Re: [users] Dictionaries for v3
Le 02.08.2008 00:43, Guy Voets a écrit : I have the beta-2 on my Mac, and have some 50 dictionaries available - didn't install any. They're the main European languages (English (10 types), Spanish (15+), French, Dutch, Italian, Russian, Swedish, Portuguese, German and Danish). Is the beta-2 for Mac better equipped for spell-checking than the Windows version? In the OOo folder, I find under contents share extension install: dict-de.oxt, dict-en.oxt, dict-fr.oxt, dict-nl.oxt n the Library Application Support OOo-aqua 3 user wordbook I only find a standard.dic So where are the other dictionaries (Spanish, Russian, etc.?) My problem was that the spell checker didn't accept 'skip all' - it stops at every occurrence of a mis-spelled word. I downloaded the m28 today, and there the speller seems to remember to skip when asked to do so. In the Beta 1, I had a copy of the /share/dicts/ooo folder with all the dictionaries in /opt/ooo-dev/basis3.0, don't you have such a folder? Hagar - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[users] Adding Comments: best practice
When I am reading a thread in this forum, I sort by Subject: and read all the new messages in a thread at one time. I find it time consuming to scroll to the bottom of each message, past what I just read, to get to the new comment. Wouldn't it make more sense to add the new message at the top, so you see it immediately? If you have lost track of a thread, you can scroll down only as far as necessary to see what the thread is about. I realize some people like to comment paragraph by paragraph, but that's a pain follow, too, sometimes. I would say it is a better practice to provide a complete, well organized single response because that maintains a single thread. Comments by paragraph can turn into forks and multiple, maybe trivial threads. With comments at the top, it's more like a blog and much more handy and efficient, IMHO. Cheers, John Fistere - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [users] Re: Terrance
On Fri, Aug 1, 2008 at 16:39, Harold Fuchs wrote: There have been apparently reliable reports from others on this list that the terrance account referenced a real person known to the staff at the hospital mentioned below. One of the reasons movies and novelists pay people whose name is the same as a character, is, in the event of a lawsuit, they can point to the real person, from whom they obtained a model release, for the use of the name. It doesn't matter how unusual you think a name is, somebody, somewhere, will have that name. xan jonathon - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[users] Re: Adding Comments: best practice
Note: You have hijacked this thread. To start a new subject post a new message rather than replying to a previous message and changing the subject. John Fistere, 2008/08/02 12:47 AM: When I am reading a thread in this forum, I sort by Subject: and read all the new messages in a thread at one time. I find it time consuming to scroll to the bottom of each message, past what I just read, to get to the new comment. Wouldn't it make more sense to add the new message at the top, so you see it immediately? If you have lost track of a thread, you can scroll down only as far as necessary to see what the thread is about. From the Guidelines for posting on this list: http://www.openoffice.org/ml_guidelines.html Replying When replying to other people it is customary to intersperse your response with their questions, both so you can answer the actual question that was asked, and so everyone else has some idea what you are talking about. It is also customary to limit your quoting to the minimum possible to get your point across. Take the time to be considerate, remember those subscribers who have slow, expensive connections. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [users] Fwd: confirm unsubscribe from users@openoffice.org
On 1 Aug 2008 at 18:59, Mark Knecht wrote: On Fri, Aug 1, 2008 at 6:00 PM, Scott Castaline [EMAIL PROTECTED] wrote: SNIP I had received 244 all postmarked between 10:27 AM to 11:18 AM EDT. Now include all of the additional traffic that these 244 bogus emails generated is another story. And now for the rest of the story. Adding in the additional traffic of 34 messages for a total of 278. Oh one more thing add in for this message giving 279. Good night and may the good news be yours. Get a threaded email client like GMail. Whatever number of messages there were today I hod only 3 threads to delete. No big deal. Heck, I get almost 300 a day on average from the Linux Kernel mailing list so this was just noise... ;-) Cheers, Mark I've had 8 copies of this one so far (msg id [EMAIL PROTECTED]) and 7 of one from NoOp ([EMAIL PROTECTED]) also about Terrance. Nothing else seems to be repeated. Anyone else seeing this? -- Permission for this mail to be processed by any third party in connection with marketing or advertising purposes is hereby explicitly denied. http://www.scottsonline.org.uk lists incoming sites blocked because of spam [EMAIL PROTECTED]Mike Scott, Harlow, Essex, England - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [users] Learning about Open Office
It's useful, but some links will crash(close) firefox and IE. for example, http://plan-b-for-openoffice.org/math/topic/close-formula-document#screencast This site is my favorite: http://plan-b-for-openoffice.org/index I hope this proves helpful Kevin Jones - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [users] Learning about Open Office
