Re: [discuss] Concern
Martin Dickinson said the following on : Your product was discussed at my church last night and we were all informed that while it is an excellent product that is has a built-in tracking device that keeps up with all your web activities. Your comments please? That is false. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [discuss] Concern
Hello Martin, Someone lied to you. We would never have such an obscene invasion of privacy. No, our software does *not* have any form of tracking device. That's crazy. You may be interested to know that the source code for OpenOffice.org (that is, the blueprints) are public and available for all to see. Any programmer can study it and verify that we do not have any such thing. Best wishes, Daniel Carrera. OpenOffice.org volunteer. On Wed, Apr 13, 2005 at 08:04:29AM -0400, Martin Dickinson wrote: > Your product was discussed at my church last night and we were all informed > that while it is an excellent product that is has a built-in tracking device > that keeps up with all your web activities. Your comments please? -- Daniel Carrera | I don't want it perfect, Join OOoAuthors today! | I want it Tuesday. http://oooauthors.org | - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [discuss] Concern
None that I know of. Are you sure this person didn't confuse our product with someone elses? Daniel? Alex? Anyone? Rigel --- Martin Dickinson <[EMAIL PROTECTED]> wrote: > Your product was discussed at my church last night and we were all informed > that while it is an excellent product that is has a built-in tracking device > that keeps up with all your web activities. Your comments please? > __ Post your free ad now! http://personals.yahoo.ca - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [discuss] Concern
Rigel wrote: None that I know of. Are you sure this person didn't confuse our product with someone elses? Daniel? Alex? Anyone? Rigel Well, with MS you have to register office, and if you register like more than 10 times or something, it locks up on you FOREVER! That is if you re-format your hard drive 10 times (intentionally) with the same version of MS Office (not unheard of) you have to buy a new one! -- Peter Kupfer -- Using OOo since 'OO4 [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [discuss] Concern
That is simply not true. > -Original Message- > From: Martin Dickinson [mailto:[EMAIL PROTECTED] > Sent: Wednesday, April 13, 2005 5:04 AM > To: discuss@openoffice.org > Subject: [discuss] Concern > > > Your product was discussed at my church last night and we were > all informed > that while it is an excellent product that is has a built-in > tracking device > that keeps up with all your web activities. Your comments please? > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [discuss] Concern
Martin, I think the opiner has confused OOo with MS-Office 2003 or with MSIE. OOo has no tracking, especially not web. However, MS-Office 2003 (along with MS-Windows XP) has DRM functions which, as a side effect if activated, track who does tries to create, edit, copy, delete, rename, save, print, or mail a file. MSIE also has DRM functions which, if activated, have the side effect of tracking which web pages you visit, save, print, mail, or edit. Other recent versions of MS products do similar things, MS-Outlook also have DRM functions which, if activated, track who sends, prints, forwards, saves, or replies to an e-mail. -Lars Lars Nooden ([EMAIL PROTECTED]) Software patents harm all Net-based business, write your MEP: http://wwwdb.europarl.eu.int/ep6/owa/p_meps2.repartition?ilg=EN On Wed, 13 Apr 2005, Martin Dickinson wrote: Your product was discussed at my church last night and we were all informed that while it is an excellent product that is has a built-in tracking device that keeps up with all your web activities. Your comments please? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [discuss] Concern
Mensaje citado por Rigel <[EMAIL PROTECTED]>: > None that I know of. Are you sure this person didn't confuse our product with > someone elses? > > Daniel? > Alex? > Anyone? > > Rigel > --- Martin Dickinson <[EMAIL PROTECTED]> wrote: > > Your product was discussed at my church last night and we were all informed > > that while it is an excellent product that is has a built-in tracking > device > > that keeps up with all your web activities. Your comments please? > > Well is not the first time I heard about this, this is usually when ZoneAlarm or other desktop firewall warns you that OOo is looking for an open port. This is done whe OOo crashes and tries to send the crash reports to --- Sun. Some people has been put off by this and others has label them as spyware. -- Alexandro Colorado Co-Leader of OpenOffice.org Spanish http://es.openoffice.org/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [discuss] Concern
