Puppy Linux Discussion Forum

Evening, gang.

I thought the following article might be of some interest to our community:-

https://www.bleepingcomputer.com/news/s ... ion-flaws/

I found it during my usual daily trawl round BleepingComputer while I was "on-duty". I feel there's some relevance here, given that there appears to be maintenance issues with aufs, and more of our new Pups are using OverlayFS instead. And of course, several ARE Ubuntu-based....

I know our kernels tend to get built 'in-house' with Woof-CE's kernel-kit....but I thought this would still be worth a mention.

Mike.

@mikewalsh - as the article says:

It should be noted that the two highlighted flaws only impact Ubuntu, and any other Linux distribution, including Ubuntu forks, not using custom modifications of the OverlayFS module should be safe.

I only have 1 ref to overlayfs in my DOTconfigs (as recommended by dimkr): CONFIG_OVERLAY_FS=y
I'm pretty sure our other kernel-makers have likewise, so I think we're OK.
I use kernel-kit master 2018 with only essential mods, which predates this error too.

ozsouth wrote: ↑Wed Jul 26, 2023 11:55 pm

CONFIG_OVERLAY_FS=y
I'm pretty sure our other kernel-makers have likewise, so I think we're OK.
I use kernel-kit master 2018 with only essential mods, which predates this error too.

Yes, I set the OverlayFS as builtin on all of the kernels I produce.

Githib produces the upup-kernel which is then used in some Ubuntu based system builds (ubuntu-jammy64):
https://github.com/puppylinux-woof-CE/w ... kernel.yml

I think (?) that the kernel is the Ubuntu kernel with the .config "patched" to make it suitable for Puppy use.

@dimkr can maybe clarify which version of overlayfs is included in the upup-kernel?

There is no 'version' of overlay, it's not a third party file system like aufs.

This job runs periodically, so it will receive the fix from Ubuntu once it's backported to 22.04.

Looks like this is still not fixed in Ubuntu, so the jammy64 kernel still hasn't received the patch. (And people will need to update to receive the patch, of course.)

This demonstrates why it's important to a) have eyes looking at the code and b) apply security updates instead of using old and vulnerable software. aufs is out of Ubuntu and Debian, and it's no longer used by Docker, so fewer eyes are looking for bugs and vulnerabilities. If aufs breaks or introduces a vulnerability, this might go unnoticed. We're lucky to have overlay, and it's good to see it's scrutinized and maintained by serious people.

(And I don't really see how CVE-2023-2640 can be an attack vector in Puppy, which doesn't make any use of xattrs as far as I'm aware.)

@dimkr :-

No, that's fair comment, Dima. I won't disagree with any of what you say, since I'm none the wiser myself. I just felt it was worth mentioning, given that we're now starting to use it in place of aufs.

Mike.

All this is reasonable. But...

The only reason why I haven't left the forum yet is aufs and Fossapup (old).
As soon as I stop using Fossapup for emulation purposes, I will most likely disappear. I will install a full clean Arch+MATE on all my devices.

I'm just saying this for the record. Everyone has their own reasons and vision of the situation.
----------|
Well, MagOS also uses aufs and is not going to stop support. If I remove KDE and use the module with MATE, then I will emigrate there for use from external disks.

Grey wrote: ↑Fri Jul 28, 2023 2:00 am

Everyone has their own reasons and vision of the situation.

It's sad to see that the Puppy community lost its DIY spirit and became a community of people who wait for somebody else to the work (of maintaining aufs, building a Puppy that suits their taste ...).

dimkr wrote: ↑Fri Jul 28, 2023 5:07 am

DIY spirit

I have this one... what's his name... midlife crisis Well, in our case, this is when you want to use something ready and do something only if you really need it. It will pass, but for now like this.
I do not know what the others have

Here is the old topic about aufs vs overlayfs:
viewtopic.php?t=1910

@ dimkr

I understand your sentiment:

It's sad to see that the Puppy community lost its DIY spirit and became a community of people who wait for somebody else to the work (of maintaining aufs, building a Puppy that suits their taste ...).

