:: [Dng] Puppy Linux, AntiX - was Re: …
Página superior
Eliminar este mensaje
Responder a este mensaje
Autor: Apollia
Fecha:  
A: dng
Asunto: [Dng] Puppy Linux, AntiX - was Re: Puppy Linux-related thoughts
On Mon, Mar 23, 2015 at 9:18 AM, Robert Storey <robert.storey@???> wrote:
> Puppy Linux is interesting. I used it for awhile and liked that it was fast,
> and fun. A bit lacking in software, but with the Slacko packages you can
> make it better. My main concern about it was that it logs you in as root
> (without even a password). A lot of people have expressed concern about this
> apparent security hole, but Puppyistas are insistent that it's no problem. I
> remain somewhat sceptical.


I usually don't even think about that, but, when I do think about it,
it worries me too. Thanks for bringing it up, I had forgotten all
about that.

My rather pitiful approach to security (other than burying my head in
the sand) is mostly to just blindly hope that the people who think
Puppy is secure enough are right.

While running things as root and mostly not having to worry about user
privileges, etc. certainly makes things simpler, I've always suspected
it might be a dangerous and harmful oversimplification.

But, I don't really know, and am definitely not really qualified to judge.

Some Puppies are configured to run web browsers and other things as a
less privileged user named "spot", but, again, I can't judge how much
good that does or doesn't do.

I've heard that Puppy can use chroot, but, I don't know the details,
and am such a newbie I don't yet know how to use chroot in any Linux
at all yet - but, I guess I'll learn in the process of trying to build
my own Linux from scratch.

I definitely am not saying everything about Puppy is great and worth
reimplementing in every Linux!


The thing about Puppy I think might be best for other OSes to emulate
would be, the emphasis on making things really easy and intuitive even
for non-technical users.

That might give Devuan an obvious advantage over Debian (and other
distros) even in the eyes of non-technical people who might have a
difficult time understanding what systemd is and why it's bad, and
could help increase the popularity of Linux in general.


Another thing that interested me about Gobo Linux when I was reading
about it yesterday was, the notion of trying some unconventional
approaches to dealing with root, such as renaming root, minimizing
root's powers, and other ideas to enhance security.

Those ideas are currently mostly beyond my ability to understand or
summarize, but, perhaps there are some good ideas that could be useful
in Devuan or other Linuxes.

Quoted from a page titled titled "I am not clueless - or, "Myths and
misconceptions about the design of GoboLinux":

http://www.gobolinux.org/index.php?page=doc/articles/clueless

"Now that I'm through with the historical explanation, one thing I
would like to point out that it is a well-known fact that the
existence of a single god-like entity is one of the weaknesses of the
Linux security model, and that is what bothered me with the notion of
an arbitrary root versus the rest of users; it is akin to a single
point of failure in a distributed system. The first thing every
project aiming to improve the security of Linux does is to increase
the granularity of the security model, do dilute the power of root:
ACLs, capabilities, SELinux... It may be argued that some of those add
excessive complexity to the model, but I won't dive into this
discussion here. The one thing that is clear is that the root model is
overly simplistic for today's complex systems, and that the ``setuid''
kludge is the source of most security issues. Plan 9, for example,
doesn't have a superuser at all; it offers a virtualized view of the
file system to each process. The gobo experiment was an interesting
assessment on how ingrained in the Linux world is the expectation on
having a root user; fortunately, not much (it does not measure how
attached the security model is to the user #0, of course). One future
direction I would like GoboLinux to take (and in fact Linux in
general) is to adopt some of the technologies listed above as a way to
improve the control over the system security and administration; to
detach ourselves from root was the first step in this direction."

> Anyway, kudos to the developers for remaining
> systemd-free. On the other hand, I just took a look at their forum, and I
> was dismayed to see several posts by users practically demanding that
> systemd be brought into Puppy.


Yes, even their 14-page long "boycott systemd" thread has a few people
saying things in favor of (or not against) systemd.
http://murga-linux.com/puppy/viewtopic.php?t=93586

But the overall impression I got from that thread was that most are against it.

I guess if systemd-induced incompatibility keeps spreading throughout
the Linux world, pressure to add systemd might increase over time even
in the Puppy community.

But, hopefully the alternatives provided by Devuan and others will
help stop that.


I finally noticed that DebianDog, which is somewhat related to Puppy,
unfortunately has systemd:

http://murga-linux.com/puppy/viewtopic.php?t=93225


But, fortunately, DebianDog doesn't qualify as a "mainline", official
Puppy distro, since it's not built using Puppy's "woof" system.

A blog post by Barry Kauler (creator of Puppy Linux) -
http://bkhome.org/news/?viewDetailed=00124 - says:

     "Puppies built from woof-CE are following the "mainline"."


and:

     'The latest "official" Puppy, built from woof-CE, is Tahrpup 6.0'



> Hopefully, the developers will resist the
> urge to surrender.


Yes. And hopefully someday there will be a DevuanDog. :-)

>
> Wolfgang Pirker wrote:
>> There is also AntiX. The main developer behind it seems also not to be
>> happy about how Debian Jessie users are forced to use SystemD:
>> http://antix.freeforums.org/viewtopic.php?f=6&t=5280
>>
>>(if anyone is more interested about a AntiX (Jessie-based) release
>> without SystemD - a Beta release:
>> http://distrowatch.com/?newsid=08851 )


Thanks for the info!

>
> Wow! I'm familiar with AntiX, having used it long ago, but I hadn't realized
> that the latest beta is Jessie-based and systemd-free. So now I have to ask:
> Isn't that pretty much what we're doing here with Devuan? Perhaps I should
> rephrase that: In what ways is AntiX different from Devuan? And is there any
> possibility of collaborating with Anticapitalista (the developer)?
>
> cheers,
> Robert


I'm just a newbie around here (and relatively new to Linux, only been
using it since 2011), so I wouldn't know how to answer.

But I like your questions. :-)


Anyway, I don't normally post very much to the internet at all (except
my own website and Tumblr), and I'm nowhere near as technically
knowledgeable as I wish I was. I wish I had switched to Linux years
ago - I have years and years of catching up to do, and don't know if
I'll ever be able to reach the point of being an expert on anything.

So, I don't know if I'll soon think of anything more that seems
worthwhile to say, and I'll probably soon go back to being mostly
quiet. But, I'll at least be silently cheering for Devuan. :-)

Thanks to everyone in the Devuan community, and congratulations on all
the progress!

Best wishes,
Apollia