Tuesday, October 7, 2008
Fun with openSUSE 11.0
Not a single post I make about Ubuntu goes by without at least one of you making some comment about my distro of choice and suggesting that I try some other distro. Well, never let it be said that I don’t listen to you - so this week I decided to take openSUSE 11.0 for a spin. 
I first downloaded the 64-bit LiveCD KDE4 version of openSUSE and took this one for a spin. Unfortunately, I couldn’t get the LiveCD to load either on a physical PC or a virtual PC - each time KWin crashed at startup, threw up an error message and the system locked up. Rather than getting caught up trying to figure out what was wrong I abandoned 64-bit KDE4 and instead sent for the 32-bit GNOME openSUSE LiveCD instead.
Check out the openSUSE 11.0 gallery
After a less than promising start, I was expecting more problems with openSUSE, but the 32-bit GNOME version seemed to play well on both physical and virtual systems, so I stuck with this.
After running Ubuntu for a few months it’s hard not to compare openSUSE to it, and the first thing that struck me was how sluggish running the LiveCD of openSUSE felt compared to all Ubuntu LiveCDs I’ve tried. I even went back to an Ubuntu LiveCD to check out if it was just my memory or whether openSUSE did indeed feel sluggish, and it did. No idea why. However, that said, a LiveCD is a temporary thing so I didn’t dwell on the performance issues of the LiveCD too much and just hoped that an actual installation of openSUSE wouldn’t feel as kludgy.
I first downloaded the 64-bit LiveCD KDE4 version of openSUSE and took this one for a spin. Unfortunately, I couldn’t get the LiveCD to load either on a physical PC or a virtual PC - each time KWin crashed at startup, threw up an error message and the system locked up. Rather than getting caught up trying to figure out what was wrong I abandoned 64-bit KDE4 and instead sent for the 32-bit GNOME openSUSE LiveCD instead.
Check out the openSUSE 11.0 gallery
After a less than promising start, I was expecting more problems with openSUSE, but the 32-bit GNOME version seemed to play well on both physical and virtual systems, so I stuck with this.
After running Ubuntu for a few months it’s hard not to compare openSUSE to it, and the first thing that struck me was how sluggish running the LiveCD of openSUSE felt compared to all Ubuntu LiveCDs I’ve tried. I even went back to an Ubuntu LiveCD to check out if it was just my memory or whether openSUSE did indeed feel sluggish, and it did. No idea why. However, that said, a LiveCD is a temporary thing so I didn’t dwell on the performance issues of the LiveCD too much and just hoped that an actual installation of openSUSE wouldn’t feel as kludgy.
On to the installation.
Installing openSUSE is a snap and I didn’t have any problems. Comparing it to installing Vista or Ubuntu, I’d say that the process is no more complicated, although what I would go as far as to say is that the setup process isn’t as friendly as Ubuntu’s, and it consists of more steps that Vista’s setup process. Given this I’d say that Ubuntu is more friendly to the newbie, but getting openSUSE onto a system shouldn’t be a problem for anyone who has previously installed an OS or a major suite of applications.
Once installed I was pleased to find that openSUSE had picked up the pace quite considerably and the sluggish kludgyness I’d experience with the LiveCD was gone. openSUSE 1.0 was both snappy and responsive, apart from the first time I ran OpenOffice, which caused things to enter that “swimming through molasses” phase and made me wonder more than once whether I’d locked up the system. I hadn’t, and the feeling passed after a few minutes.
So, what do I think of openSUSE?
Overall, I like openSUSE 11.0. After deciding to ignore my troubles with the 64-bit LiveCD KDE4 version of openSUSE and the slowness of the LiveCD, openSUSE certainly seems like a nice, well-rounded OS. Also, while overall I feel that Ubuntu is more newbie friendly, openSUSE starts off by being more pleasing on the eye - the green look (to me at any rate) seems more elegant and less scary.
Then there are the GNOME menus. I have to say that after months of using Ubuntu, I prefer the GNOME menu as seen on openSUSE. Maybe as I use the two distros side by side this feeling will wear off, but right now I prefer openSUSE. Come to that, I think I prefer the entire default openSUSE theme over the Ubuntu one.
I’m told that because of Novell/Microsoft ties, OpenOffice as shipped with openSUSE has more features than the stock OO.o shipped with Ubuntu. I need to investigate this further to have an opinion on the matter (although I can say right away that I don’t have an issue with the politics of this deal …).
I still have a lot of investigating to do, however, in the interim I think that if I had to choose between Ubuntu and openSUSE, Ubuntu would be the winner - familiarity is a key factor.
