October 13th, 2008

Posted by Christopher Dawson

There is a reason that the OpenOffice.org 3.0 servers are struggling to keep up with demand. OO.org 3.0 really is a serious upgrade over version 2.4 and makes NeoOffice irrelevant for Mac OS X users (previously, OpenOffice only worked within X11; While NeoOffice did a great job porting OO.org to native OS X, OO.org 3.0 works out of the box in OS X as a native Aqua application).

Last week I asked if OpenOffice was good enough. The general consensus? OO.org is good enough to start a flame war, but we’re not really sure if it’s good enough to be a serious competitor to MS Office.

Now that OO.org 3.0 is out, I’m having a much tougher time seeing both sides of the issue here (I actually like Office 2007/2008, by the way; I think they’re slick, well-polished, canadian cialis and highly functional). I had never liked the OpenOffice equation editor; this version brings a very nice graphical and text-based hybrid editor to us math teachers. Mail merge was clunky in OO.org; this version brings a mail merge wizard and improved label templates. Outline numbering tended to be a bit kludgy for notetaking in OO; this version improves the stability and interface of outlining.

Annotations are now incredibly easy to add (Insert, Note) and Office 2007/2008 formats are supported across the board. While Microsoft has dumped VBA support in Office 2008, OO.org users can run Visual Basic scripting, as well as Python and Javascript.

I’m not actually bashing MS Office here. It’s a great suite and they still have something that OpenOffice lacks: Publisher. However, Publisher was lacking on the Mac platform anyway and *nix users haven’t had access to MS Office (including Publisher) without some serious Wine work. Speaking of Access, OpenOffice continues to bring a solid database offering to all platforms. Is it as powerful as Access? I don’t think so (let’s face it – Access 2007 rocks). However, Mac, *nix, and Windows users can all interchange databases and use OO.org Base as a front end to a variety of data sources (including MySQL).

OpenOffice.org is not a clone of Office 2007 (good call, Sun). It’s a full-featured suite that gives us everything we need from MS Office and the world of productivity software while keeping the bottom line quite a bit more reasonable (you don’t get any more reasonable than free).

Yes, OO.org has been good enough for a long time; the latest release should leave little doubt for any users who had been on the fence.

October 10th, 2008

Posted by Christopher Dawson

Yes.

OK, obviously there’s more to this story than my tongue-in-cheek answer. This came up after one of our supercool, power user secretaries (who is an Office 2003/2007 wiz) ran a training session for the other secretaries in the district. The other secretaries are largely using OpenOffice (NeoOffice, actually, since OO.org for OS X still isn’t where it needs to be). It’s also worth noting that these secretaries have quite a spectrum of abilities from quite proficient to looking for the “any key.”

The training session actually centered on our student information system, but touched on OpenOffice as a tool for manipulating data extracted from the SIS. Whether it was for a mail merge or simply easy sorting and reporting of various fields, Excel (and OpenOffice Calc) is a necessary tool in most secretaries’ can you buy cialis without a prescription bag of tricks.

My uber-secretary leading the training had only recently begun using OpenOffice and really prefers the slick, polished interface of Office 2007 (and the utter simplicity of mail merges and labels that OpenOffice just can’t match). She raised the question of whether OpenOffice could fully meet the needs of a secretary or if it lacked the automation tools that they need to maximize productivity.

The other secretaries largely consider OO “fine.” They don’t love it, they don’t hate it, but they appreciate that I was able to buy an extra computer for what I saved in licensing costs among the secretarial and nursing staff. Of course, they simply aren’t as proficient as the secretary I had doing the training.

So there it is: Is OpenOffice good enough?

I still stick with my original answer: yes, it is. For the vast majority of users (students, teachers, and administrators, especially), OpenOffice is more than good enough. The price is certainly right, too.

Even for the most savvy power users, OpenOffice will suffice. However, secretaries, as we all know, run our schools. Anything we can do to keep them happy and make them as productive as possible should probably be a high priority for us. For some of them, Microsoft Office (especially its latest iteration which actually is a very nice piece of software) just might be worth the licensing if it meets their needs better.

buying generic cialis

IrfanView is a fast and compact image viewer/converter that's added even more features to its best attribute: resizing and cropping pictures quickly.
License: Free
OS: Windows 95/98/Me/NT/2000/XP/2003 Server/Vista

September 10th, 2008

Posted by Ed Bott

Update, 12-September, 5:45AM PDT: Apple has issued a revised download for iTunes 8 intended to correct this problem. My analysis is in this follow-up post.

I’m reading lots of complaints about the new iTunes 8 update causing horrific problems on Windows machines, including widespread reports of STOP errors, aka the Blue Screen of Death. My colleague Adrian Kingsley-Hughes has asked readers for reports and Gizmodo has a sketchy post as well. How can this be happening? Assuming that the underlying hardware is working correctly, STOP errors can only be caused by kernel-level drivers or system services. A poorly written program can crash itself but not the entire system. So how can a supposedly simple software update cause a fatal crash?

