- This topic has 16 replies, 7 voices, and was last updated Apr 3-9:09 am by TomasM.
-
Posts
-
PDP-8
Gosh, I forgot about SLAX as I last used it many many years ago. Just found it again, (latest version 9.11 based on Debian Stretch) but this time instead of the whole user-contributed module/container thing when it first started, it relies upon Debian in the normal way for any application installation beyond the supplied basics. I guess I’m late to the party when they switched from Slackware to Debian based releases.
I had to laugh at myself because for the life of me I couldn’t get it to boot with DD or any image burner I know of.
That’s because SLAX iso (and relative Porteus) are merely opened / mounted, the SLAX directory copied from the iso onto your target usb stick, and then you run either the windows or unix shell script which takes care of installing the bootloader on that persistent stick.
That’ll teach me not to read the readme file. 🙂
Anyhoo, forgot how “lean and mean” the Xlunch desktop is. Ah, the joys of doing things in the terminal, like enabling DPMS power saving with
xset dpms force on
Hmmm … maybe when I get some time I can see if I can nab AntiX-core, put Xlunch on it, and see what happens..
- This topic was modified 2 years, 3 months ago by PDP-8. Reason: typos
Anonymous
search the forum here for my prior recent slax topic.
The current version of slax contains preinstalled “malware”.
Upon installation of web browser package, a hook silently installs a bitcoin miner extension.No documentation of the miner presented within the iso and no mention of it on the slax.org site.
NOT cool.
Brian Masinick
@skidoo: Thank you very much for your reminder; I had forgotten about this, so your reminder is *definitely* appreciated!
--
Brian MasinickGood point – I saw that and removed it. Then again, I’m not going online much with Slax anyway, so for me it’s a “point in time” kind of installation and study.
Makes me wonder if someone other than the author tampered with the repo. We should probably ask him!
Bootloader:
Rather than having a user DD or use an image burning app, simply copying a directory off an opened iso to a target disk, and running a shell script or windows bat file on the target disk to do the job of installing the bootloader interesting.There must be a reason why more don’t do this, (Aside from Slax and Porteus) but I don’t know why or what the disadvantages are…
- This reply was modified 2 years, 3 months ago by PDP-8.
Skidoo – thanks for pointing that git link to the cryptominer built-in to Slax. Like you say, NOT COOL!
Not only is that NOT COOL, I can no longer trust ANY OF HIS OTHER CODE either! It’s so sad to see someone shoot their project in the foot this way.
I purged it, and reinstalled it – nope – all that cryptominer crap in Chromium is still there. You can’t even easily disable it! I apt-purged it again, and installed Firefox-ESR instead which seems like a reasonable alternative.
But then I thought about it – and sadly, SLAX is not worth it and it went into /dev/null immediately.
Frankly, I’m pissed. And saddened at the same time. All that work wasted…
Thanks for pointing this out.
- This reply was modified 2 years, 3 months ago by PDP-8.
a “point in time” kind of installation and study
https://grml.org and https://github.com/grml
Rather than having a user DD or use an image burning app…
https://grml.org/grml2usb/ for study, scroll the page and note the file tree
olsztyn
Skidoo – thanks for pointing that git link to the cryptominer built-in to Slax. Like you say, NOT COOL!
Not only is that NOT COOL, I can no longer trust ANY OF HIS OTHER CODE either! It’s so sad to see someone shoot their project in the foot this way.Please correct me if I am wrong on this but my original understanding was this bitcoin miner extension for Chromium in Slax was included for the user, not as malware, as ready to go tool to mine bitcoin. Not necessarily it would make you rich quick but rather as curiosity to play with.
So if it is indeed malware for someone to leverage your machine, then it is quite surprising. I thought, being careful to not jump to conclusion, the author is a respectable person…Live antiX Boot Options (Previously posted by Xecure):
https://antixlinuxfan.miraheze.org/wiki/Table_of_antiX_Boot_Parametersmy original understanding was
How / where did you gain your “original understanding”?
