SLAX 9.11 revisited

Forum Forums General Other Distros SLAX 9.11 revisited

  • This topic has 13 replies, 5 voices, and was last updated Jan 10-3:41 am by Brian Masinick.
Viewing 14 posts - 1 through 14 (of 14 total)
  • Author
    Posts
  • #49256
    Member
    PDP-8

    Gosh, I forgot about SLAX as I last used it many many years ago. Just found it again, (latest version 9.11 based on Debian Stretch) but this time instead of the whole user-contributed module/container thing when it first started, it relies upon Debian in the normal way for any application installation beyond the supplied basics. I guess I’m late to the party when they switched from Slackware to Debian based releases.

    I had to laugh at myself because for the life of me I couldn’t get it to boot with DD or any image burner I know of.

    That’s because SLAX iso (and relative Porteus) are merely opened / mounted, the SLAX directory copied from the iso onto your target usb stick, and then you run either the windows or unix shell script which takes care of installing the bootloader on that persistent stick.

    That’ll teach me not to read the readme file. 🙂

    Anyhoo, forgot how “lean and mean” the Xlunch desktop is. Ah, the joys of doing things in the terminal, like enabling DPMS power saving with

    xset dpms force on

    Hmmm … maybe when I get some time I can see if I can nab AntiX-core, put Xlunch on it, and see what happens..

    • This topic was modified 5 months, 2 weeks ago by PDP-8. Reason: typos
    #49259
    Member
    skidoo
    Helpful
    Up
    0
    :D

    search the forum here for my prior recent slax topic.
    The current version of slax contains preinstalled “malware”.
    Upon installation of web browser package, a hook silently installs a bitcoin miner extension.

    No documentation of the miner presented within the iso and no mention of it on the slax.org site.
    NOT cool.

    VoteCoin
    https://github.com/Tomas-M?tab=repositories

    #49303
    Moderator
    Brian Masinick
    Helpful
    Up
    0
    :D

    @skidoo: Thank you very much for your reminder; I had forgotten about this, so your reminder is *definitely* appreciated!

    Brian Masinick

    #49348
    Member
    PDP-8
    Helpful
    Up
    0
    :D

    Good point – I saw that and removed it. Then again, I’m not going online much with Slax anyway, so for me it’s a “point in time” kind of installation and study.

    Makes me wonder if someone other than the author tampered with the repo. We should probably ask him!

    Bootloader:
    Rather than having a user DD or use an image burning app, simply copying a directory off an opened iso to a target disk, and running a shell script or windows bat file on the target disk to do the job of installing the bootloader interesting.

    There must be a reason why more don’t do this, (Aside from Slax and Porteus) but I don’t know why or what the disadvantages are…

    • This reply was modified 5 months, 2 weeks ago by PDP-8.
    #49359
    Member
    PDP-8
    Helpful
    Up
    0
    :D

    Skidoo – thanks for pointing that git link to the cryptominer built-in to Slax. Like you say, NOT COOL!

    Not only is that NOT COOL, I can no longer trust ANY OF HIS OTHER CODE either! It’s so sad to see someone shoot their project in the foot this way.

    I purged it, and reinstalled it – nope – all that cryptominer crap in Chromium is still there. You can’t even easily disable it! I apt-purged it again, and installed Firefox-ESR instead which seems like a reasonable alternative.

    But then I thought about it – and sadly, SLAX is not worth it and it went into /dev/null immediately.

    Frankly, I’m pissed. And saddened at the same time. All that work wasted…

    Thanks for pointing this out.

    • This reply was modified 5 months, 2 weeks ago by PDP-8.
    #49382
    Member
    skidoo
    Helpful
    Up
    0
    :D

    a “point in time” kind of installation and study

    https://grml.org and https://github.com/grml

    Rather than having a user DD or use an image burning app…

    https://grml.org/grml2usb/ for study, scroll the page and note the file tree

    #49465
    Member
    olsztyn
    Helpful
    Up
    0
    :D

    Skidoo – thanks for pointing that git link to the cryptominer built-in to Slax. Like you say, NOT COOL!
    Not only is that NOT COOL, I can no longer trust ANY OF HIS OTHER CODE either! It’s so sad to see someone shoot their project in the foot this way.