Maybe because this isn’t a simple software update. Once again, Apple is using its automatic update process to deliver massive amounts of new software to users, including a device driver that has a long and buying cialis checkered history of causing the Blue Screen Of Death to appear. And it’s delivering this massive payload without even a pretense of proper disclosure and without asking consent from its users.

I was able to reproduce a crash using an iPod and iTunes 8 and fixed it by removing the suspicious driver. I’ve dissected the process and put together a gallery that shows how extensive the infiltration is and where you can find the likely culprit.

To see what software is sneaking along with the upgrade,
see my image gallery: Apple’s sneaky iTunes 8 install

Here’s a blow-by-blow analysis of what happens when you allow Apple Software Update to install iTunes 8:

The first thing you see is a notice from Apple Software Update. It promises an update to iTunes+QuickTime and says nothing about any other software.

Next, you accept a license agreement, which also makes no mention of anything other than iTunes. According to a code at the end of the license agreement, it has not been updated since October 2007.

After you enter your administrator’s credentials in a dialog box, the download and installation proceed automatically. The downloader dialog box notes that the complete install package is nearly 80MB in size, but the size shown in its progress bar changes several times.

Opening the folder where Apple Software Update stores its temporary files reveals what’s really going on. The download consists of five installer packages and a master setup program. In addition to iTunes and QuickTime, the package includes the Bonjour service (which has been a part of iTunes for a long time), plus Apple Mobile Device Support and MobileMe. The latter two packages appeared for the first time, according to Ars Technica and other sources, in the July update to iTunes. And a look inside Control Panel shows that this time around, Apple is giving Windows users an opportunity to uninstall MobileMe, which they didn’t do in the previous update.

When I used an antispyware tool (Sunbelt Software’s VIPRE), it detected that a new Apple program was loading at startup. Although it went by the prosaic name AppleSyncNotifier, its icon reveals that it’s actually MobileMe.

But in addition to all that software, Apple is also sneaking a couple of driver updates onto the system. One is a USB controller update, which is apparently used when connecting an iPod or iPhone to the system. On my system, this driver file was copied to the system but was not installed until I connected an iPod Mini via a USB port. Most of the trouble reports on the Apple forum indicate that this driver is identifying itself in the text that appears on the STOP error page. The only clue that this driver is being installed is in the System Restore dialog box.

In addition to this driver, the system also updates the GEARAspiWDM.sys driver (in Windows\System32\Drivers). I had to dig deep to discover this change, which is not documented anywhere. This driver is typically used with third-party programs that write to CD and DVD drives. The old iTunes versions of this driver is dated January 29, 2008. The new one is from April 17, 2008. This driver has a long and colorful history of causing Windows crashes. [Update 17-Sep: After looking deeper, I can confirm that Apple’s driver is the culprit and that Gear’s driver is unrelated to these crashes. In fact, Gear’s signed driver might even be an innocent bystander in a separate iTunes support issue. See my follow-up post “Apple, not Gear, deserves the blame for iTunes crashes” for details.] I remember dealing with it back in Windows 2000 days. And sure enough, a search for GEARAspiWDM.sys BSOD turns up thousands of hits. I’ve also found anecdotal reports of this driver causing iTunes to crash, including this one from the Gear Software forum last May. The image below shows the Previous Versions dialog box, which I used to determine that the file had been updated.

When I plugged an iPod Nano into my Windows Vista system for the first time, it offered to install a driver and then asked me to reboot. When I restarted, I plugged in the iPod again and the machine locked up solid. No blue screen, just a black screen that didn’t respond to any input. After a restart, I tried again and got the same result when I attempted to open iTunes.

For the third try, I decided to replace the GEARAspiWDM.sys driver file with its earlier version. I used the Previous Versions feature of Windows Vista Ultimate to find the older version, copied it to my desktop, deleted the newer driver, and then copied the January version to the Drivers folder. This time iTunes opened just fine, displaying the contents of the iPod. (When I simply deleted the driver file, I got an error upon starting iTunes warning me that my installation was incomplete and that I might not be able to burn CDs or DVDs until I completed it.)

I can’t say my tests are conclusive, but my long history with this file suggests that it might well be at the root of the problem for others as well.

An even bigger problem is Apple’s attitude toward its Windows customers. These additional software packages and drivers are being installed with no disclosure and no consent. A pile of software, including the troubled MobileMe service, is also being installed and enabled at startup on Windows machines, even where the user has no MobileMe account and, for that matter, no mobile device.

Apple’s Get a Mac ads love to tweak Microsoft for its frequent crashes. Someone from Apple needs to look in the mirror and realize that they’re the problem in this case.