2008/8/2 Xiang Liu [EMAIL PROTECTED] It's useful, but some links will crash(close) firefox and IE. for example, http://plan-b-for-openoffice.org/math/topic/close-formula-document#screencast Errrm. On Win XP Pro/SP2 using Firefox 2.0.0.16 no crash from the above site; it seems to work perfectly. -- Harold Fuchs London, England Please reply *only* to users@openoffice.org
Re: [users] Fwd: confirm unsubscribe from users@openoffice.org
mike scott wrote: On 1 Aug 2008 at 18:59, Mark Knecht wrote: Get a threaded email client like GMail. Whatever number of messages there were today I hod only 3 threads to delete. No big deal. Heck, I get almost 300 a day on average from the Linux Kernel mailing list so this was just noise... ;-) Cheers, Mark I've had 8 copies of this one so far (msg id [EMAIL PROTECTED]) and 7 of one from NoOp ([EMAIL PROTECTED]) also about Terrance. Nothing else seems to be repeated. Anyone else seeing this? Yes, I saw the same thing. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[users] Is this guy a moron or what
Who is this crap? Date: Fri, 1 Aug 2008 07:31:12 -0700 From: [EMAIL PROTECTED] To: users@openoffice.org Subject: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: [users] Fwd: confirm unsubscribe from users@openoffice.org Original message follows: Original message follows: Original message follows: Original message follows: Original message follows: Original message follows: Original message follows: Original message follows: Original message follows: Original message follows: Original message follows: Original message follows: Original message follows: Original message follows: Original message follows: Original message follows: Original message follows: Original message follows: Original message follows: Original message follows: Original message follows: Original message follows: Original message follows: Original message follows: Original message follows: Original message follows: Original message follows: Original message follows: Original message follows: Original message follows: Original message follows: Original message follows: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [users] Learning about Open Office
I got an log file. It told me that the java runtime environment is the question. After I updated it from java 6 update 4 to java 6 update 7, it works now. I remember the java 6 update 4 is included in the openoffice 2.4.1. Dear Harold, Thanks for your reply or I would not be able to realize this. BTW, Why there are two same reply address(two lines) in your reply message. This caused that gmail filled the recipient with users@openoffice.org, users@openoffice.org hs_err_pid3952.log # # An unexpected error has been detected by Java Runtime Environment: # # EXCEPTION_ACCESS_VIOLATION (0xc005) at pc=0x0798c77a, pid=3952, tid=3208 # # Java VM: Java HotSpot(TM) Client VM (10.0-b19 mixed mode, sharing windows-x86) # Problematic frame: # V [jvm.dll+0xcc77a] # # If you would like to submit a bug report, please visit: # http://java.sun.com/webapps/bugreport/crash.jsp # --- On Sat, Aug 2, 2008 at 5:26 PM, Harold Fuchs [EMAIL PROTECTED] wrote: 2008/8/2 Xiang Liu [EMAIL PROTECTED] It's useful, but some links will crash(close) firefox and IE. for example, http://plan-b-for-openoffice.org/math/topic/close-formula-document#screencast Errrm. On Win XP Pro/SP2 using Firefox 2.0.0.16 no crash from the above site; it seems to work perfectly. -- Harold Fuchs London, England Please reply *only* to users@openoffice.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [users] Is this guy a moron or what
On Sat, 2 Aug 2008 13:12:26 +0200 Joe Grech [EMAIL PROTECTED] wrote: Who is this crap? Date: Fri, 1 Aug 2008 07:31:12 -0700 From: [EMAIL PROTECTED] To: users@openoffice.org Subject: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: [users] Fwd: confirm unsubscribe from users@openoffice.org Original message follows: Original message follows: Original message follows: Original message follows: Original message follows: Original message follows: Original message follows: Original message follows: Original message follows: Original message follows: Original message follows: Original message follows: Original message follows: Original message follows: Original message follows: Original message follows: Original message follows: Original message follows: Original message follows: Original message follows: Original message follows: Original message follows: Original message follows: Original message follows: Original message follows: Original message follows: Original message follows: Original message follows: Original message follows: Original message follows: Original message follows: Original message follows: [EMAIL PROTECTED] If you had bothered to read the email titled Terrance, you would have seen both an apology and explanation. This was a coding error that was not supposed to have gone out. Unfortunately, they tried to unsubscribe him after about 300 emails. -- -- Jerry Feldman [EMAIL PROTECTED] Boston Linux and Unix PGP key id: 537C5846 PGP Key fingerprint: 3D1B 8377 A3C0 A5F2 ECBB CA3B 4607 4319 537C 5846 signature.asc Description: PGP signature
[users] Re: Terrance
Shaun Langley wrote: Well now the poor old guy we called is going to be really confused. I almost feel bad... 20080801 1426 GMT-6 Yea, but, there is some doctor with the same name. How odd is that! Wade Not that odd, really. I consider using real names for things like that akin to making up an e-mail address without considering whether one such may already (or will in the future) exist. It's unethical and can damage innocent parties. I'm glad they stepped forward with the reason, but I hope there was a lesson learned there, including Murphy's Law and all it can entail. Twayne - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [users] OpenOffice bbs?