On Thu, 14 Apr 2005, Alexandro Colorado wrote: Well is not the first time I heard about this, this is usually when ZoneAlarm or other desktop firewall warns you that OOo is looking for an open port. This is done whe OOo crashes and tries to send the crash reports to --- Sun. Some people has been put off by this and others has label them as spyware. The bug reporting probably could work out an agreement with ZoneAlarm, Norton and other similar vendors, to reduce the confusion. -Lars Lars Nooden ([EMAIL PROTECTED]) Software patents harm all Net-based business, write your MEP: http://wwwdb.europarl.eu.int/ep6/owa/p_meps2.repartition?ilg=EN - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [discuss] Concern
On 4/14/05, Lars D. Noodén <[EMAIL PROTECTED]> wrote: > On Thu, 14 Apr 2005, Alexandro Colorado wrote: > > Well is not the first time I heard about this, this is usually when > > ZoneAlarm or other desktop firewall warns you that OOo is looking for an > > open port. This is done whe OOo crashes and tries to send the crash > > reports to --- Sun. > > > > Some people has been put off by this and others has label them as spyware. > > The bug reporting probably could work out an agreement with ZoneAlarm, > Norton and other similar vendors, to reduce the confusion. Well, without trying to be patronising to new users, how else is a bug report going to get to the developers, if it is not able to access the internet? The crash reporter outlines quite clearly that it has the task of *reporting* a crash, and that is simply what it does, no more and no less. There is no web traffic monitoring, and no other form of spyware. It is also pretty much impossible to have some sort of advanced agreement with firewall vendors to let your product through, as in many ways, that defeats the purpose of a firewall. Many firewalls also remember the exact executable location and structure, so if the file becomes trojanned or otherwise modified, the firewall can warn you. Regardless of whether a program is trustworthy or not, I would not trust a company/firewall where you could 'buy' a bypass for your application. Ultimately though, the implication of spyware is absolute nonsense. Not only is it entirely untrue and unfounded; but as Daniel rightly points out, the source code is available for all to see, so you can check through it (or have someone check through it for you) line by line to ensure that nothing untoward is going on. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [discuss] Concern
On Thu, 14 Apr 2005, Alan Madden wrote: [...] Regardless of whether a program is trustworthy or not, I would not trust a company/firewall where you could 'buy' a bypass for your application. Nor do I, but that is my understanding of how these things work. Ultimately though, the implication of spyware is absolute nonsense. Not only is it entirely untrue and unfounded; [..] Yes, but the potential for misunderstanding needs to be addressed in a proactive manner. There's also a bit of cognitive dissonance going on as well. MS products have lots of monitoring and backdoor-like behavior. However, the public seems jaded in regards to that. -Lars Lars Nooden ([EMAIL PROTECTED]) Software patents harm all Net-based business, write your MEP: http://wwwdb.europarl.eu.int/ep6/owa/p_meps2.repartition?ilg=EN - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [discuss] Concern
Is a perception, it doesn't need to be true. I guess we can inform him because he step forward but what about the otherones who didn't. -- Alexandro Colorado Co-Leader of OpenOffice.org Spanish http://es.openoffice.org/ Mensaje citado por Mike White <[EMAIL PROTECTED]>: > That is simply not true. > > > -Original Message- > > From: Martin Dickinson [mailto:[EMAIL PROTECTED] > > Sent: Wednesday, April 13, 2005 5:04 AM > > To: discuss@openoffice.org > > Subject: [discuss] Concern > > > > > > Your product was discussed at my church last night and we were > > all informed > > that while it is an excellent product that is has a built-in > > tracking device > > that keeps up with all your web activities. Your comments please? > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [discuss] Concern
This is NOT a missunderstanding OOo DOES look to communicate with Sun Servers and the firewalls do warn the user about it. The firewall is doing it's job. -- Alexandro Colorado Co-Leader of OpenOffice.org Spanish http://es.openoffice.org/ Mensaje citado por "Lars D. Noodén" <[EMAIL PROTECTED]>: > On Thu, 14 Apr 2005, Alan Madden wrote: > [...] > > Regardless of whether a program is trustworthy or not, I would not > > trust a company/firewall where you could 'buy' a bypass for your > > application. > > Nor do I, but that is my understanding of how these things work. > > > Ultimately though, the implication of spyware is absolute nonsense. > > Not only is it entirely untrue and unfounded; > [..] > > Yes, but the potential for misunderstanding needs to be addressed in a > proactive manner. There's also a bit of cognitive dissonance going on as > well. MS products have lots of monitoring and backdoor-like behavior. > However, the public seems jaded in regards to that. > > -Lars > Lars Nooden ([EMAIL PROTECTED]) > Software patents harm all Net-based business, write your MEP: > http://wwwdb.europarl.eu.int/ep6/owa/p_meps2.repartition?ilg=EN > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [discuss] Concern