September 24th, 2008

Posted by Dancho Danchev

In what is slowly turning into a endless loop of hacktivism activities, Bill O’Reilly’s BillOreilly.com has been compromised during the weekend, with personal details including passwords in plain text for 205 of the site’s members already leaking across Internet forums, as a response to his remarks regarding Wikileaks as a “one of those despicable, slimy, scummy websites” which recently published private information of Sarah Palin’s private email.

On Friday, Wikileaks issued the following press release :

“Fox News demagogue, Bill O’Reilly, has been hacked and the details passed to Wikileaks. Wikileaks has been informed the hack was a response to the pundit’s scurrilous attacks over the Sarah Palin’s email story–including on Wikileaks and other members of the press, Hacktivists, thumbing their noses at the pundit, took control of O’Reilly’s main site, BillOReilly.com. According to our source, the security protecting O’Reilly’s site and subscribers was “non-existent”.

The following image, submitted to Wikileaks and confirmed by Wikileaks staff, offers proof of the hack. The image, clearly obtained from BillOreilly.com’s administrative interface, shows a detailed list — including passwords — of BillOreilly.com subscribers. Although Wikileaks has only released one page, it must be assumed that Bill O’Reilly’s entire subscriber list is, as of now, in the public domain.”

How did they do it “this time”?

According to the article at Wikileaks, the hacktivists seem to have been brute forcing the URL for the administration panel, and once successfully finding it, access the unencrypted data :

“According to Marston, the hackers were able to access the list by trying a large number of variations of the website’s administrative URL. He said all affected members have received an email and a phone call informing them of the breach and urging them to change their password. The site has since been completely locked down, Marston said.”

Moreover, it’s also worth pointing out that the passwords were stored unencrypted, evidence of the practice can also be seen within the screenshots of the admin panel. As far as the website’s administrative URL is concerned, it has since been changed once it leaked online (w3.billoreilly.com/pg/jsp/admin/managecustomers/newpremiummembers.jsp), which isn’t excluding the opportunity for abuse of the subscribers email addresses in spear phishing attacks, “for starters” since some of the users have already admitted of using the same password at different web sites, including PayPal.

The impact of the breach, and the measures taken to notify the victims according to the site :

“The BillOReilly.com site experienced a minor hacking incident on Friday, September 19th, 2008.

** ALL CREDIT CARD INFORMATION FOR EVERY MEMBER IS SAFE
** NO MEMBERS WHO JOINED BEFORE WEDNESDAY, SEPTEMBER 14th, 2008 WERE AFFECTED AT ALL.
** 205 new Premium Members who signed up last week had their name, hometown, email address, & BillOReilly.com password stolen.
** We have contacted those 205 members by email and telephone.
** We are working with the proper authorities to track down the perpetrators. “

Another personal message issued by Bill O’Reilly regarding the process of tracking down the “perpetrators” was posted on Sunday :

“The FBI and Secret Service are close to indicting some of the perpetrators and we will keep you posted when the arrests are made. All premium members receive the full backing of our legal team and if anyone is hassled in the least, please inform us immediately. In the latest case, no proprietary information was obtained by hackers and we have safeguards in place to protect everyone who does business with us.

Rest assured that we are on this. Our defense of Sarah Palin has led some criminals to attempt to disrupt our enterprise. At this moment federal authorites and our attorneys are compling information against these people. Again, if any person is bothered in any way – please let us know. We stand behind our products but, most importantly, we stand behind you. We’ll get the bad guys. Count on it.

Bill O’Reilly
9/21/08″

Who’s claimed responsibility? 4chan members planning at Ebaumsworld using “secret words” :

“According to my source this is a common tactic among the secret hacking group hidden amongst the users of ebaumsworld. he states “yeah we will start planning on 4chan so ebaums doesnt get in trouble…we use secret words and stuff to let the others know who we are” when i asked why he was telling me all this he said “man this has just gone too far.. at first it was a joke then we found out that the same usernames and passwords worked for those peoples paypal accounts and im afraid of what they will buying cialis without prescription do.”

It appears that the “forum fraction” is also planning a DDoS attack against BillOreilly.com according to this interview, which wouldn’t be the first time the site has been under DDoS attack, and definitely not the last. From an analyst’s perspective, nation2nation hacktivism conflicts always provide the best and most accurate understanding of a particular’s country’s capabilities into this space, compared to hacktivism actions basically sticking to the standard practices as DDoS attacks, which just like any tip of the iceberg receive most of the attention due to the ease of measuring their impact next to the rest of the hacktivism tactics used.

The bottom line – good time to point out why you shouldn’t use the same password on different web services, and that the big picture having to do with Wikileak’s vision of a little less secrecy, and a little bit more transparency, ultimately better serves the world and gives power to the people whose collective consciousness, if not brainwashed, is supposed to be shaping the way we live.