However, you are, amongst others, who can and so do -

There are others, myself included, who can not so do not -

Reasons may vary, but in essence we rely on you and others to be able to use Puppy in it's many forms -

Maybe not enough kudos is granted to 'the core' for their efforts -

Think of me as an individual for a moment. I wouldn't be using (my Signature) if it weren't for peebee -

I wouldn't be trying out the Puppy variations if it weren't for the commitment of others -

I try to help out from time to time with non technical issues if I feel it would be beneficial -

I ask questions that someone on a higher level of knowledge might feel are VERY basic -

So, it could be said that I am taking advantage -

But hang on a moment. -

I am now using Puppy as my main OS.

I have learnt a considerable amount through this Forum. Admittedly not enough to participate in the 'technical - development' side and never will -

Here is an individual that salutes the work of the many contributors that allow me to use their efforts -

So don't be despondent -

Best regards

Chelsea80

Grey wrote:

All this is reasonable. But...

The only reason why I haven't left the forum yet is aufs and Fossapup (old).

Just curious, what's against overlayfs in your opinion ?
And/or what is it you're personally missing exactly in case aufs isn't available anymore ?
Or other than midlife crisis what ... ?

fredx181 wrote: ↑Fri Jul 28, 2023 5:48 pm

Just curious,

I was convinced by Russian programmers. They were drunk (but kept on their feet ), so they spoke sincerely and I believe them.
Therefore, since January of this year, I hate Overlay. I hate with pure, sincere and real hatred How the child you refused to buy a bicycle hates.

Grey wrote: ↑Fri Jul 28, 2023 6:42 pm

fredx181 wrote: ↑Fri Jul 28, 2023 5:48 pm

Just curious,

I was convinced by Russian programmers. They were drunk (but kept on their feet ), so they spoke sincerely and I believe them.
Therefore, since January of this year, I hate Overlay. I hate with pure, sincere and real hatred How the child you refused to buy a bicycle hates.

In other thread Grey wrote:

The other day I talked with the developer of one Russian OS. There are also Aufs. He said that he switched to 64 bits only when they became more stable than 32. He switched to PulseAudio only when it became more convenient and better than Alsa (not so long ago). And Overlay is not a competitor to Aufs at all. And he added that "that Japanese guy" (the author of Aufs) did more ten years ago than Torvalds has done so far (in terms of Overlay)

OK, but that's not about your experience.
I think it depends on what you do , yes overlay is limited, but perhaps for most users it's not a problem.
Also, there are often problems (from what I read) compiling kernel with aufs, so overlay can be the rescue then (smaller bicycle ).

fredx181 wrote:

Also, there are often problems (from what I read) compiling kernel with aufs, so overlay can be the rescue then (smaller bicycle ).

Just occurred 4 times today trying to compile a huge 6.4.7 for general purpose use. AUFS patch is causing issues it seems. -> viewtopic.php?p=94999#p94999

Personally, only difference I know about in terms of useful extra functionality aufs could provide was loading new layer whilst system already running, which to me is not a big deal since there are other ways of loading portable apps on the fly. Or is there some important extra facility you say aufs can provide I am not aware of?

By the way, aside from not needing a patched kernel, overlayfs has a more important extra functionality I believe aufs can't provide: with overlayfs you can reuse layers in new overlay stacks built in already running systems and more important still, nest overlays within overlays. To me that's much more important - can even implement sfs load on fly via that and chroot, or via tinycorelinux symlinking methods (though other ways such as what AppImages provide seem better and practical to me overall on a bigger trying-to-make-Linux-package-management-robust scale).