Documentation is available via the slax kiosk-like xlunch desktop UI… and I somehow missed seeing it?included for the user, not as malware, as ready to go tool to mine bitcoin.
Does not mine “bitcoin”. Does mine Tomas’ own (invented by) VoteCoin
— undocumented
— autoinstalled + autostarted
— needlessly induces CPU load and drains battery
— by design, injects a fingerprintable detail (walletid) into the browser configuration
— if discovered by the user, cannot be easily uninstalled“malware” certainly seems like a reasonable descriptor.
curiosity to play with
That premise would still be barely plausible even if an alert user could, at least, opt-out and deactivate/uninstall the miner.
ps:
I do applaud your “careful to not jump to conclusion” outlook.Thank you skidoo for this insight. Taking your in-depth research I do agree one should be aware of this cryptomining extension as falling into suspicious category.
Live antiX Boot Options (Previously posted by Xecure):
https://antixlinuxfan.miraheze.org/wiki/Table_of_antiX_Boot_ParametersThe good thing about this is that Skidoo got me to look at GRML, which I had overlooked before for study.
I just wish that the Slax author would have made something like this an opt-in *documented* choice, not something to discovered by accident, especially ironic considering all the other documentation I liked.
Actually, I would like ALL distro devs to leave browser extensions alone. Let *ME* decide to use extensions like Ublock Origin, Privacy Badger, et all and install them myself. And yes, even political bookmarks to tell the truth. But there is a huge difference between simple bookmarks, and cryptominer extensions!!
So I’ve got nothing against the Slax author, just the decision to do something like this in an undocumented manner for the average user.
anticapitalista
Rest assured that antiX will continue to add political bookmarks for as long as we exist as a distro.
Philosophers have interpreted the world in many ways; the point is to change it.
antiX with runit - leaner and meaner.
Brian Masinick
Rest assured that antiX will continue to add political bookmarks for as long as we exist as a distro.
I look forward to seeing more of your”flavor” of freedom of speech.
I don’t know of another current distribution that freely speaks up, regardless of the viewpoint. Bravo!
--
Brian MasinickRest assured that antiX will continue to add political bookmarks for as long as we exist as a distro.
I did particularly like the bookmark to Karl Marx picture some time ago, with all my respect, even if such bookmark may no longer be popular… Here I do agree with Brian. Freedom of speech should be protected at all cost. Such freedom of speech is under assault now, when it is squelched if not not in line with the ruling party’s doctrine. Big corporations such as Facebook and Twitter, working together with the ruling party came to control of what we are allowed to say, suppressing any political dissent and freedom of speech… This is not supposed to happen in free world, right?…
But there is a huge difference between simple bookmarks, and cryptominer extensions!!
Indeed. It should have been documented better, even if no harm is meant… Here thanks to skidoo for research done…
Best Regards…Live antiX Boot Options (Previously posted by Xecure):
https://antixlinuxfan.miraheze.org/wiki/Table_of_antiX_Boot_ParametersBrian Masinick
Precisely!
Whether or not we agree multiple opinions are what help people listen and have an open mind.
When I started the thread about future capabilities and features for the release I never had any intention of telling anyone else what to do. I merely attempted to get the opinion of others.
As far as I am concerned, as long as anticapitalista is in charge, the decisions belong to him and anyone he chooses.
--
Brian Masinick
TomasM
Hi guys, this is Tomas M, the author of Slax.
Please help me better understand the situation.Why do you think there is a crypto miner in Slax?
EDIT: ah, now I can see, you are talking about old Slax version, 9.x, which contained optional installer for VoteCoin wallet. Well that is not a crypto miner, that is just a wallet software which could be installed by the user if he wants to. VoteCoin was my project but I abandoned it year ago, just for your info.
- This reply was modified 1 year, 1 month ago by TomasM.
- You must be logged in to reply to this topic.