I have yet to have my registration to the forums recognized. I am denied entry with verified passwords. Don't tell me to register, I did already, and I replied to the mandatory email. Can anyone tell me how to get INTO the forums? David Teague Harold Fuchs wrote: On 31/07/2008 22:31, Julian wrote: Hello Harold, Hello Julian, Harold Fuchs wrote: On 31/07/2008 18:50, James Knott wrote: John Fistere wrote: While the activity here is great, it is hard to keep up. Is there a bbs type system for OpenOffice that provides for the creation of discussion areas and topics? BBSs are so 20th century. ;-) But the web forum isn't: http://user.services.openoffice.org/en/forum/ ;-) Note that you *must* be registered/subscribed to ask questions or post replies there. Interesting that after I stated something akin to this idea, it seems to have stirred some others to say a similar thing. Sorry but I must have missed your post ... FWIW, the forums under spybot.info run in a very nice way, but only with regard to this one issue. Whenever a thread is considered more relevant to be discussed under a different banner or thread (I call a banner as a specific type of function or feature about the product, or a specific type of situation about the product. The thread is the particular idea presented within the premise of the banner. There may be a more exact and proper set of words than what I have used, but, right now it is the best I can do.), the moderators will do two things: move that thread to another banner; and, announce what has been done. This assures that one does not have to wade through as much all the time. I'm not at all sure I understand what you are getting at here. As far as I know if someone posts a message, be it question or answer, in the relevant section of the forum it won't get moved by the moderators. Their forum does not allow for dissemination of messages from within the forums, so one must go to the site. Also, it is not easy tracking down a particular thread. As I said, this part is not germane to our discussion; it is just good to know. You must go to the site to ask and answer questions but if you ask a question, and if you configured your profile correctly, you will be notified automatically when there is a reply. I think the real question being asked, is, Does the E-Mail list program/package, being used to have this discussion, have the tools to allow the owner or moderators to effect things as queried? For example, after someone might have first stated that query about macros and electronic spreadsheets, could further discussion have been moved to a Spreadsheets header? Within an e-mail discussion the way this gets done is to alter the Subject. There was a debate here a while ago about how the mail program should handle this. Seems some programs just display the new Subject header but don't break the thread (which is controlled by a In reply to header) whereas other programs group messages into conversations using the Subject header. But moving a discussion might not be considered polite as interested onlookers (listeners?) might lose track of it. It was generally agreed that the only reasons for changing the Subject header is (a) if the original is totally meaningless like the Moderated that so often appears in this list or (b) if the conversation has gone so far off the original topic as to warrant a change. Keep in mind that the principle reason any of us would like such a thing is because there are so many versions of OO and so many uses and abilities for and of OO that one never knows whether what is being received is real messages or spam postings, because of the sheer number of postings received. I'm not sure what it is any of you would like Thanks for putting up with my rant. As a frequent ranter myself, I like rants ;-) Regards, Julian. Regards, Harold - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[users] Re: Re: Terrance
On 1 Aug 2008 at 12:17, Jason Hunter wrote: The terrance account was designed to silently listen to the mailing list in order to produce an archive record for markmail.org. The account was not designed to send email. The only time it is allowed to send email is to (a) confirm its subscription and (b) confirm its unsubscription. Mr. Hunter, There have been apparently reliable reports from others on this list that the terrance account referenced a real person known to the staff at the hospital mentioned below. Further reports indicate that the hospital was contacted and the staff there said they would contact Mr. Carver. My quick search did not come up with a match to that. But more importantly, whoever did dig up the information did themselves a huge disfavor because they had NO knowledge that it was connected to the spam; it was simply assumed. The ONLY correct way to identify the source of a spam is by parsing the headers! Then and only then, if it can be determined they were NOT forged, can such a thing be linked to any living ISP, let alone a person or an organization! Only a namesearch could have come up with the reports that magically appeared; I watched this thread because it was interesting and I never did see anything that connected the name with the spam. IF I'M WRONG, CHARGE ME SO AND SHOW ME WHERE IT HAPPENED and I will sincerely, profusely apologize to that person, but I am pretty sure I am NOT wrong. NEVER, EVER use a namesearch lookup to match anything to a spam! And finally, whether a name seems to be unique or not, one can never assume that. Names