    Please correct me if I am wrong on this but my original understanding was this bitcoin miner extension for Chromium in Slax was included for the user, not as malware, as ready to go tool to mine bitcoin. Not necessarily it would make you rich quick but rather as curiosity to play with.
    So if it is indeed malware for someone to leverage your machine, then it is quite surprising. I thought, being careful to not jump to conclusion, the author is a respectable person…

    #49468
    Member
    skidoo
    Helpful
    Up
    0
    :D

    my original understanding was

    How / where did you gain your “original understanding”?
    Documentation is available via the slax kiosk-like xlunch desktop UI… and I somehow missed seeing it?

    included for the user, not as malware, as ready to go tool to mine bitcoin.

    Does not mine “bitcoin”. Does mine Tomas’ own (invented by) VoteCoin

    — undocumented
    — autoinstalled + autostarted
    — needlessly induces CPU load and drains battery
    — by design, injects a fingerprintable detail (walletid) into the browser configuration
    — if discovered by the user, cannot be easily uninstalled

    “malware” certainly seems like a reasonable descriptor.

    curiosity to play with

    That premise would still be barely plausible even if an alert user could, at least, opt-out and deactivate/uninstall the miner.

    ps:
    I do applaud your “careful to not jump to conclusion” outlook.

    #49470
    Member
    olsztyn
    Helpful
    Up
    0
    :D

    Thank you skidoo for this insight. Taking your in-depth research I do agree one should be aware of this cryptomining extension as falling into suspicious category.

    #49512
    Member
    PDP-8
    Helpful
    Up
    0
    :D

    The good thing about this is that Skidoo got me to look at GRML, which I had overlooked before for study.

    I just wish that the Slax author would have made something like this an opt-in *documented* choice, not something to discovered by accident, especially ironic considering all the other documentation I liked.

    Actually, I would like ALL distro devs to leave browser extensions alone. Let *ME* decide to use extensions like Ublock Origin, Privacy Badger, et all and install them myself. And yes, even political bookmarks to tell the truth. But there is a huge difference between simple bookmarks, and cryptominer extensions!!

    So I’ve got nothing against the Slax author, just the decision to do something like this in an undocumented manner for the average user.

    #49520
    Forum Admin
    anticapitalista
    Helpful
    Up
    0
    :D

    Rest assured that antiX will continue to add political bookmarks for as long as we exist as a distro.

    Philosophers have interpreted the world in many ways; the point is to change it.

    antiX with runit - leaner and meaner.

    #49524
    Moderator
    Brian Masinick
    Helpful
    Up
    0
    :D

    Rest assured that antiX will continue to add political bookmarks for as long as we exist as a distro.

    I look forward to seeing more of your”flavor” of freedom of speech.

    I don’t know of another current distribution that freely speaks up, regardless of the viewpoint. Bravo!

    Brian Masinick

    #49533
    Member
    olsztyn
    Helpful
    Up
    0
    :D

    Rest assured that antiX will continue to add political bookmarks for as long as we exist as a distro.

    I did particularly like the bookmark to Karl Marx picture some time ago, with all my respect, even if such bookmark may no longer be popular… Here I do agree with Brian. Freedom of speech should be protected at all cost. Such freedom of speech is under assault now, when it is squelched if not not in line with the ruling party’s doctrine. Big corporations such as Facebook and Twitter, working together with the ruling party came to control of what we are allowed to say, suppressing any political dissent and freedom of speech… This is not supposed to happen in free world, right?…

    But there is a huge difference between simple bookmarks, and cryptominer extensions!!

    Indeed. It should have been documented better, even if no harm is meant… Here thanks to skidoo for research done…
    Best Regards…

    #49540
    Moderator
    Brian Masinick
    Helpful
    Up
    0
    :D

    Precisely!

    Whether or not we agree multiple opinions are what help people listen and have an open mind.

    When I started the thread about future capabilities and features for the release I never had any intention of telling anyone else what to do. I merely attempted to get the opinion of others.

    As far as I am concerned, as long as anticapitalista is in charge, the decisions belong to him and anyone he chooses.

    Brian Masinick

Viewing 14 posts - 1 through 14 (of 14 total)
  • You must be logged in to reply to this topic.