It depends on what warning or error message the firewall is reporting. It is a misunderstanding in that there is a world of difference between monitoring all web activity and reporting a crash. I haven't seen OOo crash (have been using 1.1.4 for OS X heavily), so I can't say what goes on. However, if there isn't already a dialog, then the crash could spawn a dialog asking the user if it is ok to report the bug -- before trying to open any ports. There are at least two problems. One is the misinterpretation of the bug report. Another is the spread of misinformation/urban legend. Maybe a third is the behavior of the crash report. -Lars Lars Nooden ([EMAIL PROTECTED]) Software patents harm all Net-based business, write your MEP: http://wwwdb.europarl.eu.int/ep6/owa/p_meps2.repartition?ilg=EN On Thu, 14 Apr 2005, Alexandro Colorado wrote: This is NOT a missunderstanding OOo DOES look to communicate with Sun Servers and the firewalls do warn the user about it. The firewall is doing it's job. -- Alexandro Colorado Co-Leader of OpenOffice.org Spanish http://es.openoffice.org/ Mensaje citado por "Lars D. Noodén" <[EMAIL PROTECTED]>: On Thu, 14 Apr 2005, Alan Madden wrote: [...] Regardless of whether a program is trustworthy or not, I would not trust a company/firewall where you could 'buy' a bypass for your application. Nor do I, but that is my understanding of how these things work. Ultimately though, the implication of spyware is absolute nonsense. Not only is it entirely untrue and unfounded; [..] Yes, but the potential for misunderstanding needs to be addressed in a proactive manner. There's also a bit of cognitive dissonance going on as well. MS products have lots of monitoring and backdoor-like behavior. However, the public seems jaded in regards to that. -Lars Lars Nooden ([EMAIL PROTECTED]) Software patents harm all Net-based business, write your MEP: http://wwwdb.europarl.eu.int/ep6/owa/p_meps2.repartition?ilg=EN - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [discuss] Concern
Hi there! Lars D. Noodén wrote: It depends on what warning or error message the firewall is reporting. It is a misunderstanding in that there is a world of difference between monitoring all web activity and reporting a crash. I haven't seen OOo crash (have been using 1.1.4 for OS X heavily), so I can't say what goes on. However, if there isn't already a dialog, then the crash could spawn a dialog asking the user if it is ok to report the bug -- before trying to open any ports. That´s exactly what is being done. And the dialog also offers the possibility to have a look at the XML document that contains information about the office version and technical data about the crash. The only personal information in that XML document is the users email address which will only be included if explicitly entered and choosen to include for feedback by the user. The default on the checkbox in that dialog for including the email address is to not include it. Besides the XML document some binary data is also being send which could enable a developer to locate the root cause of the problem. The user can also enter a description of what was done before the crash occured. Before the user can select options for crash reporting a message is shown which is explaining everything. There are at least two problems. One is the misinterpretation of the bug report. Another is the spread of misinformation/urban legend. Those are really big problems yes. But it´s hard to understand that those occur at all because everything is explained to the user before the crash report is being send. And that a firewall triggers an alarm offering the user to reject or allow an Internet connection for any program not yet configured in the firewall and that it offers the user the possibility to configure a rule for the future and stuff like that is just normal behavior of a firewall. That´s what they are supposed to do. The text shown to the user before sending the crash report is the following ( see for your self that it is not so easy to misinterpret that as that the application would be sending any collected information other than technical data about the crash ) Welcome to the OpenOffice.org Error Report This report tool gathers information about how OpenOffice.org is working and sends it to Sun Microsystems to help improve future versions. It´s easy - just send the report without any further effort on your part by clicking 'Send' in the next dialog, or