such as that are often a chain of Jr, II, III, etc., and historical alternative spellings. You just can't assume a name doesn't today or won't tomorrow, exist. The opportunity to find an innocent party is just too great. IMO Project something at something makes a lot better name for something like what went through here. Hopefully more t han one person has learned something from this thread. Twayne === Begin quote #1 === Some more information about our friend: Terrance Melton Carver CEO, Rockingham Memorial Hospital (http://www.rmhonline.com/) Harrisonburg, VA 22801 Previous Cities: Manassas, VA | Arlington, VA | Vienna, VA | Fairfax, VA Relatives: Debra L Carver | Terry L Carver === End quote #1 === === Begin quote #2 === I spoke to the Administrations office about this issue at the hospital and they said they would contact him. I have also forwarded one of the longer messages on to them to see what a problem it is. === End quote #2 === These quotes can be found in the official archive of this list and, presumably, in your archive of it also. Are these reports correct? If so then it seems to me you owe him at least an apology. If the reports are not true, how did his name get traced from his e-mail address? Or was it *really* a coincidence that you chose a name that turned out to belong to a real person? It's not exactly a common name ... - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[users] Forum access gramted
Please ignore my impolite and insistent inquiry about access to the forum. It was MY fault. I was allowing my Firefox to autofill my email address instead of the user name, and the web site properly didn't like that. Please accept my apology. (No replies are necessary. I feel pretty dumb.) David Teague - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[users] EvilGrade Exploit tool kit alleges it attacks OO.o installer
This is a very brief summary from this web site http://blogs.pcmag.com/securitywatch/2008/07/evilgrade_exploit_toolkit_atta.php The article says the EvilGrade Exploit tool kit is able to attack systems using the man in the middle, attacking through the installation mechanism. The attacker specifically mentions OO.o in the kit ReadMe. Is it possible to get OO.o installers that are digitally signed? I think I saw that checksums are available for the installation files. Is this sufficient to ward off such attacks? David Teague - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [users] EvilGrade Exploit tool kit alleges it attacks OO.o installer
On Saturday 02 August 2008 17:49:40 David B Teague wrote: This is a very brief summary from this web site http://blogs.pcmag.com/securitywatch/2008/07/evilgrade_exploit_toolkit_atta .php The article says the EvilGrade Exploit tool kit is able to attack systems using the man in the middle, attacking through the installation mechanism. It actually says updates not installation (my stars): quote infecting systems through the **update** mechanism, according to a ZDNet blog. The attackers claim, in the Readme for the kit, to have modules implemented to attack the following product **updates** /quote The attacker specifically mentions OO.o in the kit ReadMe. No, it says:OpenOffices This is not the correct name of this program (or site) and OOo does not have updates as such. I doubt they have achieved what they claim, tho' that doesn't mean that we can all be complacent. Lisi - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [users] EvilGrade Exploit tool kit alleges it attacks OO.o installer
Lisi Reisz wrote: On Saturday 02 August 2008 17:49:40 David B Teague wrote: This is a very brief summary from this web site http://blogs.pcmag.com/securitywatch/2008/07/evilgrade_exploit_toolkit_atta .php The article says the EvilGrade Exploit tool kit is able to attack systems using the man in the middle, attacking through the installation mechanism. It actually says updates not installation (my stars): quote infecting systems through the **update** mechanism, according to a ZDNet blog. The attackers claim, in the Readme for the kit, to have modules implemented to attack the following product **updates** /quote The attacker specifically mentions OO.o in the kit ReadMe. No, it says:OpenOffices This is not the correct name of this program (or site) and OOo does not have updates as such. I doubt they have achieved what they claim, tho' that doesn't mean that we can all be complacent. OK, they committed a spelling error, but if they HAVE compromised OpenOffice.org as I think they are suggesting, the spelling error in their ReadMe will not make any difference at all. We will have given them access to our systems through the installer. I do not pretend to understand all this, but I do understand the idea of threat. At present, to update OO.o, I download a Windows installation file, and run it. I don't see any mechanism for signature or do I see easy access to checksums. I assure you in the future, I will be looking for checksums. I would prefer have digital signatures for installation files. If checksums will assure me no one has fiddled with the installer, I'll gladly go through the process of confirming check sums. Now, would someone answer my questions? Is Lisi is right, there is no danger because of the difference between updates and installers? Is there any intent to introduce digital signatures? Do checksums do the same thing as digital signatures? David Teague - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [users] OpenOffice bbs?
