DSL vs. Puppy Linux


Forum: Linux  and Free Software
Topic: DSL vs. Puppy Linux
started by: jhsu

Posted by jhsu on May 26 2007,01:02
I've tried both DSL and Puppy Linux.  Why do so many Puppy Linux users consider their distro to be the ultimate lightweight distro when DSL is clearly much more lightweight?  Puppy Linux users talk about their distro as the ultimate to squeeze more use out of old, obsolete computers.  I think DSL is MUCH better qualified for this role.

I have a Dell L466CX desktop (7 years old) that has just 128 MB of RAM and is my legacy Windows 98 machine.  It struggles with the Puppy Linux live CD but FLIES LIKE A ROCKET with the DSL live CD.  On this IBM NetVista desktop (256 MB of RAM), I only have about 50-55 MB of free memory while running the Puppy Linux live CD while running the DSL live CD rarely uses more than 50 MB of RAM and often considerably less (like 20-30MB).

Puppy Linux has more stuff operational from the get-go (like Youtube and Flash viewing), but I find that DSL is FAR more lightweight than Puppy Linux.  We should be pushing DSL as the ultimate lightweight distro for reusing old computers and the One-Laptop-Per-Child program.

Posted by mikshaw on May 26 2007,02:26
I think there are compromises in both Puppy and DSL. The Puppy distro seems to focus much more on keeping a cutting edge kernel along with more flashy graphics, which in some cases also means newer software than what is found in DSL. Many software developers have chosen to port the more recent releases of their projects to newer and bulkier (slower?) toolsets (such as from Gtk 1.2 to Gtk 2). The compromise here would be a either a larger system, smaller selection of applications, or both.  DSL, on the other hand, tends to focus on keeping a strict 50mb size limit and support for older hardware, while providing the most flexible desktop system available. The compromise on this side is that the software, and hardware support, is not always the "latest and greatest".

As for the lack of Flash out of the DSL box, it's my belief that this is more about Flash being proprietary software than anything else.

Posted by WDef on June 03 2007,23:34
As I said not long ago in a similar thread in the Puppy forum:  Puppy and dsl have different missions I think.  They're less interested in tiny apps over there.   In many ways, I always enjoy the simplicity of dsl.  Simplicity's still a great virtue in the *nix world as far as I am concerned.

Puppy's getting quite complicated and is developing fast, since there are at least 4 developers working under Barry.

But why not use both, that's what I do.  Use everything, linux is about choice and freedom : =)

Posted by torp on June 04 2007,20:59
"But why not use both, that's what I do.  Use everything, linux is about choice and freedom : =) "

amen brother. these OS's are just tools after all. sometimes we need a jewlers screwdriver, and sometimes we need a monkey wrench. use the proper tool for the job i say....

torp

Posted by cmanb on June 05 2007,13:52
Quote (WDef @ June 03 2007,16:34)
But why not use both, that's what I do.  Use everything, linux is about choice and freedom : =)

DSL is my default "I need a bash shell.." distro. I also keep a copy of Dyne:bolic on my desk right next to my DSL disk for when I need to do multimedia work.

Specialized tools. All the way.

Posted by stupid_idiot on June 06 2007,07:40
Well, my idea of what a minimalist distro is might be different from what another person's idea is. Other people wouldn't consider DSL a 'usable' desktop option if they don't have the command-line knowledge to get things done. I suspect there are a whole bunch of people who would be more comfortable using Puppy than any other distro. Also, there's the whole visual motif revolving around a cute little puppy. They are really like, the friendliest linux distro ever. Yes, I agree with you that GTK2 must be oppressively slow on a Pentium I, but still, that is way below median hardware specs nowadays..
Posted by mikshaw on June 06 2007,16:39
Quote
Other people wouldn't consider DSL a 'usable' desktop option if they don't have the command-line knowledge to get things done.
As I've said a number of times, I don't think DSL was ever developed as a clicker-friendly system, but I might be wrong about that. Having a Linux system that doesn't provide a fairly complete set of commandline tools (Puppy and Austrumi come to mind) makes for a less useable desktop for a power user, so again it comes down to what is and is not considered useable depending on whether you prefer mouse or keyboard control ("desktop" should not automatically imply click-controlled).