you can briefly describe how the error occured and then click 'Send'. If you want to see the report, click the 'Show Report' button. No data will be sent if you click 'Do Not Send'. Customer Privacy The information gathered is limited to data concerning the state of OpenOffice.org 2.0 when the error occured. Other information about passwords or document contents is not collected. The Information will only be used to improve the quality of OpenOffice.org and will not be shared with third parties. For more information on Sun Microsystems' privacy policy visit http://www.sun.com/privacy Maybe a third is the behavior of the crash report. I don´t see any misbehavior of the crash reporting process here. The user is explicitly informed with a long message about what is going on and can choose to send or not send the crash report. Misintrepretation of the crash reporting is only possible if people don´t read the text that explains the stuff, than eagerly click on SEND and than wonder about a firewall alarm. If you see a misbehavior here please explain. -Lars Lars Nooden ([EMAIL PROTECTED]) Software patents harm all Net-based business, write your MEP: http://wwwdb.europarl.eu.int/ep6/owa/p_meps2.repartition?ilg=EN On Thu, 14 Apr 2005, Alexandro Colorado wrote: This is NOT a missunderstanding OOo DOES look to communicate with Sun Servers and the firewalls do warn the user about it. The firewall is doing it's job. exactly! -- Alexandro Colorado Co-Leader of OpenOffice.org Spanish http://es.openoffice.org/ >> [... snip ...] Kind regards, Bernd Eilers - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
re: [discuss] concern
Sorry to have started a new thread on this question. Earthlink is doing something weird today. I actually had to go to the mail list server to read the mail today. Maybe this guy is talking about metadata? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [discuss] Concern
Ok. Thanks for explaining the dialog that reports a crash. [...] And that a firewall triggers an alarm offering the user to reject or allow an Internet connection for any program not yet configured in the firewall and that it offers the user the possibility to configure a rule for the future and stuff like that is just normal behavior of a firewall. That´s what they are supposed to do. I would think that the warning given by the firewall is of great importance. Think of the effect that the AARD error had on marketshare. Or that the Netware rumour spread by MS sales staff had on Netware marketshare. Most users are more than ignorant about any and all aspects of a firewall and have a superstitious approach to them, more so than other aspects of their computers. e.g. users that feel extra protected by running three different firewalls concurrently. e.g. or users that feel that running a firewall (that allows outgoing HTTP requests or incoming mail) will somehow protect them from MSIE or MS-Outlook problems, etc. So, since many (most?) users treat firewalls as some sort of protective voodoo or as an all-knowing oracle, it's very important that the operation of the firewall provide a positive psychological experience. [...] If you see a misbehavior here please explain. Not having seen the crash report dialog, I was merely speculating as to a possible cause of user confusion. The explanation cleared that up. -Lars Lars Nooden ([EMAIL PROTECTED]) Software patents harm all Net-based business, write your MEP: http://wwwdb.europarl.eu.int/ep6/owa/p_meps2.repartition?ilg=EN - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [discuss] Concern
On Thu, 14 Apr 2005, Alexandro Colorado wrote: This is NOT a missunderstanding OOo DOES look to communicate with Sun Servers and the firewalls do warn the user about it. The misunderstanding is on the side of the user about the nature of the connection. The firewall is doing it's job. It depends on how the connection attempt notification takes place (or that it takes place at all). There is a big difference between: Warning! Your computer is trying to sneak a connection to the Internet! Are you sure you wish to allow this? And Do you wish to allow OOo 1.1.x to file a bug report to developers at xxx.sun.com regarding the crash on DD/MMM/ at hh:mm:ss The following data will be included: X ... Y ... Z No other data or personal information will be transmitted or collected. -Lars Lars Nooden ([EMAIL PROTECTED]) Software patents harm all Net-based business, write your MEP: http://wwwdb.europarl.eu.int/ep6/owa/p_meps2.repartition?ilg=EN - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [discuss] Concern