On 02/08/2008 17:26, David B Teague wrote: I have yet to have my registration to the forums recognized. I am denied entry with verified passwords. Don't tell me to register, I did already, and I replied to the mandatory email. Can anyone tell me how to get INTO the forums? David Teague Please be aware that this mail list has absolutely nothing to do with the forums. It is possible that someone with admin rights in the forums is seeing your pleas for help but, other than that, subscribers to this list can't help. I really think your only alternative is to create a new e-mail address - possibly a free one at e.g. gmail - and try to register it. -- Harold Fuchs London, England Please reply *only* to users@openoffice.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [users] EvilGrade Exploit tool kit alleges it attacks OO.o installer
David B Teague wrote: Lisi Reisz wrote: On Saturday 02 August 2008 17:49:40 David B Teague wrote: This is a very brief summary from this web site http://blogs.pcmag.com/securitywatch/2008/07/evilgrade_exploit_toolkit_atta .php The article says the EvilGrade Exploit tool kit is able to attack systems using the man in the middle, attacking through the installation mechanism. It actually says updates not installation (my stars): quote infecting systems through the **update** mechanism, according to a ZDNet blog. The attackers claim, in the Readme for the kit, to have modules implemented to attack the following product **updates** /quote The attacker specifically mentions OO.o in the kit ReadMe. No, it says:OpenOffices This is not the correct name of this program (or site) and OOo does not have updates as such. I doubt they have achieved what they claim, tho' that doesn't mean that we can all be complacent. OK, they committed a spelling error, but if they HAVE compromised OpenOffice.org as I think they are suggesting, the spelling error in their ReadMe will not make any difference at all. We will have given them access to our systems through the installer. I do not pretend to understand all this, but I do understand the idea of threat. At present, to update OO.o, I download a Windows installation file, and run it. I don't see any mechanism for signature or do I see easy access to checksums. I assure you in the future, I will be looking for checksums. I would prefer have digital signatures for installation files. If checksums will assure me no one has fiddled with the installer, I'll gladly go through the process of confirming check sums. Now, would someone answer my questions? Is Lisi is right, there is no danger because of the difference between updates and installers? Is there any intent to introduce digital signatures? Do checksums do the same thing as digital signatures? David Teague - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] As far as checksums go I believe the move is to sha1sum in place of md5sum (that 's the number one in sha1sum). The explanation that I got was that the process of generating md5sum has been cracked and therfore allowing someone to forge a md5sum generated checksum. Making sha1sum a more secure method. This is what I found on the Fedora site back on FC7 or FC6 they discontinued using md5sum. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [users] EvilGrade Exploit tool kit alleges it attacks OO.o installer
On Saturday 02 August 2008 18:42:30 Scott Castaline wrote: Is Lisi is right, there is no danger because of the difference between updates and installers? I didn't say no danger, in fact I strongly implied otherwise, and I always check files for integrity before I use them. I would never say no danger in any context. To repeat what I said: I doubt they have achieved what they claim, tho' that doesn't mean that we can all be complacent. But to be a real threat, someone would need to be able to spell and know the difference between update and install. So I don't take this particular threat very seriously. Lisi - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [users] Re: Re: Terrance
what the hell are you talking about you sent to the wrong person ;I am a police officer
Re: [users] Re: Re: Terrance
wgallagher1 wrote: what the hell are you talking about you sent to the wrong person ;I am a police officer What does that have to do with this discussion? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [users] EvilGrade Exploit tool kit alleges it attacks OO.o installer