I don't understand the aufs-faithful attitude. I can't help but think that's more to do with stuck in the mud with the familiar rather than to do with what is actually technically best, logical, and sensible. Same attitude pervaded around here regarding direct use of alsa versus using pulseaudio for a long time. WeeDog/FirstRib embraced overlayfs and pulseaudio from its very start in 2019 for obvious technical reasons to me that that was the future. Of course, eventually Puppy had to move to using pulseaudio and pipewire or be left abandoned to the nostalgic old Puppy crew - the old attitude has in my opinion had a negative effect overall on Puppy development for over ten years now - almost laughable really. It is fair to say that dimkr has not had that old attitude of 'change is a bad thing we do not want or need', but that of course also means that dimkr suffers from a lot of stupid flack regarding new ideas in more current woof-CE builds.

Unfortunately those who drive the 'no-change' attitude tend not to be developers and in not encouraging new developments, Puppy remains under threat as a future useful distro. I does indeed seem true to me that if dimkr abandons that ship Puppy development is in trouble and perhaps just a place of endless remasters of old versions and playing at keeping some of these alive via bolt on new libs and so on - hardly inspiring to most Linux users. Times have changed and plenty of choice out there that is moving with the times is just the fact of life.

Like all current Linux implementations and system-level developments, any security issues are continually monitored and eventually addresses. It doesn't really matter therefore in the scheme of such development if overlayfs or any other core component suddenly had a security flaw - that will inevitably be fixed. The same can't be said of third party kernel patches - most in the Linux world don't rely on these and so the number of people interested and watching to fix any security flaws in the likes of aufs patches are much fewer. So if the argument was about security, well the answer to that seems obvious to me.

wiak wrote: ↑Sat Jul 29, 2023 5:22 am

dimkr suffers from a lot of stupid flack regarding new ideas in more current woof-CE builds.

Maybe I'm a prophet of doom, but I believe that Puppy will >=80% die when aufs dies (or when X.Org dies). Time will prove me wrong or show that my campaign against the dependency on aufs, GTK+ 2 and X.Org kept Puppy alive. You can't repeat more or less the same build recipe for 20 years but expect it to keep working and produce a useful distro (for example, one where the package manager actually works, browsers can play audio out-of-the-box and Bluetooth works), especially without a maintainer (somebody who ports ROX-Filer to GTK+ 4, etc').

dimkr wrote: ↑Sat Jul 29, 2023 7:01 am

wiak wrote: ↑Sat Jul 29, 2023 5:22 am

dimkr suffers from a lot of stupid flack regarding new ideas in more current woof-CE builds.

Maybe I'm a prophet of doom, but I believe that Puppy will >=80% die when aufs dies (or when X.Org dies). Time will prove me wrong or show that my campaign against the dependency on aufs, GTK+ 2 and X.Org kept Puppy alive. You can't repeat more or less the same build recipe for 20 years but expect it to keep working and produce a useful distro (for example, one where the package manager actually works, browsers can play audio out-of-the-box and Bluetooth works), especially without a maintainer (somebody who ports ROX-Filer to GTK+ 4, etc').

Users will adapt when things don't work for them anymore. Untill then, I don't really see the need for change personally.

I guess I've tried to prepare for the eventual demise of aufs, by gaining some understanding of overlayfs. I make kernels that can do both for now. I have made overlay-only to try. Biggest issue for many puppians is that sfs's don't work exactly the same. I can live with the workarounds, but many can't. I don't have the smarts to maintain aufs. I mostly run puppy only when I'm developing something. I've also set up Chrome Flex as a dual boot with puppy on 1 pc & I'm posting on a Chromebook now. I want instant options if/when things go pear-shaped in aufs, Xorg or whatever, so these other options are insurance.

I don't myself find much of a great difference moving from aufs to overlayfs - only that particular aufs sfs-load-on-the-fly mechanism that can be done in other ways. Maybe aufs will continue being developed for another ten years or more - purely up to the aufs development team, so can't predict any end-situation regarding that at all.