How in the world is that the responsability of the Firewall to know? And how do you think that would make any difference to Joe Six Pack. The issue is on the user to blame not the firewall, if you ask the firewall to warn u when some app tries to connect to the internet to warn you. This happens on Linux too, you can blacklist your apps and notify on calls, thats all it happens. If the user is stupid and uneducated, no app in this known universe will make it smart. I would rather charge the user responsible for it's stupidity of not knowing how to use a firewall. Mensaje citado por "Lars D. Noodén" <[EMAIL PROTECTED]>: > On Thu, 14 Apr 2005, Alexandro Colorado wrote: > > This is NOT a missunderstanding OOo DOES look to communicate with Sun > > Servers and the firewalls do warn the user about it. > > The misunderstanding is on the side of the user about the nature of the > connection. > > > The firewall is doing it's job. > > It depends on how the connection attempt notification takes place (or that > it takes place at all). There is a big difference between: > > Warning! Your computer is trying to sneak a connection to the > Internet! Are you sure you wish to allow this? > > And > > Do you wish to allow OOo 1.1.x to file a bug report to > developers at xxx.sun.com regarding the crash > on DD/MMM/ at hh:mm:ss > The following data will be included: > X ... Y ... Z > No other data or personal information will be transmitted > or collected. > > -Lars > Lars Nooden ([EMAIL PROTECTED]) > Software patents harm all Net-based business, write your MEP: > http://wwwdb.europarl.eu.int/ep6/owa/p_meps2.repartition?ilg=EN > -- Alexandro Colorado Co-Leader of OpenOffice.org Spanish http://es.openoffice.org/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [discuss] Concern
What is the best way to enlighten the large population of end users that there are applications that track and report on all their activties and that OOo is not one of them? On Fri, 15 Apr 2005, Alexandro Colorado wrote: How in the world is that the responsability of the Firewall to know? The application vendor (OOo) would contact the firewall vendor. There are many windows applications and systems that "phone home", (e.g. WMP, RealPlayer, MS-Explorer, MS-Office 2003), but I assume the firewall lets that slide or gives a placating warning since there is no mainstream consumer complaint regarding those applications. And how do you think that would make any difference to Joe Six Pack. The tone of the firewall's response sets the tone of the end user's reaction, since most people (even many admins) don't know anything about firewalls, not even the concept behind them. The issue is on the user to blame not the firewall, if you ask the firewall to warn u when some app tries to connect to the internet to warn you. And the stupid user's response is usually guided by the tone of the warning. There are millions of users. There are a small, shrinking handful of firewall vendors for MS systems. Dealing with the small group (vendors) will ameliorate the symptoms we are discussing in the large group (users). It's simple return on investment. This happens on Linux too, you can blacklist your apps and notify on calls, thats all it happens. That implies that the user has taken action. I thought were are talking about those that do not customize their firewalls. If the user is stupid and uneducated, no app in this known universe will make it smart. [...] I agree. Stupid is forver. Ignorance, in contrast, can usually be cured. How do you propose to enlighten said end user? -Lars Lars Nooden ([EMAIL PROTECTED]) Software patents harm all Net-based business, write your MEP: http://wwwdb.europarl.eu.int/ep6/owa/p_meps2.repartition?ilg=EN - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [discuss] Concern
> That implies that the user has taken action. I thought were are talking > about those that do not customize their firewalls. > > > If the user is stupid and uneducated, no app in this known universe will > > make it smart. > [...] > > I agree. Stupid is forver. Ignorance, in contrast, can usually be cured. > How do you propose to enlighten said end user? Well I can't really expect to cure all the firewalls on this planet and even less to cure all the users of this planet. I can however create a technote on our site explaining the Issue about it and also push the developers to not do random calls to Sun, I mean one thing is the error report, this is fine because it generally happenes when you are doing the report. The behavior however that I couldn't explain was the one that happens when you start OOo. Since I dont use any firewall I couldn't duplicate it and verify it, but I did know people that duplicate and verify that OOo makes calls to the internet (or scans for it) everytime it gets boot up. This was some time ago (1 year) so I am not sure if we have eliminate this unnecesarry behavior. -- Alexandro Colorado Co-Leader of OpenOffice.org Spanish http://es.openoffice.org/ > -Lars > Lars Nooden ([EMAIL PROTECTED]) > Software patents harm all Net-based business, write your MEP: > http://wwwdb.europarl.eu.int/ep6/owa/p_meps2.repartition?ilg=EN > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [discuss] Concern
