Welcome
Welcome to refracta

You are currently viewing our boards as a guest, which gives you limited access to view most discussions and access our other features. By joining our free community, you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content, and access many other special features. In addition, registered members also see less advertisements. Registration is fast, simple, and absolutely free, so please, join our community today!

Distrowatch

For general announcements.

Re: Distrowatch

Postby figlfdev » Tue Oct 18, 2016 7:44 am

comment #22 on dw:

Thanks for the Refracta review, it really whetted my appetite. Will download it right away. =)

As for downloading, I prefer torrents: they are more reliable and are easily controlled (pausing/stopping, speed limit resetting). When I download via http or ftp, I use cURL. Oh, and in those few cases when it's available, I download using metalinks (I've installed libmetalink, and I compile every cURL release with metalink enabled).

As for checksums, please, please forget md5. Really. It's hopelessly broken. Use sha256 or sha1 or or even sha512. (I know, sha512 can be slow.)


i agree with most of this. md5sum is somewhat better than nothing, though if youre going to use sha DO NOT use sha1, IT IS completely broken. for a distro sha256 is probably ideal (i dont know anyone that uses sha512.)

if refracta starts using sha256, i will start using it too. i use md5sum for fig os isos, but ive been slow to post them at all lately. i still recommend people get mkfigos and run it themselves (it works in refracta, and it works in fig os as well) rather than downloading the iso. it takes about 20 minutes (most of that is for squashfs.)
figlfdev
 
Posts: 116
Joined: Tue May 31, 2016 6:23 pm

Re: Distrowatch

Postby fsmithred » Tue Oct 18, 2016 1:23 pm

I've been telling myself to switch to sha256 for over a year. I even have one file with sha256sums of some of the .deb files (for now obsolete versions of the tools.) I'll change the code in refractasnapshot for the next version.
User avatar
fsmithred
 
Posts: 2093
Joined: Wed Mar 09, 2011 9:13 pm

Re: Distrowatch

Postby AlexRey » Wed Oct 19, 2016 5:44 am

Not sure how i feel about openSSH running as standard , I think it would be better to have refracta locked down hard as standard for Newbies such as myself and then people who need OpenSSH can enable it.

Just an opinion i'm throwing out there.
AlexRey
 
Posts: 64
Joined: Tue Jun 21, 2016 7:43 am

Re: Distrowatch

Postby fsmithred » Wed Oct 19, 2016 12:49 pm

The reason ssh is running is for rescue and repair. If you have a machine with no display or a display that's not working, you can boot from removable media and log in from another machine. As long as you're behind a router/firewall, you're only accessible from other machines on your local network, and the attacker needs to know your ip address, login name and password. It's easier (or more reliable, anyway) for a newbie to turn off ssh than it is for a seasoned unix admin to turn it on by typing commands into a computer with no display.

Ways to turn off ssh:
- run 'service ssh stop' from a root terminal. (this will reset upon reboot)
- run 'sysv-rc-conf' from root terminal and uncheck all the boxes for ssh. (this will persist in an installation or a live system with persistence, but it will reset in a read-only live-CD or live-USB)
- at boot menu, TAB, then add 'nocomponents=openssh-server' to the line. (only lasts for the session)
- after installing, turn it off through sysv-rc-conf or 'apt-get remove openssh-server' to get rid of it altogether. (permanent)
- make a live-usb with refracta2usb (not with dd) and then you can edit the boot menu to contain 'nocomponents=openssh-server' (ssh will be off every time you boot)
- make a live-usb with persistence, boot with persistence and either turn off or remove ssh. (ssh will be off when you boot with persistence)
- use all three refracta tools - install it, configure it the way you want, make a new iso, make a live-usb.
User avatar
fsmithred
 
Posts: 2093
Joined: Wed Mar 09, 2011 9:13 pm

Re: Distrowatch

Postby AlexRey » Thu Oct 20, 2016 6:00 am

With these stories every couple of months of a new OpenSSH exploit and people block scanning the internet for servers to Pwn i wrongly assumed it might be an issue.

Thank you for explaining.
AlexRey
 
Posts: 64
Joined: Tue Jun 21, 2016 7:43 am

Re: Distrowatch

Postby figlfdev » Fri Oct 21, 2016 8:21 am

fsmithred wrote:The reason ssh is running is for rescue and repair.


in fig os, running live is a priority but (as a fellow forum poster points out) you could get logged into running live in a cafe or something (unlike the router/nat scenario, everyone is already on the same lan) which is why im accustomed to turning off ssh.

certainly it would be trivial to automatically deactivate ssh during boot using mkfigos, though like fsmithred i prefer to have it on (for the same reasons he does.)

since fig os is becoming more of an educational platform for learning coding and computing (i use it daily, im using it now) ive decided to have a term open on startup--

if youre running ssh, then it tells you and makes it so you only have to type "remote off" to run service ssh stop (yes, i bet i know what youre thinking. i considered that too.)

