Without corporate backing or advertising, Puppy
Linux has become one of the world's ten most popular Linux distributions. In the
past few months
Puppy has whelped a litter of like systems, each with its own unique
DNA. This article summarizes Puppy and then describes the
new brood.
Post a Comment
Member since:
2006-01-07
I hesitate to make this comment because I know exactly what's going to happen, but here goes...
Puppy always runs as root without a password. Yes, it is possible (if you open a terminal and use the command line) to login as unprivileged user "spot" (again, without a password). "Spot" can launch apps at the command line, but the graphic desktop will always belong to root. And most users will not go to the trouble to become spot, they will just launch apps as root. Many have pointed out that this is a risky strategy in terms of security. Puppy lacks the tools to configure it as you would most distros - running the desktop and all apps as an unprivileged user.
This issue has been mentioned about a million times already in numerous Linux forums. Usually within minutes after somebody raises the issue, Puppy fans jump in and insist that Puppy is perfectly secure, surfing the Internet as root poises no security risk at all, and if you don't agree with them you are a "Puppy-hater" and deserve to die. I've found myself in this argument so many times now that it's gotten weary, which is why I hesitate to post this.
Nevertheless, reality is that surfing the net as root carries some real risks, whether Puppy users wish to admit it or not. I would never do online banking or credit card purchases with Puppy for this reason.
This does not mean I hate Puppy. I used it for quite a while on my netbook, though lately I've found other alternatives which I prefer. I still keep a Puppy CD and USB stick around just in case I need an emergency boot-up device to rescue data or fix a broken installation. Puppy does have many endearing features - I understand why people like it.
Now, if somebody would just fix this security problem, I'd probably be using it on an everyday basis.
My advice about ANY distro is that people should not get emotional about it. I've used quite a few distros since I started with Linux over 10 years ago. Every distro has some flaw - either you learn to live with it, or ask the developers to fix it (if you can't fix it yourself), or move on to another distro. But denying the flaw won't make it go away, even if the denial makes you feel better.
Edited 2011-12-17 01:34 UTC
Member since:2007-05-28
Member since:2005-08-18
That's a bit of an odd design decision, to say the least.
While always logging in as root is indeed not a good idea it has little to do with compromising your personal data. Your personal data is just as vulnerable when you surf the net as an unprivileged user.
Member since:2006-12-05
I know this is a stretch, but if you have a secondary user account for more important, confidential things like online banking and use the UNIX user/group/permissions system properly, then your banking stuff is pretty damn safe while browsing the web for porn or something on your standard everyday account. Just be sure to be safe and wear a NoScript condom and keep your vaccinations (system updates) up to date. Heh.
Yeah, I know that's completely not funny, but I just had to twist it in that direction. Hey, it still gets the point across.
Use 'chmod 600 filename' (for owner rw) or 'chmod 400 filename' (for owner ro) on files that you intend to keep private. Do 'chmod 700 dirname' on directories whose entire contents you want to keep private.
Hell, you can even just put your "confidential" user account in its own group; if you run Debian and don't change the defaults, this is automatically done for you... instead of, for example, user 'uz64' being in group 'users' he will be in a group of the same name, 'uz64'. Completely segregates users and all of their data. Might still be good practice to properly set permissions though, and if you're really extreme about security you'll want to consider encrypting your files.
Member since:2006-12-06
Member since:2007-04-05
Running as root on Unix systems is anathema for any real use. It subverts the entire model of security and goes well beyond the browser itself. It's what made Windows ridiculously insecure to begin with, and that platform still hasn't entirely shaken the consequences.
Puppy: something to run off of a flash drive occasionally. Look elsewhere for a general-purpose system.
Member since:2006-12-06
Member since:2006-12-05
No idea, but anyone knows it's insane to always run as root for real work where security is even a slight concern, and for that reason Puppy is nothing more than a toy to them. If you asked a security person to do real-world tests on Puppy to get this data and they'll probably laugh and think you're joking. They'd probably think it's retarded to even do such a test targeting Puppy specifically when there is plenty real-world data to go through on the act of just running as root/admin alone. It's well documented; it's bad no matter what, just because it's Puppy and its users seem to be crazy rabid fanboys doesn't make it better.
Edited 2011-12-19 15:14 UTC
Member since:2006-02-15
Most likely not as usually Puppy is used just as a temporary solution and usually not run as a server. However, something not being documented does not equal that it has never happened.
Edited 2011-12-18 03:11 UTC
Member since:2006-12-06
Member since:2005-07-06
Member since:2006-02-15
I do mostly agree with but this is something I don't understand: why would doing online banking or credit card purchases as root be any less secure than as a regular user? Your local user account bears no significance to the security of the data that leaves the machine, it doesn't carry over.
Running as root is bad because of LOCAL privileges, ie. a root user can modify system files, access other operating systems' disks and/or partitions etc. whereas a non-privileged user can't. But a non-privileged user can still access his or her own files, and a keylogger won't need root privileges to log what you're typing.
My point being that running as non-root is not some damn magic bullet after which you can just blindly trust anything anywhere.
Member since:2011-12-20
Good answer.(actually the best answer i read so far). Even though the % of fraud is lower from computing, i tell my anyone when the subject comes up to not do "Online Banking". So, lets say you cannot get to "your bank" when you want/need.You can run Puppy from a CD-R quickly. Puppy was meant as a personal O/S. An alternative. You could spend your money, or someone elses, but, suit yourself.
