For general announcements.
Tue Oct 18, 2016 7:44 am
comment #22 on dw:
Thanks for the Refracta review, it really whetted my appetite. Will download it right away. =)
As for downloading, I prefer torrents: they are more reliable and are easily controlled (pausing/stopping, speed limit resetting). When I download via http or ftp, I use cURL. Oh, and in those few cases when it's available, I download using metalinks (I've installed libmetalink, and I compile every cURL release with metalink enabled).
As for checksums, please, please forget md5. Really. It's hopelessly broken. Use sha256 or sha1 or or even sha512. (I know, sha512 can be slow.)
i agree with most of this. md5sum is somewhat better than nothing, though if youre going to use sha DO NOT use sha1, IT IS completely broken. for a distro sha256 is probably ideal (i dont know anyone that uses sha512.)
if refracta starts using sha256, i will start using it too. i use md5sum for fig os isos, but ive been slow to post them at all lately. i still recommend people get mkfigos and run it themselves (it works in refracta, and it works in fig os as well) rather than downloading the iso. it takes about 20 minutes (most of that is for squashfs.)
Tue Oct 18, 2016 1:23 pm
I've been telling myself to switch to sha256 for over a year. I even have one file with sha256sums of some of the .deb files (for now obsolete versions of the tools.) I'll change the code in refractasnapshot for the next version.
Wed Oct 19, 2016 5:44 am
Not sure how i feel about openSSH running as standard , I think it would be better to have refracta locked down hard as standard for Newbies such as myself and then people who need OpenSSH can enable it.
Just an opinion i'm throwing out there.
Wed Oct 19, 2016 12:49 pm
The reason ssh is running is for rescue and repair. If you have a machine with no display or a display that's not working, you can boot from removable media and log in from another machine. As long as you're behind a router/firewall, you're only accessible from other machines on your local network, and the attacker needs to know your ip address, login name and password. It's easier (or more reliable, anyway) for a newbie to turn off ssh than it is for a seasoned unix admin to turn it on by typing commands into a computer with no display.
Ways to turn off ssh:
- run 'service ssh stop' from a root terminal. (this will reset upon reboot)
- run 'sysv-rc-conf' from root terminal and uncheck all the boxes for ssh. (this will persist in an installation or a live system with persistence, but it will reset in a read-only live-CD or live-USB)
- at boot menu, TAB, then add 'nocomponents=openssh-server' to the line. (only lasts for the session)
- after installing, turn it off through sysv-rc-conf or 'apt-get remove openssh-server' to get rid of it altogether. (permanent)
- make a live-usb with refracta2usb (not with dd) and then you can edit the boot menu to contain 'nocomponents=openssh-server' (ssh will be off every time you boot)
- make a live-usb with persistence, boot with persistence and either turn off or remove ssh. (ssh will be off when you boot with persistence)
- use all three refracta tools - install it, configure it the way you want, make a new iso, make a live-usb.
Thu Oct 20, 2016 6:00 am
With these stories every couple of months of a new OpenSSH exploit and people block scanning the internet for servers to Pwn i wrongly assumed it might be an issue.
Thank you for explaining.
Fri Oct 21, 2016 8:21 am
fsmithred wrote:The reason ssh is running is for rescue and repair.
in fig os, running live is a priority but (as a fellow forum poster points out) you could get logged into running live in a cafe or something (unlike the router/nat scenario, everyone is already on the same lan) which is why im accustomed to turning off ssh.
certainly it would be trivial to automatically deactivate ssh during boot using mkfigos, though like fsmithred i prefer to have it on (for the same reasons he does.)
since fig os is becoming more of an educational platform for learning coding and computing (i use it daily, im using it now) ive decided to have a term open on startup--
if youre running ssh, then it tells you and makes it so you only have to type "remote off" to run service ssh stop (yes, i bet i know what youre thinking. i considered that too.)

