap more cross-platform |
• Issue 1051 (2024-01-01): Favourite distros of 2023, reloading shell settings, Asahi Linux releases Fedora remix, Gentoo offers binary packages, openSUSE provides full disk encryption |
• Issue 1050 (2023-12-18): rlxos 2023.11, renaming files and opening terminal windows in specific directories, TrueNAS publishes ZFS fixes, Debian publishes delayed install media, Haiku polishes desktop experience |
• Issue 1049 (2023-12-11): Lernstick 12, alternatives to WINE, openSUSE updates its branding, Mint unveils new features, Lubuntu team plans for 24.04 |
• Issue 1048 (2023-12-04): openSUSE MicroOS, the transition from X11 to Wayland, Red Hat phasing out X11 packages, UBports making mobile development easier |
• Issue 1047 (2023-11-27): GhostBSD 23.10.1, Why Linux uses swap when memory is free, Ubuntu Budgie may benefit from Wayland work in Xfce, early issues with FreeBSD 14.0 |
• Issue 1046 (2023-11-20): Slackel 7.7 "Openbox", restricting CPU usage, Haiku improves font handling and software centre performance, Canonical launches MicroCloud |
• Issue 1045 (2023-11-13): Fedora 39, how to trust software packages, ReactOS booting with UEFI, elementary OS plans to default to Wayland, Mir gaining ability to split work across video cards |
• Issue 1044 (2023-11-06): Porteus 5.01, disabling IPv6, applications unique to a Linux distro, Linux merges bcachefs, OpenELA makes source packages available |
• Issue 1043 (2023-10-30): Murena Two with privacy switches, where old files go when packages are updated, UBports on Volla phones, Mint testing Cinnamon on Wayland, Peppermint releases ARM build |
• Issue 1042 (2023-10-23): Ubuntu Cinnamon compared with Linux Mint, extending battery life on Linux, Debian resumes /usr merge, Canonical publishes fixed install media |
• Issue 1041 (2023-10-16): FydeOS 17.0, Dr.Parted 23.09, changing UIDs, Fedora partners with Slimbook, GNOME phasing out X11 sessions, Ubuntu revokes 23.10 install media |
• Issue 1040 (2023-10-09): CROWZ 5.0, changing the location of default directories, Linux Mint updates its Edge edition, Murena crowdfunding new privacy phone, Debian publishes new install media |
• Issue 1039 (2023-10-02): Zenwalk Current, finding the duration of media files, Peppermint OS tries out new edition, COSMIC gains new features, Canonical reports on security incident in Snap store |
• Issue 1038 (2023-09-25): Mageia 9, trouble-shooting launchers, running desktop Linux in the cloud, New documentation for Nix, Linux phasing out ReiserFS, GNU celebrates 40 years |
• Issue 1037 (2023-09-18): Bodhi Linux 7.0.0, finding specific distros and unified package managemnt, Zevenet replaced by two new forks, openSUSE introduces Slowroll branch, Fedora considering dropping Plasma X11 session |
• Full list of all issues |
Star Labs |
Star Labs - Laptops built for Linux.
View our range including the highly anticipated StarFighter. Available with coreboot open-source firmware and a choice of Ubuntu, elementary, Manjaro and more. Visit Star Labs for information, to buy and get support.
|
Random Distribution |
CTKArch
CTKArch was a minimalist, Arch-based live CD using the Openbox window manager. It includes a text-based system installer, support for a number of popular file systems, and out-of-the-box support for English and French languages.
Status: Discontinued
|
TUXEDO |
TUXEDO Computers - Linux Hardware in a tailor made suite Choose from a wide range of laptops and PCs in various sizes and shapes at TUXEDOComputers.com. Every machine comes pre-installed and ready-to-run with Linux. Full 24 months of warranty and lifetime support included!
Learn more about our full service package and all benefits from buying at TUXEDO.
|
Star Labs |
Star Labs - Laptops built for Linux.
View our range including the highly anticipated StarFighter. Available with coreboot open-source firmware and a choice of Ubuntu, elementary, Manjaro and more. Visit Star Labs for information, to buy and get support.
|
|