*Sent from this old clunker P550 Intel 810 chipset with 192mb RAM.
Member since:2006-08-08
If someone is interested here is the official security statement off the Puppy Wiki:
In Puppy Linux your user account is called root, but is not root. In puppy root is user.
More here: http://puppylinux.org/wikka/security
Also AFAIK some Puppy distros have (in addition to that) a special user named spot that is used when starting internet apps. (The distro I know that does that is FatDog64 - 64 bit Puppy Linux)
In addition Puppy always runs in ram not hard disk...
Edited 2011-12-19 19:52 UTC
Member since:
2006-01-06
Member since:2007-08-20
That might be a good subject for a small article on this site. I will be curious about your results.
I will soon be migrating my system from a single OS to a VM environment with many small single-purpose VMs, so I am interested in lightweight, small footprint OSes. Even more than usual. ;^)
Member since:
2005-08-18
It does what now? Prompts the *servers*? Some explanation regarding this seemingly fantastical technology might be called for.
Unintelligible? Really? 3 clearly labeled entries is unintelligible? There's almost no difference between grub and grub2 when it comes to using the actual menu.
Member since:2005-07-06
"Puppy is uniquely effective with slow or unreliable internet connections. It manages connections and prompts servers when problems occur. I have a friend who has poor line quality -- and few options, living in a rural area. He runs Ubuntu 10.04 LTS, Windows XP SP3, and Puppy 5. He favors Puppy because of its more reliable internet connectivity."
I was also wondering what this meant.
Member since:2008-05-03
Member since:2006-01-07
Unintelligible? Really? 3 clearly labeled entries is unintelligible? There's almost no difference between grub and grub2 when it comes to using the actual menu.
I'm going to agree with the original author on this point - GRUB (legacy) was much better than GRUB2. I tip my hat to the Puppy developers for sticking with the old GRUB. I never understood why it was necessary to make GRUB2 so complicated to configure. Simplicity is bliss.
Edited 2011-12-17 05:43 UTC
Member since:2005-08-18
Perhaps but there's little difference when it comes to how the gui works when selecting boot entry. Saying that it is unintelligible is nonsense because menu in grub looks and works pretty much the same way.
If it is cluttered then the same menu would be cluttered in grub.
Member since:2006-01-07
If it is cluttered then the same menu would be cluttered in grub.
Your point is well taken. However, the nice thing about GRUB legacy is that to reconfigure your menu entries, you simply have to edit file /boot/grub/menu.lst. GRUB2 is far messier - in fact, every time I've had to rework the menus, I needed to go back and read the documentation on how to do it. I actually find it easier to just nuke GRUB2 and install GRUB legacy, which is still available in Ubuntu and Debian (though GRUB2 is now the default).
Edited 2011-12-17 05:55 UTC
Member since:2005-08-18
Yeah, configuring grub 2 is a horrible mess. Who's brilliant idea was it that the config directory should contain 1000's of files?
grub2 has one nice feature though, the rescue prompt. When grub1 fails to load you're left up shits creek without a paddle while in grub2 you get the rescue prompt and can actually remedy the situation and manage to boot.
Member since:2006-01-07
grub2 has one nice feature though, the rescue prompt. When grub1 fails to load you're left up shits creek without a paddle while in grub2 you get the rescue prompt and can actually remedy the situation and manage to boot.
That's a good point. Although GRUB is very reliable, it's possible to break it if you fool around (with root privileges). With GRUB legacy, if things get buggered, you might need a rescue disk. Well, that's actually one of the things I still use Puppy for (a rescue disk).
Edited 2011-12-17 05:58 UTC
Member since:2006-07-12
Member since:
2010-05-16
Member since:2008-05-03
Good point. As per Distrowatch:
"The DistroWatch Page Hit Ranking statistics are a light-hearted way of measuring the popularity of Linux distributions and other free operating systems among the visitors of this website. They correlate neither to usage nor to quality and should not be used to measure the market share of distributions. They simply show the number of times a distribution page on DistroWatch.com was accessed each day, nothing more."
Member since:2007-12-26
Member since:2006-12-05
Not to mention, Puppy has been releasing on new versions on a regular basis (monthly, from a quick glance on DistroWatch using the news filter) and recently made a release. On top of that, DistroWatch themselves ran a story/review... so duh, obviously it's going to get more page hits at their site.
Face it, the more often a distro puts out a new version, the more often DistroWatch puts it on its front page, the more often it's listed in DistroWatch Weekly, the more often that distro's page gets visited. More news means more visibility, and therefore more clicks. People like news, it interests them... simple. It's human nature.
Member since:
2007-08-20
Member since:
2006-03-20
After reading the article, I tried it on Virtual Box.
The UI seems at least 15 years behind from an aesthetic point of view.
It did not support resolutions greater than 800x600, and so many windows were not fully visible. I had to press enter blindly in order to continue the installation. Other Linux distributions running under VBox don't have a problem with higher resolutions.
The installation GUI was horrible. There were little buttons/icons everywhere that have extremely non-descriptive pictures on them. I just tried them all to see what they do.
The installation forced me to partition the hard disk manually. It did not make any suggestions on possible partitions, like other distros.
After playing with it for a while, I erased it and installed Kubuntu, which is light years ahead of Puppy, in almost every domain. In fact, Kubuntu 11.10 is so polished, it can be easily compared to Windows 7, and perhaps be found better than Windows 7.
Member since:2010-05-16
Member since:2011-12-20