Wayland is a different matter. Now that some of biggest mainstream distro providers have basically dropped X in favour of Wayland, the writing is on the wall right now when it comes to how long we can expect X to remain a viable option. A couple of years from now maybe most all distros will be using Wayland and X relegated to history. Of course you will still be able to boot older distros that still use X but that is hardly going to be the preference of most Linux users once Wayland is the supported option (and future development of apps and facilities based on Wayland being the display protocol).

EDIT: post shortened

Whatever the case, if Puppy Linux isn't indeed going to fade away in terms of wide appeal, it definitely needs to not stand still or it will be forgotten about by most Linux users (which is surely the important point about the overall relevance nowadays of any distro?). X is surely almost dead in terms of future distros most of us will use; not using pulseaudio or pipewire in favour of simple direct alsa is pretty much already 'dead' as a sensible demand.

Shrinking interest in Puppy Linux itself doesn't really matter if that's what happens, I feel. In fact no particular distro matters all that much to me overall, not Puppy, not KL, not DebianDog, not FirstRib, not ... whatever. There are plenty of other Linux distros and I wouldn't be surprised at all if many people who post on this forum don't use any forum distro as their main distro in actual reality. Some say they do, and I am sure some do, but not sure that matters one way or the other really. But the forum is and has been a special place, I feel, so if what is done here overall results in the forum shrinking into irrelevance that would be a sad loss indeed, so the more developed that remains relevant the better. What is relevant is certainly a matter of opinion.

Puppy has never been a "big" distribution in terms of numbers. Personally, if the Puppy "novelty" wears off, I'll probably return to Windows or one of the other big Linux distributions (I have never used any other linux distribution besides Puppy). It may even be an exciting new challenge for me to explore other distributions and even the newer Windows distributions I have not even tried yet. So, not a train smash. There will always be something available which will satisfy and cover the computer needs for the general, average computer user. I don't have any sleepless nights...

amethyst wrote: ↑Sat Jul 29, 2023 12:25 pm

Puppy has never been a "big" distribution in terms of numbers. Personally, if the Puppy "novelty" wears off, I'll probably return to Windows or one of the other big Linux distributions (I have never used any other linux distribution besides Puppy). It may even be an exciting new challenge for me to explore other distributions and even the newer Windows distributions I have not even tried yet. So, not a train smash. There will always be something available which will satisfy and cover the computer needs for the general, average computer user. I don't have any sleepless nights...

I think Puppy maybe was a 'big' distribution in terms of numbers back in its earlier years. I still think the forum is more important than any distro it features.

I think some may overestimate the importance of Puppy (or any other specific distribution) for the average computer user. Most just wants something that works well. Sure, coming a long way with a specific distribution will muster some loyalty but as said, shouldn't be overplayed. I think the situation may be a bit different for the active developer of a specific distribution, I mean it's sort of your "baby" being killed off if the project collapses. But for the general, average computer user not so much, they will move on to other pastures.

I've certainly noticed fans of some distros getting extremely upset when they feel their favorite distro is critised or they feel being competed against. I don't notice the main distro developers care so much, it's just a hobby pursuit. Of course developers try to attract users, sometimes, and certainly may implement facilities enough users request. But if no users I don't see why that matters. I myself mainly used full installed zorin for the past two years, though did boot into KL variants regularly for hobby dev fun related to forum chat.

I turned to Puppy because Windows started turning into bloatware and they started making it harder and harder to change things on the OS.
Puppy is still fairly small and I can change anything I want. all I have to do is figure out how!
It also has the big advantage of a frugal install.!! That makes it somewhat immutable. Mistakes, messing up, and malware can be fixed by deleting a single directory and I have a clean slate to start over with. Add to that a simple bash script can be used to restore my system to the way I like it and in my opinion Puppy can't be beat by anything else I've seen so far.

It is true we don't like change and sometimes change happens for no good reason. However in Puppy's case if it is to survive it must change and keep up with the times or it will become insecure and unusable.