Things I’ve learned …
A few things I’ve learned, in no particular order …
There are other worthwhile distros apart from Ubuntu.
The more OSes you add to the mix, the harder it becomes to be OS agnostic.
The perfect OS is probably mythical …
Installing openSUSE is a snap and I didn’t have any problems. Comparing it to installing Vista or Ubuntu, I’d say that the process is no more complicated, although what I would go as far as to say is that the setup process isn’t as friendly as Ubuntu’s, and it consists of more steps that Vista’s setup process. Given this I’d say that Ubuntu is more friendly to the newbie, but getting openSUSE onto a system shouldn’t be a problem for anyone who has previously installed an OS or a major suite of applications.
Once installed I was pleased to find that openSUSE had picked up the pace quite considerably and the sluggish kludgyness I’d experience with the LiveCD was gone. openSUSE 1.0 was both snappy and responsive, apart from the first time I ran OpenOffice, which caused things to enter that “swimming through molasses” phase and made me wonder more than once whether I’d locked up the system. I hadn’t, and the feeling passed after a few minutes.
So, what do I think of openSUSE?
Overall, I like openSUSE 11.0. After deciding to ignore my troubles with the 64-bit LiveCD KDE4 version of openSUSE and the slowness of the LiveCD, openSUSE certainly seems like a nice, well-rounded OS. Also, while overall I feel that Ubuntu is more newbie friendly, openSUSE starts off by being more pleasing on the eye - the green look (to me at any rate) seems more elegant and less scary.
Then there are the GNOME menus. I have to say that after months of using Ubuntu, I prefer the GNOME menu as seen on openSUSE. Maybe as I use the two distros side by side this feeling will wear off, but right now I prefer openSUSE. Come to that, I think I prefer the entire default openSUSE theme over the Ubuntu one.
I’m told that because of Novell/Microsoft ties, OpenOffice as shipped with openSUSE has more features than the stock OO.o shipped with Ubuntu. I need to investigate this further to have an opinion on the matter (although I can say right away that I don’t have an issue with the politics of this deal …).
I still have a lot of investigating to do, however, in the interim I think that if I had to choose between Ubuntu and openSUSE, Ubuntu would be the winner - familiarity is a key factor.
Things I’ve learned …
A few things I’ve learned, in no particular order …
There are other worthwhile distros apart from Ubuntu.
The more OSes you add to the mix, the harder it becomes to be OS agnostic.
The perfect OS is probably mythical …
(I refers to Adrian Kingsley-Hughes)
Wednesday, October 1, 2008
Demo exploits posted for unpatched MS Word vulnerability
A security researcher has released demo exploits for what appears to be a critical – unpatched — memory corruption vulnerability affecting the ubiquitous Microsoft Word software program.
The proof-of-concept exploits accompany a warning that the flaw affects Microsoft Office 2000 and Microsoft Office 2003. In addition to the rigged .docs, there are two videos demonstrating an attack scenario that crashes the program.
From the advisory:
An attacker could exploit this issue by enticing a victim to open and interact with malicious Word files.
Successfully exploiting this issue will corrupt memory and crash the application. Given the nature of this issue, attackers may also be able to execute arbitrary code in the context of the currently logged-in user.
Here are the proof-of-concept documents (download and run at your own risk!):
crash-word-1.doc
crash-word-2.doc
crash-word-3.doc
crash-word-4.doc
[ ALSO SEE: Free Sourcefire tool pinpoints hostile MS Office files ]
The SANS Institute issued a warning in its @Risk newsletter, noting that the issue occurs in the way Microsoft Word handles unordered (bulleted) lists.
Successfully exploiting this vulnerability would allow an attacker to execute arbitrary code with the privileges of the current user. Note that, on recent versions of Microsoft Office, Word documents are not opened upon receipt without first prompting the user.
I’ve asked Microsoft for confirmation of this issue and will update this post when I hear from them.
UPDATE: Microsoft e-mailed the following statement on this issue:
Microsoft is investigating new public claims of a possible vulnerability in Microsoft Office. We’re currently unaware of any attacks trying to use the claimed vulnerability or of customer impact. We will take steps to determine how customers can protect themselves should we confirm the vulnerability.
Once we’re done investigating, we will take appropriate action to help protect customers. This may include providing a security update through the monthly release process, an out-of-cycle update or additional guidance to help customers protect themselves.
The proof-of-concept exploits accompany a warning that the flaw affects Microsoft Office 2000 and Microsoft Office 2003. In addition to the rigged .docs, there are two videos demonstrating an attack scenario that crashes the program.
