Page 63 of 97
Posted: Tue 05 Apr 2011, 15:51
by Terryphi
tasmod wrote:Firewallstate.
In firewallstate the code routine for turning the firewall on/off was originally meant to be for testing purposes, I never meant it to 'kill' the firewall program.
The routine uses the firewall programs stop/start feature. (Note:Firewall program, not firewallstate)
The firewall program once installed writes a code line to etc/rc.d/rc.local that checks for the firewall programs file rc.firewall which is created when the firewall program is first run.
Now this will then start the firewall each time at each boot and is independent of the stop/start feature.
To prevent the firewall from restarting at boot I would need to rewrite the code snippet in firewallstate that turns the firewall on/off so that it would erase the rc.firewall file and the rc.local file line for the firewall. This means that to restart the firewall would require a complete re-run of the firewall wizard install routine, hence the entry for this in the firewallstate menu.
I suppose I could add another option in the stop/start small window that would 'kill' the firewall preventing further boot starts. If that's what you wish.
Rob, thanks for the detailed explanation of the behaviour. The problem is that some of us who do not need the firewall on (because we have a router with built-in firewall or because it conflicts with a program) still cannot stop ourselves testing the dialog with the unintended result I described.
So, yes, an option to 'kill' the firewall would be good.
Posted: Tue 05 Apr 2011, 18:11
by RandSec
tasmod wrote:In firewallstate the code routine for turning the firewall on/off was originally meant to be for testing purposes, I never meant it to 'kill' the firewall program. [...]
I suppose I could add another option in the stop/start small window that would 'kill' the firewall preventing further boot starts. If that's what you wish. :)
I think the firewall should start out installed and ON.
Starting every newbie without a firewall makes them vulnerable, unless they have an external router/firewall.
Yes, starting with a firewall could possibly cause problems for those with local networking. Perhaps a new menu selection might open the usual local networking ports. Networking experts can adjust their own ports.
Yes, a user should be able to turn the firewall OFF, if desired. And yes, that should survive a restart. But no, the firewall should not be OFF by default. That is what enabled the old Microsoft Windows worms of a decade ago.
The firewall should be in force before any driver download, or indeed, any network accesses. It is easy enough to turn OFF by someone who knows about it. But it is unlikely to be turned ON by a newbie who does NOT know about it, especially at start-up, when it may be needed.
Posted: Tue 05 Apr 2011, 18:36
by tasmod
I don't want to get into the argument about default firewall either on/off at starting.
I wrote the basic firewallstate originally just to point out the fact that the firewall was off at first start of a new install. it has just developed from user requests since then.
The option I'm working on will just be for a seasoned user to be able to stop the firewall and prevent it's restart on rebooting.
Although I'm having to do a bit more work than I at first thought. The way it is all written requires checks to be done first before the routine to remove the firewall. Gtkdialog doesn't help
Posted: Tue 05 Apr 2011, 18:53
by RandSec
tasmod wrote:I don't want to get into the argument about default firewall either on/off at starting.
There is no need to argue: The firewall should be ON by default, at first startup, before any network access. Not doing that is an obvious security flaw. This is just another bug which needs fixing.
Posted: Tue 05 Apr 2011, 19:51
by tasmod
firewallstate-1.9 is available in forum Additional Software - Network.
This has the added stop and remove from bootup for the firewall. It is remembered when off.
Interesting results with gtkdialog in older version I wrote the On/Off routine with and new version.
One would echo a command and stop, the newer version execute it without any syntax change.
Posted: Tue 05 Apr 2011, 20:35
by willem1940NLD
Found out my problems were/are due to Hardware, think I need a new computer.
Have 525 kind of working for the time being, after low level format of harddisk.
Do not see IRC helpchat .... is it no more standard?
Posted: Tue 05 Apr 2011, 22:12
by MinHundHettePerro
Hello
!
Took your latest offering, 525, for a spin ....
I lost internet connection quite a few times, something which never occured before
. Had to re-configure, both with network wizard and sns. And, I'm on wired broadband internet through my router, here - just never happened before in any other puppy.
Hope you'll find a solution, just wanted to report.
Fwiw/hth
/
MHHP
Re: oops late problem? maybe
Posted: Tue 05 Apr 2011, 23:38
by James C
scsijon wrote:Decided to use the "latest and greatest" 525 for a new laptop machine.
Found I could not install grub to anything, said it did, nothing there and didn't boot grub!
Could a tester or two also try this out if possible please before I try to return the box.
------------
Also, can someone tell me where I stop connections being started on the network being started, I am finding a google connection on port 80 happening before a browser is even started.
thanks
scsijon
Took me a while but ......pulled an old P3 off the shelf,did a full install of 525 and grub would
not install here either. I don't like Grub4dos but it did install and boot both 525 and Spup. Anyway, there does appear to be a problem with Grub in Lucid 525.
I also went ahead and used Spup to install legacy Grub with no problem.
HTH.