- Code:
#### license: creative commons cc0 1.0 (public domain)
#### http://creativecommons.org/publicdomain/zero/1.0/
proginf = "fig os welcome 0.1, oct 2016 mn"
now "" print
ckremote "pgrep sshd | wc -l" arrshell mid 1 1 int
iftrue ckremote
now "" print
now " you have sshd enabled... to prevent remote logins," colortext 12 print "" print
now " it is recommended you turn it off by typing: " prints
now "remote off" colortext 14 print colortext 7 "" print print
fig
trythatfirst 0
while
qu 0
rc 0
ifequal trythatfirst 1
now " " times 11 prints "you can get help simply by typing: " colortext 7 prints
now "help" colortext 14 print colortext 7 "" print print
trythatfirst 2
else
ifequal trythatfirst 0
trythatfirst 1
fig
fig
try
p "type here: " colortext 10 prints colortext 7 "" prints "bash -c 'read -e t ; echo $t'" arrshell mid 1 1
plen p len
iftrue plen
first p asc
else
first 0
fig
now p ltrim rtrim lcase
ckcmd " " plus now plus " "
ckcmdremote instr ckcmd " remote "
ckcmdoff instr ckcmd " off " times ckcmdremote
iftrue ckcmdoff
rc 1
now " " times 11 prints "service ssh stop" shell "" print
fig
ifequal now "help"
rc 1
trythatfirst 2 ## disable function that tells you about the help command
now " " times 11 prints "valid commands are:" colortext 3 print "" print
now " " times 11 prints " help" colortext 14 prints ": to get help" colortext 7 print
now " " times 11 prints "remote off" colortext 14 prints ": to turn off remote login" colortext 7 print
now " " times 11 prints " sh" colortext 14 prints ": if you know bash" colortext 7 print
now " " times 11 prints " exit" colortext 14 prints ": (or quit or q) to quit welcome program " colortext 7 print
now "" colortext 7 print
fig
ifequal now "sh"
rc 1
qu 1
now " " times 11 prints "running bash... welcome program will quit on exit:" colortext 3 print "" print
now "cd /root ; bash --rcfile /root/.bashrc" shell
fig
ifequal now "exit"
rc 1
qu 1
fig
ifequal now "quit"
rc 1
qu 1
fig
ifequal now "q"
rc 1
qu 1
fig
except
qu 1
resume
iftrue qu
now "" print system
fig
ifequal rc 0
now " " times 11 prints colortext 3 "unrecognized command (no problem)" prints colortext 7 "" print print
wend
now " " times 11 # is all over that thing-- should probably add: margin " " times 11 # and start using "now margin" instead.
Fri Oct 21, 2016 9:56 am
Have we taken over the world yet...getting damn tired of waiting...need my royalty checks to be much much bigger to support my heroin costs....
great job...keep up the good work....
I can't believe the logo I took ten seconds to make is still THE logo... If anyone ever realizes it is just a shape flipped and turned and then mirrored and flipped again I am going to be in some real trouble...
Fri Oct 21, 2016 12:13 pm
Hi Dean! Nice to see you back. Stop by some time in #devuan or #debianfork on freenode.
I think we're set to take over by Groundhog Day. With the distrowatch listing, we went from around 100-200 downloads/week to over 1000. (over 3000 downloads on isos this past week). Secret weapons are currently stored in the experimental folder at the ibiblio site.
The logo got changed for wheezy. I had an artist do it - the triangles got flipped around some more and a spiral got added. We had to excise the spiral and went back to a modified version of the original. The description of how you made it is a pretty good description of how we put together refracta. Only it takes more than 10 seconds.
There are probably a lot of new folks reading this, so I'll mention that I'm talking to the guy who started it all - meangnudeandudeinkfracta the creator of Refracta, refractasnapshot and refractainstaller.
Fri Oct 21, 2016 3:12 pm
So what's the story there? Did Dean take a break during rehab or something?
Fri Oct 21, 2016 3:41 pm
dean is a bit...uh....all over the place....and the voices he listens to are all in his head....
fsr is a bit more stable...and listens to others...
in a moment of clarity dean realized refracta could keep being his fun time silliness or maybe be more with some steady direction...
Powered by phpBB © phpBB Group.
phpBB Mobile / SEO by Artodia.