On 02/08/2008 18:23, David B Teague wrote: Lisi Reisz wrote: On Saturday 02 August 2008 17:49:40 David B Teague wrote: This is a very brief summary from this web site http://blogs.pcmag.com/securitywatch/2008/07/evilgrade_exploit_toolkit_atta .php The article says the EvilGrade Exploit tool kit is able to attack systems using the man in the middle, attacking through the installation mechanism. It actually says updates not installation (my stars): quote infecting systems through the **update** mechanism, according to a ZDNet blog. The attackers claim, in the Readme for the kit, to have modules implemented to attack the following product **updates** /quote The attacker specifically mentions OO.o in the kit ReadMe. No, it says:OpenOffices This is not the correct name of this program (or site) and OOo does not have updates as such. I doubt they have achieved what they claim, tho' that doesn't mean that we can all be complacent. OK, they committed a spelling error, but if they HAVE compromised OpenOffice.org as I think they are suggesting, the spelling error in their ReadMe will not make any difference at all. We will have given them access to our systems through the installer. I do not pretend to understand all this, but I do understand the idea of threat. At present, to update OO.o, I download a Windows installation file, and run it. I don't see any mechanism for signature or do I see easy access to checksums. I assure you in the future, I will be looking for checksums. I would prefer have digital signatures for installation files. If checksums will assure me no one has fiddled with the installer, I'll gladly go through the process of confirming check sums. Now, would someone answer my questions? Is Lisi is right, there is no danger because of the difference between updates and installers? Is there any intent to introduce digital signatures? Do checksums do the same thing as digital signatures? David Teague The attack described relies on a live update mechanism in which the current version of the software (OOo, iTunes, Adobe Acrobat, whatever) installed on your computer automatically goes to a server somewhere, decides there is a new version of itself and automatically (possibly with your permission) downloads and runs the appropriate file(s). Given such a mechanism, the attack works by diverting the software to the attacker's server and persuading it to download and run the file(s) from there. Note that Windows Update works like this and is therefore possibly vulnerable to the attack described. I *think* the same is true of many Linux package managers. Not at all sure about Macs but I wouldn't be surprised given how iTunes works in this regard. There are two ways to protect against this. The simplest is to have the software check that the server it is actually connected to is the server to which it should be connected. Reverse DNS is at least a partial solution here although even that can be compromised, albeit with much greater difficulty. The other way is via digital signature. The software would have the relevant public key securely available to it together with the mechanism to check the digital signature(s) of the file(s) it wants to download. MD5 wouldn't be useful here. Nor would any other hash algorithm. The problem with digital signatures is that the software is not readily available in all the countries in which OOo is used and there would be quite serious legal problems providing it. OOo, on Windows at least, has a live mechanism built in although I never use it. Instead I always go directly to the OOo web site, download the new version and run it by hand. In this case the attack described can't work because I'm getting the file from the right place. Also in this case MD5 is perfectly adequate providing the OOo web site hasn't been hacked. If an attacker can plant his file (and therefore his version of the checksum) on the OOo web site then no checksum algorithm is going to help. In this case the only way is via a digital signature providing that the place from where you get OOo's public key hasn't been compromised. If you were to get and believe the attacker's version of OOo's public key then all would be lost. This then raises the whole set of issues surrounding PKI (Public Key Infrastructure) schemes and that's just too OT to go into here. -- Harold Fuchs London, England Please reply *only* to users@openoffice.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [users] Learning about Open Office
On 02/08/2008 13:01, Xiang Liu wrote: BTW, Why there are two same reply address(two lines) in your reply message. This caused that gmail filled the recipient with users@openoffice.org, users@openoffice.org Sorry but I have no idea. If I look at the headers of the message I sent there is only one Reply-To line. Does the same thing happen on this message? -- Harold Fuchs London, England Please reply *only* to users@openoffice.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [users] Learning about Open Office
Harold Fuchs wrote the following on 8/2/2008 1:40 PM: On 02/08/2008 13:01, Xiang Liu wrote: BTW, Why there are two same reply address(two lines) in your reply message. This caused that gmail filled the recipient with users@openoffice.org, users@openoffice.org Sorry but I have no idea. If I look at the headers of the message I sent there is only one Reply-To line. Does the same thing happen on this message? Harold, You do have a double reply-to in your headers, but when I reply to you from Thunderbird I don't have the double entry like Xiang does. The following is part of the header from your email. snip X-Account-Key: account2 X-UIDL: 96a343c41e3d X-Mozilla-Status: 0011 X-Mozilla-Status2: X-Mozilla-Keys: Return-Path: [EMAIL PROTECTED] X-Spam-Country: US X-Spam-Checker-Version: SpamAssassin 3.2.5-spamtrapper (2008-06-10) on st-c.montana.com X-Spam-Level: X-Spam-Status: No, score=-2.7 required=8.0 tests=AWL,BAYES_00,J_CHICKENPOX_73, RCVD_IN_DNSWL_LOW