Re: oops late problem? maybe
Posted: Tue 05 Apr 2011, 23:44
by bigpup
James C wrote:scsijon wrote:Decided to use the "latest and greatest" 525 for a new laptop machine.
Found I could not install grub to anything, said it did, nothing there and didn't boot grub!
Could a tester or two also try this out if possible please before I try to return the box.
------------
Also, can someone tell me where I stop connections being started on the network being started, I am finding a google connection on port 80 happening before a browser is even started.
thanks
scsijon
Took me a while but ......pulled an old P3 off the shelf,did a full install of 525 and grub would
not install here either. I don't like Grub4dos but it did install and boot both 525 and Spup. Anyway, there does appear to be a problem with Grub in Lucid 525.
I also went ahead and used Spup to install legacy Grub with no problem.
HTH.
I installed Grub with no problem.
My version of Lucid 5.2.5 I got from:
http://distro.ibiblio.org/pub/linux/dis ... ppy-5.2.5/
Re: oops late problem? maybe
Posted: Tue 05 Apr 2011, 23:47
by James C
bigpup wrote:James C wrote:scsijon wrote:Decided to use the "latest and greatest" 525 for a new laptop machine.
Found I could not install grub to anything, said it did, nothing there and didn't boot grub!
Could a tester or two also try this out if possible please before I try to return the box.
------------
Also, can someone tell me where I stop connections being started on the network being started, I am finding a google connection on port 80 happening before a browser is even started.
thanks
scsijon
Took me a while but ......pulled an old P3 off the shelf,did a full install of 525 and grub would
not install here either. I don't like Grub4dos but it did install and boot both 525 and Spup. Anyway, there does appear to be a problem with Grub in Lucid 525.
I also went ahead and used Spup to install legacy Grub with no problem.
HTH.
I installed Grub with no problem.
My version of Lucid 5.2.5 came from:
http://distro.ibiblio.org/pub/linux/dis ... ppy-5.2.5/
Interesting, I think my copy came from playdayz's server.......... guess I'll redownload from ibiblio and see if there is a difference.
Posted: Wed 06 Apr 2011, 00:06
by PaulBx1
I think the firewall should start out installed and ON.
Starting every newbie without a firewall makes them vulnerable, unless they have an external router/firewall.
I have been saying this for a long time. For a newbie-friendly Linux like Puppy to have such a security flaw is just wrong. At the very least, if not defaulted on, Puppy should take the Windows approach and just nag the hell out of the user that he needs to turn the firewall on.
Re: oops late problem? maybe
Posted: Wed 06 Apr 2011, 00:56
by James C
James C wrote:bigpup wrote:James C wrote:
Took me a while but ......pulled an old P3 off the shelf,did a full install of 525 and grub would not install here either. I don't like Grub4dos but it did install and boot both 525 and Spup. Anyway, there does appear to be a problem with Grub in Lucid 525.
I also went ahead and used Spup to install legacy Grub with no problem.
HTH.
I installed Grub with no problem.
My version of Lucid 5.2.5 came from:
http://distro.ibiblio.org/pub/linux/dis ... ppy-5.2.5/
Interesting, I think my copy came from playdayz's server.......... guess I'll redownload from ibiblio and see if there is a difference.
Downloaded a new copy of 525 from ibiblio, reformatted the partition (sda1) and did another full install of 525. Guess I forgot how to install Grub....
Posting from it now, after I used Spup 099 to install Grub.
Posted: Wed 06 Apr 2011, 01:10
by James C
Other than the Grub difficulty, everything working ootb.Internet,sound and display all good on initial boot.
VGA compatible controller : Intel Corporation 82810E DC-133 (CGC) Chipset Graphics Controller (rev 03)
Multimedia audio controller : Intel Corporation 82801AA AC'97 Audio Controller (rev 02)
Communication controller : Agere Systems LT WinModem
Ethernet controller : Realtek Semiconductor Co., Ltd. RTL-8139/8139C/8139C+ (rev 10)
http://www.murga-linux.com/puppy/viewtopic.php?t=65136
Posted: Wed 06 Apr 2011, 01:41
by karm2865
had the same problem.
just because i was out of things to try I decided to give up on GRUB boot-loader, and tried Grub4Dos instead no ideal why a DOS loader would work but had nothing to lose by trying.
I managed to get Grub4Dos to work first try no problem why?
No ideal why
see
http://www.murga-linux.com/puppy/viewtopic.php?t=66573
Posted: Wed 06 Apr 2011, 05:03
by Luluc
Just a small, but annoying glitch for me.
I upgraded it this way:
- Backed up my /root directory in a tar ball.
- Created a new FAT32 partition.
- Created a brand new Puppy 525 frugal installation.
- Booted the new Puppy.
- Renamed /root to something else.
- Restored my old root from the tar ball.
- Rebooted.
It works. I have a very new and clean Puppy, and most of my configuration choices were preserved. I just have to install programs all over again. Fine, because I went overboard the last time and installed too much, the save file got too big etc.