Lars D. Noodén wrote: > What is the best way to enlighten the large population of end users that > there are applications that track and report on all their activties and > that OOo is not one of them? > > On Fri, 15 Apr 2005, Alexandro Colorado wrote: > >> How in the world is that the responsability of the Firewall to know? > > The application vendor (OOo) would contact the firewall vendor. > > There are many windows applications and systems that "phone home", (e.g. > WMP, RealPlayer, MS-Explorer, MS-Office 2003), but I assume the firewall > lets that slide or gives a placating warning since there is no mainstream > consumer complaint regarding those applications. That exactly creates a new problem. Malicious software like some Active-X controls are executed in the browser process and then can do evil[TM] things without any notice because the "firewall" only sees the iexplore.exe process contacting something outside, but doesn't give a warning becuase iexplore.exe is thought to be a "good" one. This concept is broken by design. There is no real security without knowledge - that's hard but that's as it is. Moreover, the "firewalls" we are talking about are the so called "Personal Firewalls", I assume, and additionally I assume that our discussion is about the Windows platform. Such a PFW can only give notifications to users, that a certain process tries to establish a conncection to the Internet. They are not able to handle this situation automatically by themselves, so user interaction (and so user knowledge) is needed. But most PFW not even can do *this* reliably. IMHO even none of them can do this because it's so easy for malicious software that already sits on the machine to evade the "firewall", f.e. by just killing it (at the end a PFW is just a program running on the same computer as the attacker, and only a few people work as restricted users on Windows that might enable to protect important processes). But even if a notification is given, it's up to the user to decide wether an action notified by a PFW is a threat or not. If the user is not able to decide this, the PFW is at best useless, but IMHO even worse than this because it leaves the unexperienced users helpless and confused. PFW are just snake oil software, they don't create real security, but annoy users with a lot of messages they don't understand and usually make them panic. A famous german computer security expert has summarized this in a nice statement (translation from german made by me): Working with Personal Firewalls is like having sex with a condome full of holes. It doesn't really help you but it really spoils the fun for you. I think there is nothing that needs to be added to this. :-) Best regards, Mathias -- Mathias Bauer - OpenOffice.org Application Framework Project Lead Please reply to the list only, [EMAIL PROTECTED] is a spam sink. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [discuss] Concern
Hi there! Alexandro Colorado wrote: [... snip ...] The behavior however that I couldn't explain was the one that happens when you start OOo. Since I dont use any firewall I couldn't duplicate it and verify it, but I did know people that duplicate and verify that OOo makes calls to the internet (or scans for it) everytime it gets boot up. This was some time ago (1 year) so I am not sure if we have eliminate this unnecesarry behavior. If I recall it correctly the reason for this was that OOo was just "only!" simply asking the system for it´s hostname on startup. Unfortunatly that system library call in turn on Windows caused the OS to initialize the internet connectivity with the ISP if it was not already online. Users than tought OOo would be trying to send something over the internet, as that was what it looked liked from the messages they got form their firewall, but that was not really true all OOo wanted was to get the hostname from Windows. I would blame it on the OS to not being able to answer that question without also having established a connection to the internet service provider. And YES, this "unnecessary" behavior has been eliminated in OOo a long time ago. -- Alexandro Colorado Co-Leader of OpenOffice.org Spanish http://es.openoffice.org/ Kind regards, Bernd Eilers - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [discuss] Concern