autolearn=ham version=3.2.5-spamtrapper Received: from openoffice.org (s006.sjc.collab.net [204.16.104.2]) by dane.montana.com (8.13.8/8.12.11) with SMTP id m72Jl66s023959 for [EMAIL PROTECTED]; Sat, 2 Aug 2008 13:47:07 -0600 Received: (qmail 25999 invoked by uid 5000); 2 Aug 2008 19:40:27 - Mailing-List: contact [EMAIL PROTECTED]; run by ezmlm Precedence: bulk X-No-Archive: yes list-help: mailto:[EMAIL PROTECTED] list-unsubscribe: mailto:[EMAIL PROTECTED] list-post: mailto:users@openoffice.org Reply-To: users@openoffice.org Delivered-To: mailing list users@openoffice.org Received: (qmail 25982 invoked from network); 2 Aug 2008 19:40:26 - X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AiABAO9UlEhA6ba9lGdsb2JhbACRAT4BAQEBCQMKBxEDl0CEZg X-IronPort-AV: E=Sophos;i=4.31,297,1215414000; d=scan'208;a=14880401 X-IRONPORT: SCANNED DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:reply-to :user-agent:mime-version:to:subject:references:in-reply-to :content-type:content-transfer-encoding; bh=DdTeV2mXyWGUJVOAZATwfAK1VI4/mu3fzQ+cPTUIfzA=; b=qNKLZRmu0gfeDoPUq9tm59OuugKjVpfYEm0O9YsO88Gq25ITb20bjHiJb0pnms1zOz 7WSr/BYSa0MGZ0pF1iHD42lPFScNlKZF3/jvQoHCKj6cNiD4TMnh6SALhH9D3r6wvQjD TeG/NJCFf2HMfpTfb9effPec/eC1PHvN8rc9A= DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=message-id:date:from:reply-to:user-agent:mime-version:to:subject :references:in-reply-to:content-type:content-transfer-encoding; b=FpPW0HuWCHyxL22+iuoxMoKEZ8ETRDUC85jpke3EyRaCo/ro9U0K5wby7pq0Q0IKCL wdYJuOz4oIAU5SASkaLcdFu7974WF+6p7fAGc2zApnvXLvmogOMU2DIDQbhBuwm0zW2H nPm10PYGUm/gCHx0VdPb5JKpDo9Py/lStW024= Message-ID: [EMAIL PROTECTED] Date: Sat, 02 Aug 2008 20:40:17 +0100 From: Harold Fuchs [EMAIL PROTECTED] Reply-To: users@openoffice.org User-Agent: Thunderbird 2.0.0.16 (Windows/20080708) MIME-Version: 1.0 To: users@openoffice.org snip -- Jack - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [users] Re: What to do about Terrance
2008/8/2 NoOp [EMAIL PROTECTED]: On 08/01/2008 08:35 AM, Dotan Cohen wrote: Some more information about our friend: Terrance Melton Carver CEO, Rockingham Memorial Hospital (http://www.rmhonline.com/) Harrisonburg, VA 22801 Previous Cities: Manassas, VA | Arlington, VA | Vienna, VA | Fairfax, VA Relatives: Debra L Carver | Terry L Carver I could go on. Let's all be glad that you didn't... What proof do/did you have that this is the owner of [EMAIL PROTECTED] It is a rather unique name, nothing other than that. My own name belongs to 41 other people, so the term 'unique' is relative. I should note that when I spoke to the secretary at the Rockingham Memorial Hospital, I was very pleasant and not aggressive. My intention was to inform Terrance, in a friendly manner, how to confirm the unsubscribe request. We are all representing OOo from Terrance's standpoint, and I don't ever forget that. -- Dotan Cohen http://what-is-what.com http://gibberish.co.il א-ב-ג-ד-ה-ו-ז-ח-ט-י-ך-כ-ל-ם-מ-ן-נ-ס-ע-ף-פ-ץ-צ-ק-ר-ש-ת A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing?
Re: [users] EvilGrade Exploit tool kit alleges it attacks OO.o installer
On Sat, Aug 2, 2008 at 12:35, Harold Fuchs wrote: The problem with digital signatures is that the software is not readily available in all the countries in which OOo is used and there would be quite serious legal problems providing it. Since the use of digital signatures is not illegal in the country that OOo is distributed from, there shouldn't be any legal issues in providing a digital signature of OOo builds that are released. That does not negate the issue in countries in which digital signatures are not legal. However, failing to provide a method that ensures the integrity of software, becuse a some countries have publicly declared that they not only are not worthy of trust, but have a complete lack of integrity, is irresponsible. xan jonathon - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [users] Re: What to do about Terrance
Just filter the address to trash. Done and gone. No need for the drama, or waste of time and energy. Bob On Sat, Aug 2, 2008 at 12:37 PM, Dotan Cohen [EMAIL PROTECTED] wrote: 2008/8/2 NoOp [EMAIL PROTECTED]: On 08/01/2008 08:35 AM, Dotan Cohen wrote: Some more information about our friend: Terrance Melton Carver CEO, Rockingham Memorial Hospital (http://www.rmhonline.com/) Harrisonburg, VA 22801 Previous Cities: Manassas, VA | Arlington, VA | Vienna, VA | Fairfax, VA Relatives: Debra L Carver | Terry L Carver I could go on. Let's all be glad that you didn't... What proof do/did you have that this is the owner of [EMAIL PROTECTED] It is a rather unique name, nothing other than that. My own name belongs to 41 other people, so the term 'unique' is relative. I should note that when I spoke to the secretary at the Rockingham Memorial Hospital, I was very pleasant and not aggressive. My intention was to inform Terrance, in a friendly manner, how to confirm the unsubscribe request. We are all representing OOo from Terrance's standpoint, and I don't ever forget that. -- Dotan Cohen http://what-is-what.com http://gibberish.co.il א-ב-ג-ד-ה-ו-ז-ח-ט-י-ך-כ-ל-ם-מ-ן-נ-ס-ע-ף-פ-ץ-צ-ק-ר-ש-ת A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing?