Weather we like it or not the web is now a dangerous place full of full time professional hackers and malware. It is also the place we have to live.

It's a windy day today. And the topic here is the same.
Let's go with this wind into the future.

Well, after 10 years, @dimkr will be overcome by nostalgia, Wayland will become unbearable to him and he will switch to X.
(By that time, I will have gone in Fossapup through all the PCSX2 emulator games and switched to RPCS3 games)

@mikewalsh will open a ZX Spectrum repair shop in London (suddenly).

@amethyst will open a Baikal processor manufacturing plant in Cape Town (Putin will accidentally mix up and there will be CPUs on one of the barges, not grain). He won't sell anything But it will be funny.

@wiak... I don't see his future. A very serious man, the wind does not blow on him.

But seriously, it is necessary either to rename the forum or to declare some option "official" (the first is highly undesirable, the second is almost impossible). People still don't understand the direction. And this is understandable. Because the forum participants themselves do not know which vector of movement to choose.

I just happen to use the distro's I produce and I really got used to doing some pretty complicated stuff using Puppy Linux in many varieties. So basically I make the distro for what I need it for and if others might use it and show interest I'll provide it. I don't need 99% of the time a full installed type distro and since they usually take up gigs of space and use full partitions or two to start with so I tend to avoid them, Plus most of my machines would crawl a slow crawl running those things.

I guess it's more of now I've learned to get the most out of a machine and software using a Puppy Linux. I don't know many who can jump from thing to thing and be really proficient and good at using just one of them never mind all of them. It took like 12 years to get sort of good at problem solving with a handful of similar operating systems.

Grey wrote: ↑Sat Jul 29, 2023 4:01 pm

Because the forum participants themselves do not know which vector of movement to choose.

Do you know anything about Quantum Physics? There are particles that can exist in two places at once and interact. Do you know what the difference is between a pulse RADAR and a Doppler RADAR? With a pulse RADAR you'll need vector data to lock on, but Doppler is more like a BLOB.....no vector needed it to steer the energy to detect objects in a space with volume.

That's the description I'll give........we're an energy field measuring movement through a big space with volume...like a Doppler and :

Every particle or group of particles in the universe is also a wave—even large particles, even bacteria, even human beings, even planets and stars. And waves occupy multiple places in space at once. So any chunk of matter can also occupy two places at once. Physicists call this phenomenon "quantum superposition," and for decades, they have demonstrated it using small particles.

But in recent years, physicists have scaled up their experiments, demonstrating quantum superposition using larger and larger particles. Now, in a paper published Sept. 23 in the journal Nature Physics, an international team of researchers has caused molecule made up of up to 2,000 atoms to occupy two places at the same time.

Extrapolation result = Puppy Linux Forum members can use and understand two or more operating system distros at once.

There are plenty of other Linux distros and I wouldn't be surprised at all if many people who post on this forum don't use any forum distro as their main distro in actual reality.

Well I do. I haven't touched Zorin or Mint or any full install of Linux or a new Windows install in years. That is in many years. Only reason I do is to test @wiak's scripts for fun. Except for once a year I use a 2006 DELL laptop running Windows 10 to run tax software.

I agree that most computer users do not really understand what the operating system is and do not care a bit of the tech side of them. Just that they know how to do the things they want or need to do.

I have not been able to buy a new machine in any form for a long long time. I have all of my computer gear used, some right off the street and literally in garbage dumpsters. Means repairing and installing and most is not high powered. Hence my almost exclusive use of the operating systems discussed on this forum.

I like being good at somethings...like really good at it.....I can not focus fast enough from distro to distro to be able to be good at manipulating those to do anything complicated enough that might possibly pose a problem that needs troubleshooting.

Sure there are plenty of distros, but so is there in coffee, tea and booze.....but I buy the few types that I like and marvel at the huge long aisles of all the stuff at the super market. Lots of choices for sure, but I'd need a university degree and a paid job to try them all out and tell the differences.