Good to know. Cheers. Mensaje citado por Bernd Eilers <[EMAIL PROTECTED]>: > > Hi there! > > Alexandro Colorado wrote: > > [... snip ...] > > The behavior however that I couldn't explain was the one that happens when > you > > start OOo. Since I dont use any firewall I couldn't duplicate it and verify > it, > > but I did know people that duplicate and verify that OOo makes calls to the > > internet (or scans for it) everytime it gets boot up. This was some time > ago (1 > > year) so I am not sure if we have eliminate this unnecesarry behavior. > > > > If I recall it correctly the reason for this was that OOo was just > "only!" simply asking the system for it´s hostname on startup. > Unfortunatly that system library call in turn on Windows caused the OS > to initialize the internet connectivity with the ISP if it was not > already online. Users than tought OOo would be trying to send something > over the internet, as that was what it looked liked from the messages > they got form their firewall, but that was not really true all OOo > wanted was to get the hostname from Windows. I would blame it on the OS > to not being able to answer that question without also having > established a connection to the internet service provider. > > And YES, this "unnecessary" behavior has been eliminated in OOo a long > time ago. > > > > > -- > > Alexandro Colorado > > Co-Leader of OpenOffice.org Spanish > > http://es.openoffice.org/ > > > > Kind regards, > Bernd Eilers -- Alexandro Colorado Co-Leader of OpenOffice.org Spanish http://es.openoffice.org/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [discuss] Concern
Thanks, Bernd. That clears up a lot to me. Apparently the bug in MS-Windows was being misunderstood by the end user. On Mon, 18 Apr 2005, Bernd Eilers wrote: If I recall it correctly the reason for this was that OOo was just "only!" simply asking the system for it´s hostname on startup. Unfortunatly that system library call in turn on Windows caused the OS to initialize the internet connectivity with the ISP if it was not already online. [...] And YES, this "unnecessary" behavior has been eliminated in OOo a long time ago. Lars Nooden ([EMAIL PROTECTED]) Software patents harm all Net-based business, write your MEP: http://wwwdb.europarl.eu.int/ep6/owa/p_meps2.repartition?ilg=EN - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [discuss] Concern - Solution Time
Before OOo attempts to open a connection, have a clear and concise message appear notifying the user that in-fact, a connection to sun is about ot be established and that their firewall may inform them that they may need to clear security provisions to allow OOo to communicate teh error report, so taht sun can improve the product. Also notify the user that the name of the error report tool is CRASHEPP.EXE(for windows), and that this file will only attempt access afer an OOo crash. If un-usual behavior in the error report tool is noticed, to notify SUN by some means as noted in the error report screen. Hmmm. I hope that helps Rigel --- Lars D. Noodén <[EMAIL PROTECTED]> wrote: > It depends on what warning or error message the firewall is reporting. > > It is a misunderstanding in that there is a world of difference between > monitoring all web activity and reporting a crash. > > I haven't seen OOo crash (have been using 1.1.4 for OS X heavily), so I > can't say what goes on. However, if there isn't already a dialog, then > the crash could spawn a dialog asking the user if it is ok to report the > bug -- before trying to open any ports. > > There are at least two problems. One is the misinterpretation of the bug > report. Another is the spread of misinformation/urban legend. Maybe a > third is the behavior of the crash report. > -Lars > Lars Nooden ([EMAIL PROTECTED]) > Software patents harm all Net-based business, write your MEP: > http://wwwdb.europarl.eu.int/ep6/owa/p_meps2.repartition?ilg=EN > > On Thu, 14 Apr 2005, Alexandro Colorado wrote: > > > This is NOT a missunderstanding OOo DOES look to communicate with Sun > Servers > > and the firewalls do warn the user about it. > > The firewall is doing it's job. > > > > -- > > Alexandro Colorado > > Co-Leader of OpenOffice.org Spanish > > http://es.openoffice.org/ > > > > > > Mensaje citado por "Lars D. Noodén" <[EMAIL PROTECTED]>: > > > >> On Thu, 14 Apr 2005, Alan Madden wrote: > >> [...] > >>> Regardless of whether a program is trustworthy or not, I would not > >>> trust a company/firewall where you could 'buy' a bypass for your > >>> application. > >> > >> Nor do I, but that is my understanding of how these things work. > >> > >>> Ultimately though, the implication of spyware is absolute nonsense. > >>> Not only is it entirely untrue and unfounded; > >> [..] > >> > >> Yes, but the potential for misunderstanding needs to be addressed in a > >> proactive manner. There's also a bit of cognitive dissonance going on as > >> well. MS products have lots of monitoring and backdoor-like behavior. > >> However, the public seems jaded in regards to that. > >> > >> -Lars > >> Lars Nooden ([EMAIL PROTECTED]) > >>Software patents harm all Net-based business, write your MEP: > >>http://wwwdb.europarl.eu.int/ep6/owa/p_meps2.repartition?ilg=EN > >> > >> > >> - > >> To unsubscribe, e-mail: [EMAIL PROTECTED] > >> For additional commands, e-mail: [EMAIL PROTECTED] > >> > >> > > > > > > - > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] __ Post your free ad now! http://personals.yahoo.ca - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