[users] Re: EvilGrade Exploit tool kit alleges it attacks OO.o installer
On Saturday 02 August 2008 17:49:40 David B Teague wrote: This is a very brief summary from this web site http://blogs.pcmag.com/securitywatch/2008/07/evilgrade_exploit_toolkit_atta .php The article says the EvilGrade Exploit tool kit is able to attack systems using the man in the middle, attacking through the installation mechanism. It actually says updates not installation (my stars): quote infecting systems through the **update** mechanism, according to a ZDNet blog. The attackers claim, in the Readme for the kit, to have modules implemented to attack the following product **updates** /quote The attacker specifically mentions OO.o in the kit ReadMe. No, it says:OpenOffices This is not the correct name of this program (or site) and OOo does not have updates as such. I doubt they have achieved what they claim, tho' that doesn't mean that we can all be complacent. Lisi Glad you posted that before I got to it. Gads, don't you hate it when people give misinformation? Sometimes it's harlmess but other times it can make a world of difference. ZDNet blogs also aren't quite bibles either, so ... mileage will definietly vary. Wait until the knee has jerked, THEN see what was said. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[users] Re: EvilGrade Exploit tool kit alleges it attacks OO.o installer
Lisi Reisz wrote: On Saturday 02 August 2008 17:49:40 David B Teague wrote: This is a very brief summary from this web site http://blogs.pcmag.com/securitywatch/2008/07/evilgrade_exploit_toolkit_atta .php The article says the EvilGrade Exploit tool kit is able to attack systems using the man in the middle, attacking through the installation mechanism. It actually says updates not installation (my stars): quote infecting systems through the **update** mechanism, according to a ZDNet blog. The attackers claim, in the Readme for the kit, to have modules implemented to attack the following product **updates** /quote The attacker specifically mentions OO.o in the kit ReadMe. No, it says:OpenOffices This is not the correct name of this program (or site) and OOo does not have updates as such. I doubt they have achieved what they claim, tho' that doesn't mean that we can all be complacent. OK, they committed a spelling error, but if they HAVE compromised OpenOffice.org as I think they are suggesting, the spelling error in their ReadMe will not make any difference at all. We will have given them access to our systems through the installer. I do not pretend to understand all this, but I do understand the idea of threat. At present, to update OO.o, I download a Windows installation file, and run it. I don't see any mechanism for signature or do I see easy access to checksums. I assure you in the future, I will be looking for checksums. I would prefer have digital signatures for installation files. If checksums will assure me no one has fiddled with the installer, I'll gladly go through the process of confirming check sums. Now, would someone answer my questions? Is Lisi is right, there is no danger because of the difference between updates and installers? He did NOT say there was no danger. He did alude that HE is not too worried. He also said we can NOT be complacent about it. Get your quotes straight; this thread is one piece of misinformation after another! Is there any intent to introduce digital signatures? No idea; I'm just a user. Do checksums do the same thing as digital signatures? No, they are not the same thing in any way. Apples and oranges; they do not do the same thing. Using one does not negate using the other. One being OK has nothing to do with whether the other will get the same result. A signature is nothing more than having some company vouch for you in verifiable ways, that you are who you say you are. A checksum is simply a calculated number for code which can be checked after transport to see if the sum has remained identical to what was used as a source. They ARE the same in that, if you allow automagical operation, they can easily be forged to be what you want/expect to see. However, as long as you get the checksum (hash) from OO.o, and you use a legitimate hasher, there is a good chance you will discover anything untoward. In addition to that, I always check the MD5 or whatever is offered, simply to assure myself that I did not get a brokendownload where a bit or two slipped out into the ether. Whenever the sums are offered IMO, it makes sense to use them. Finally, I'm not aware that there is an auto-update mechanism in OO.o. And installing ANYTHING over the web is verboten on my equipment: It goes to disk where I can check/see it, or it doesn't go on. Hopefully, anyway. But like I said, I don't recall and update mechanism; If it's there I missed it some how, but I don't think it's there. Even with MS, who claims such things can't happen (famous last words), I do not allow them to do anything automagically. Instead it's set so that it notifies the they are available, I download them, and then I Custom Install them so that 1. I know what's being installed, and 2. I can tell things like SilverLight et al where to go, which is anywhere but on my drives. If one manually downloads directly from THE source, and keeps a reasonable eye on what's going on in their browser status window etc., and checks the sums, one has probably done a fair job of due diligence to see that his download was safe and what was offered. OTOH allowing automagic anything, IMO, is an invitation to a good screwing sooner or later. I do what I can to be as sure as I can that it will always be in a later category; NO auto-magic anythings. Do something covertly and/or automagically on my machine and you may never see me again unless it was my own laziness or lack of diligence that caused it. My 2 ¢ anyway, Twayne David Teague - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[users] Re: Re: Re: Terrance
what the hell are you talking about you sent to the wrong person ;I am a police officer I responded to a post; just learn to read the quote and what was there. Personally I don't care whether you're a cop or a pervert or both. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[users] Re: EvilGrade Exploit tool kit alleges it attacks OO.o installer
On 08/02/2008 03:56 PM, jonathon wrote: On Sat, Aug 2, 2008 at 12:35, Harold Fuchs wrote: The problem with digital signatures is that the software is not readily available in all the countries in which OOo is used and there would be quite serious legal problems providing it. Since the use of digital signatures is not illegal in the country that OOo is distributed from, there shouldn't be any legal issues in providing a digital signature of OOo builds that are released. That does not negate the issue in countries in which digital signatures are not legal. However, failing to provide a method that ensures the integrity of software, becuse a some countries have publicly declared that they not only are not worthy of trust, but have a complete lack of integrity, is irresponsible. xan jonathon I believe that there are several issues filed regarding this the subject comes up on the general dev lists. I can't recall what the problem is, but seem to recall that it may be an issue with certificate on the mirrors. Sun do provide digitally signed files (for those that want them) for StarOffice - the the files are only available from their servers. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