Quote
GTK2 must be oppressively slow on a Pentium I, but still, that is way below median hardware specs nowadays
And again, DSL is targeted toward older hardware, including 486. Whether or not you use a pentium I is beside the point...these machines are still in use around the world.

I have nothing against Puppy, of course. I just wanted to emphasize that different users have different needs and different opinions of what "useable" is, in both software and hardware.

Posted by stupid_idiot on June 07 2007,00:17
Definitely. It's not a 'Oh, this one is better than the other' thing.
Posted by thirdman on June 07 2007,20:13
FWIW, DSL runs great on my PII 166MHz, 32MB laptops.
Posted by lucky13 on June 20 2007,16:10
Quote
It's not a 'Oh, this one is better than the other' thing.

No, I think they differ with regard to a couple very important distinctions. I've had a little more experience with Puppy the last few weeks, and I've found some things I find entirely unacceptable which prevent me from recommending it beyond its use as a live CD (and then only without touching any other media).

First, while both are "safe" when run as live (read-only) CDs, they're markedly different in terms of inherent security when installed. Puppy (and dynebolic since someone mentioned it as well) runs as root only (user "spot" is also available by default, but pay attention to the login and the permissions: it's a root-only system). IIRC, neither Puppy nor dyne even uses a password. This isn't trivial. It defeats one of the major security advantages Unix has traditionally had in the form of permissions against single-user OSes like Windows pre-NT (and modern ones like Haiku or even OSX when set up for single user only). Puppy makes sense as an installed OS only if you think Win95 was the pinnacle of computing security. By contrast, DSL boots by default to user dsl with sudo privileges but not direct root privileges. This is the proper, more secure way of running a Unix/Linux environment.

Second, the underlying paradigms are 180-degrees different and it goes far beyond GTK1 v GTK2 and the acceptability of bloat. Puppy is aimed at ease of use (which is why it's single-user) particularly for those transitioning from Windows, not at maintaining support for legacy hardware. DSL's paradigm is usability without bloat: the extensions are supposed to be as bloat-free as the base ISO.

Along the lines of the former (root only, no password), I was working on a guide about hardening DSL (particularly traditional hard drive installation) beyond its already secure settings before a couple things at work got in my way and consumed all my time (I think I have some breathing room now). I'll post the guide either on my blog or the DSL Wiki as soon as I have a little more time to finish it.

Posted by mikshaw on June 20 2007,19:40
Quote
DSL boots by default to user dsl with sudo privileges but not direct root privileges. This is the proper, more secure way of running a Unix/Linux environment.
While I agree with your post as a whole, this one comment is something I don't fully agree with. It's my personal belief that the "proper" way to do it would be to require a root password for *any* root access. DSL makes it a little too easy for my own taste.  I've made it a point to create both a dsl and root password, but still have not fully addressed this aspect of security to my liking.  At some point I'll either modify sudoers (which is still a very confusing topic for me) or create a replacement script for the sudo command on top of my PATH (e.g., running "su -c $@" whenever sudo is called). For now, though, I have no idea how complicated it might be for applications like mydsl, which run in X but spawn scripts that use sudo, and haven't had the desire to experiment with it yet.

Posted by lucky13 on June 21 2007,00:29
Oh, let me clarify. I don't think DSL does it totally "right" (that's why I'm doing the hardening page), but at least DSL has separate users/permissions and doesn't log in as root by default (or SOLELY) as the other live CD distros I mentioned do. That's, IMO, inexcusable for anything that's set up to be installed (and Puppy and dyne both have installation scripts/instructions). I think sudo is a tolerable concession, albeit an imperfect one.

I share your concern. The hardening page I alluded to covers sudo. My own policy is to clear out sudoers and use su instead. I don't even have sudo set up on my BSDs or Slack installs, but it seems like every Debian-based distro I've used includes it by default.