But when I open the package manager, the installed programs pane indicates the presence of all my old programs, from the old installation. They are not there, they are not installed. If I reinstall them, the corresponding entry is duplicated. So I am "uninstalling" them before reinstalling them, but that's really annoying. I can only uninstall one package at a time, and each time takes considerably long.
I don't think those ghost packages should be there. I don't think they should be carried across two different systems as a stowaway in the /root directory.
Posted: Wed 06 Apr 2011, 05:10
by Sage
think I need a new computer.
Have 525 kind of working for the time being, after low level format of harddisk
You do not
need a 'new' computer, that would be a disaster. At the very worst you would need another
old computer, because Puppy is a compact distro aimed at 'old' computers and is landfill-saving. However, in your case, all you might need is another HD. But I doubt even that. Doublecheck for bad sectors with a DOS utility from a FDD because it is easier than using a liveCD and terminal.
You cannot 'low level' format an IDE or SATA HD - it is a factory operation, unless you are using an MFM device.
Too much loose HW speak here recently. One fears that the capitalist determination to make PC s commodity items like washing machines might yet succeed due to inertia, indolence and ignorance?
Posted: Wed 06 Apr 2011, 05:23
by bigpup
Luluc wrote:Just a small, but annoying glitch for me.
I upgraded it this way:
- Backed up my /root directory in a tar ball.
- Created a new FAT32 partition.
- Created a brand new Puppy 525 frugal installation.
- Booted the new Puppy.
- Renamed /root to something else.
- Restored my old root from the tar ball.
- Rebooted.
It works. I have a very new and clean Puppy, and most of my configuration choices were preserved. I just have to install programs all over again. Fine, because I went overboard the last time and installed too much, the save file got too big etc.
But when I open the package manager, the installed programs pane indicates the presence of all my old programs, from the old installation. They are not there, they are not installed. If I reinstall them, the corresponding entry is duplicated. So I am "uninstalling" them before reinstalling them, but that's really annoying. I can only uninstall one package at a time, and each time takes considerably long.
I don't think those ghost packages should be there. I don't think they should be carried across two different systems as a stowaway in the /root directory.
You did not do a Frugal install upgrade.
The best way is this example:
Upgrading Frugal install
You are using Puppy 511.
Ok, here comes the good bit. Lets assume puppy 5.1.2 is released and you want to try it.
Create another directory called /puppy512.
Copy the three new files (intrd.gz, vmlinuz, and pup_512.sfs) off the new ISO you have downloaded and place them in the directory /puppy512.
Copy the save file from /puppy511 to /puppy512.
Make the appropriate edits in the GRUB menu.lst file and reboot.
Select the new puppy 5.1.2.
It will load and convert your old save file to the new puppy. All of your settings and installed software will be available in the new distribution. The whole process will take between 1 - 5 minutes.
Posted: Wed 06 Apr 2011, 05:28
by 01micko
Luluc
2 questions
Why FAT? (ok, that's your choice, puppy is about choice)
Why shouldn't certain system config files be stored in /root?
There are many of them there, all your browser bookmarks in ~/.mozilla (or whatever), all package information is stored in ~/.packages, lots of app configurations are in ~/.config, you will also find jwm settings, mtpaint, the list can go on.... and this is not unique to lucid puppy. All distros use $HOME or /etc (depending on how compiled) for config files, which in Puppy's case is root. BTW, configs in $HOME usually override configs in /etc.
You probably did other unforeseen damage to /root/.packages. I would suggest going in there and replacing the folder /root/.packages/builtin_files with the original off the CD, also all the Packages_puppy-[whatever] files will be old versions, need to be replaced with originals OR update PPM (I would use the originals), also you can delete the "ghost" packages which you introduced, and also edit the user-installed-packages file eliminating the ghost entries.
You realise you may have other problems with this method you used.
HTH
Posted: Wed 06 Apr 2011, 05:30
by Luluc
bigpup wrote:You did not do a Frugal install upgrade.
The best way is this example:
Upgrading Frugal install
Ok, here comes the good bit. Lets assume puppy 5.1.2 is released and you want to try it.
Create another directory called /puppy512.
Copy the three new files off the new ISO you have downloaded and place them in the directory /puppy512.
Copy the save file from /puppy511 to /puppy512.
Make the appropriate edits in the GRUB menu.lst file and reboot.
Select the new puppy 5.1.2.
It will load and convert your old save file to the new puppy. All of your settings and installed software will be available in the new distribution. The whole process will take between 1 - 5 minutes.
Well, I did that at first, but the old save file was not recognized. All my stuff was gone, as if I had booted with pfix=ram (I had not). Since I wanted to make major structure changes in my save file, to wit: make it smaller and use encryption, I did it the way I did.
Posted: Wed 06 Apr 2011, 05:45
by Terryphi
tasmod wrote:firewallstate-1.9 is available in forum Additional Software - Network.
This has the added stop and remove from bootup for the firewall. It is remembered when off.
Interesting results with gtkdialog in older version I wrote the On/Off routine with and new version.
One would echo a command and stop, the newer version execute it without any syntax change.
Thanks, Rob. Much appreciated.