Image

Code: Select all
#### license: creative commons cc0 1.0 (public domain)
#### http://creativecommons.org/publicdomain/zero/1.0/

proginf = "fig os welcome 0.1, oct 2016 mn"

now ""  print
ckremote "pgrep sshd | wc -l"  arrshell  mid 1 1  int

iftrue ckremote
now ""  print
now "  you have sshd enabled... to prevent remote logins,"  colortext 12  print  ""  print
now "  it is recommended you turn it off by typing: "  prints
now "remote off"  colortext 14  print  colortext 7  ""  print  print
fig

trythatfirst 0
while 
qu 0
rc 0

ifequal trythatfirst 1
    now " "  times 11  prints  "you can get help simply by typing: " colortext 7  prints 
    now "help"  colortext 14  print  colortext 7  ""  print  print
    trythatfirst 2
else
    ifequal trythatfirst 0
         trythatfirst 1
         fig 
    fig

try
    p "type here: "  colortext 10  prints  colortext 7  ""  prints  "bash -c 'read -e t ; echo $t'"  arrshell  mid 1 1
    plen p len
    iftrue plen
        first p  asc
    else
        first 0   
        fig

    now p  ltrim rtrim lcase

    ckcmd " "  plus now  plus " "
    ckcmdremote instr ckcmd " remote "
    ckcmdoff    instr ckcmd " off "  times ckcmdremote
    iftrue ckcmdoff
        rc 1
        now " "  times 11  prints  "service ssh stop"  shell  ""  print
        fig

    ifequal now "help"
        rc 1
        trythatfirst 2  ## disable function that tells you about the help command
        now " "  times 11  prints  "valid commands are:"  colortext 3   print  ""  print
        now " "  times 11  prints  "      help"  colortext 14  prints ": to get help"  colortext  7  print
        now " "  times 11  prints  "remote off"  colortext 14  prints ": to turn off remote login"  colortext  7  print
        now " "  times 11  prints  "        sh"  colortext 14  prints ": if you know bash"  colortext  7  print
        now " "  times 11  prints  "      exit"  colortext 14  prints ": (or quit or q) to quit welcome program "  colortext  7  print
        now ""  colortext 7 print
        fig
    ifequal now "sh"
        rc 1
        qu 1
        now " "  times 11  prints  "running bash... welcome program will quit on exit:"  colortext 3   print  ""  print
        now "cd /root ; bash --rcfile /root/.bashrc"  shell
        fig
    ifequal now "exit"
        rc 1
        qu 1
        fig
    ifequal now "quit"
        rc 1
        qu 1
        fig
    ifequal now "q" 
        rc 1
        qu 1
        fig
except
    qu 1
    resume
iftrue qu
    now ""  print  system
    fig
ifequal rc 0
    now " "  times 11  prints  colortext 3  "unrecognized command (no problem)"  prints  colortext 7  ""  print  print
wend


now " " times 11 # is all over that thing-- should probably add: margin " " times 11 # and start using "now margin" instead.
figlfdev
 
Posts: 116
Joined: Tue May 31, 2016 6:23 pm

Re: Distrowatch

Postby deanmean » Fri Oct 21, 2016 9:56 am

Have we taken over the world yet...getting damn tired of waiting...need my royalty checks to be much much bigger to support my heroin costs....

great job...keep up the good work....

I can't believe the logo I took ten seconds to make is still THE logo... If anyone ever realizes it is just a shape flipped and turned and then mirrored and flipped again I am going to be in some real trouble... :P
User avatar
deanmean
 
Posts: 18
Joined: Fri Oct 21, 2016 9:48 am

Re: Distrowatch

Postby fsmithred » Fri Oct 21, 2016 12:13 pm

Hi Dean! Nice to see you back. Stop by some time in #devuan or #debianfork on freenode.

I think we're set to take over by Groundhog Day. With the distrowatch listing, we went from around 100-200 downloads/week to over 1000. (over 3000 downloads on isos this past week). Secret weapons are currently stored in the experimental folder at the ibiblio site.

The logo got changed for wheezy. I had an artist do it - the triangles got flipped around some more and a spiral got added. We had to excise the spiral and went back to a modified version of the original. The description of how you made it is a pretty good description of how we put together refracta. Only it takes more than 10 seconds.

There are probably a lot of new folks reading this, so I'll mention that I'm talking to the guy who started it all - meangnudeandudeinkfracta the creator of Refracta, refractasnapshot and refractainstaller.
User avatar
fsmithred
 
Posts: 2093
Joined: Wed Mar 09, 2011 9:13 pm

Re: Distrowatch

Postby Mike » Fri Oct 21, 2016 3:12 pm

So what's the story there? Did Dean take a break during rehab or something?
User avatar
Mike
 
Posts: 49
Joined: Mon Oct 17, 2016 10:50 pm

Re: Distrowatch

Postby deanmean » Fri Oct 21, 2016 3:41 pm

dean is a bit...uh....all over the place....and the voices he listens to are all in his head....
fsr is a bit more stable...and listens to others...

in a moment of clarity dean realized refracta could keep being his fun time silliness or maybe be more with some steady direction...
User avatar
deanmean
 
Posts: 18
Joined: Fri Oct 21, 2016 9:48 am

PreviousNext

Return to Announcements

Who is online

Users browsing this forum: No registered users and 0 guests

cron
suspicion-preferred