Posted by mikshaw on June 21 2007,04:13
I had used sudo (or sux for X apps) + root password in Suse, which I think was the default way to use sudo in that distro.  In Slackware I had originally tried to do the same as in Suse, but failed to properly configure sudoers. Somehow it ended up wanting the normal user's password rather than root's, which I thought was pointless. Anyway, in Slack I now just use su -c <command>, which does pretty much the same thing as Suse's sudo. Most X apps apparently don't work with this, but that's not a big deal.
Posted by lucky13 on June 21 2007,11:08
I don't have experience with Suse, but that seems odd. The password in Slackware is the proper way sudo works (user password rather than root). The man page for sudo says, "NOTE: in the default configuration this is the user's password, not the root password."
(edit: add link below)
< http://www.gratisoft.us/sudo/man/sudo.html >

The rationale is that it's to verify an actual user who's already been deemed competent enough to be included in sudoers. If it were tied to root password, it would basically be like using su. Which, like I said, I find preferable anyway.

(additional edit): I wouldn't think tying sudo to root password would be a good idea unless it's a single user system (and even then it's probably not a good idea). On a larger system where there might be many people with various levels of sudo privileges, you would want to verify them with their own passwords rather than doling out the root password to all (any!) of them.

Posted by mikshaw on June 21 2007,15:03
I didn't think about the added security of using your own password rather than root's. It's still password-protected, but this way allows the admin to limit your root usage.  And it also explains why there is any point at all in using sudo rather than su. Smart.
Posted by lucky13 on June 21 2007,22:27
Like most concessions to convenience, it's only going to be as secure or insecure as you make it. It's insecure if your computer boots straight into X as user dsl -- anyone who turns on your computer has root access, whether you want that person to have it or not.
Posted by roberts on June 21 2007,22:48
It would certainly make development easier if I made everything run as root. In fact, when I first joined DSL development, I added user damnsmall and later renamed it to dsl. I still think that that is preferable and was a proper decision.

If friendliness is defined as not having to know or understand *nix permissions, thus running your system ala early Windows versions, then count me out.

On the otherhand, a live CD needs to have sudo ala Knoppix.
I added the boot option secure to prompt for a root and dsl password. And by adding to .filetool.lst you can have these values persist.

There certainly could be hardening of the traditional hard drive installation but that is not the development direction that I am pursuing. If it is your choice to use a traditional hard drive installation there are better small hard drive installers for current Debian based system.

You need to draw the line somewhere. I don't think DSL or Knoppix is off on what we have provided.

Posted by lucky13 on June 22 2007,01:01
Quote
There certainly could be hardening of the traditional hard drive installation... I don't think DSL or Knoppix is off on what we have provided.

My idea of "hardening" also includes booting dsl secure in frugal installs. I hope to have time to finish my hardening/security page this weekend (especially if it doesn't stop raining here).

I also don't think DSL or Knoppix are "off" for using sudo. I'm not a fan of sudo for a lot of reasons (such as an attacker only needing a user password to make changes; an attacker doesn't even need a password in DSL frugal without secure which is why I think that should be a default setting), but I also see it as a convenience and a way to restrict what different users can do on a system without giving them root password/access.

Posted by mikshaw on June 22 2007,01:30
Quote
anyone who turns on your computer has root access
Although I haven't used it myself, it seems that encryption is about the only way to really protect your data, since you mention local access. A user could have his own liveCD, or add/remove boot options to override your passwords or log in as root if you have frugal-grub.

Posted by lucky13 on June 22 2007,02:31
Quote
it seems that encryption is about the only way to really protect your data

True, and that goes for whatever OS you run. A live CD can be a useful tool in good hands or it can mean serious compromise of a system in bad hands. There's not much that can be done to prevent such access aside from setting BIOS to not boot from CDROM (which, of course, can be changed easily back so at best it's a small hurdle). And in most cases, even encrypted files wouldn't be completely safe from deletion or attempts at file corruption with live CD access. (That's a case for non-localized backups and for using an application like truecrypt or even steganography to hide data in a hidden block or in files where it would presumably be out of open sight from attackers.)

Running frugal on a dual boot system without using the secure cheatcode allows anyone who boots DSL to access other partitions. As secure as the read-only frugal partition is (reboot! restore!), it does nothing to protect the data on any other partition on the system. That's one of the specific issues I raise in my hardening paper.

Powered by Ikonboard 3.1.2a
Ikonboard © 2001 Jarvis Entertainment Group, Inc.