From the advisory:
An attacker could exploit this issue by enticing a victim to open and interact with malicious Word files.
Successfully exploiting this issue will corrupt memory and crash the application. Given the nature of this issue, attackers may also be able to execute arbitrary code in the context of the currently logged-in user.
Here are the proof-of-concept documents (download and run at your own risk!):
crash-word-1.doc
crash-word-2.doc
crash-word-3.doc
crash-word-4.doc
[ ALSO SEE: Free Sourcefire tool pinpoints hostile MS Office files ]
The SANS Institute issued a warning in its @Risk newsletter, noting that the issue occurs in the way Microsoft Word handles unordered (bulleted) lists.
Successfully exploiting this vulnerability would allow an attacker to execute arbitrary code with the privileges of the current user. Note that, on recent versions of Microsoft Office, Word documents are not opened upon receipt without first prompting the user.
I’ve asked Microsoft for confirmation of this issue and will update this post when I hear from them.
UPDATE: Microsoft e-mailed the following statement on this issue:
Microsoft is investigating new public claims of a possible vulnerability in Microsoft Office. We’re currently unaware of any attacks trying to use the claimed vulnerability or of customer impact. We will take steps to determine how customers can protect themselves should we confirm the vulnerability.
Once we’re done investigating, we will take appropriate action to help protect customers. This may include providing a security update through the monthly release process, an out-of-cycle update or additional guidance to help customers protect themselves.
Gauging the ThinkPad: Before (IBM) and after (Lenovo)
Has Lenovo lost whatever mojo the ThinkPad had? That simple question raised a lot of discussion at TechRepublic and it’s worth pondering. The problem: Gauging Lenovo’s performance depends on a lot of anecdotes with few concrete answers.
As background, John Sheesley asked a simple question: Has Lenovo ruined the ThinkPad? John outlined the history–IBM unloaded its PC unit to Lenovo in 2005–and noted that the latest ThinkPads just don’t seem to have the fit and finish as before. The questions about Lenovo have popped up before, but are quite current today since I smoked (literally) three T42s–older ThinkPads–on Thursday. The guts of the laptop started smoking so I have a loaner that will be upgraded to another Lenovo in the next few weeks.
Review: Lenovo ThinkPad X301
The talkbacks were lively and John called shenanigans after a bunch of responses spoke glowingly about Lenovo. He thought he was surrounded by a bunch of Lenovo plants.
Lenovo spokesman Ray Gorman replied:
I believe ThinkPads are just as good as ever and voted accordingly. Although I suspect there are other Lenovo employees who have voted in this forum, I would wager that you have also attracted voters who are employees of our competitors. While in either case, it’s fairly predictable how each would vote, the interesting fact is that there are really only two notebook PC brands that have their own fan forums and passionate enthusiasts. I’m pretty confident declaring that ThinkPad is one of those two.
In many respects, Lenovo isn’t different from any other PC maker–perception is reality. For instance, a lot of folks have had trouble with Dell’s customer service in the last five years. I haven’t had any problems. Obviously, if I get hit with a survey Dell will fare better than someone who was burned.
But the question about ThinkPad quality in the Lenovo era isn’t easy to answer. The data is inconclusive and what you really have is a bunch of folks opining about the ThinkPad when it was part of the IBM empire against the latest from Lenovo.
To settle this score I went to the place that has the most objectivehistorical data I could find: Consumerreports.org, a service I highly recommend. A Consumerreports.org subscription at $26 a year–$19 if you get the magazine–pays for itself many times over.
I perused the Consumer Reports ratings on laptops in articles published in 2004 and 2008. In 2004, the then-IBM ThinkPad did seem to rate higher in the niches covered by Consumer Reports. In a August 2008 story, Lenovo’s ThinkPad X300 scored second to last out of eight laptops in the 13.3-inch model category. Lenovo had second place and fourth place finishes out of five 14.1-inch models evaluated. Among 17 15.4-inch laptops rated, Lenovo had a sixth place finisher (ThinkPad T61), 11th place (ThinkPad R61) and last (IdeaPad).
Bottom line: Your feelings about Lenovo are a crapshoot. Lenovo’s X300 was the second most pricey 13.3-inch laptop behind the MacBook Air, but Consumer Reports dinged it in many areas. But corporate workhorses like the T61 did pretty well in the rankings.
Here’s a look at the 2003 repair history for laptops from Consumer Reports, which published the ratings in September 2004.
And then there’s the repair history for laptops tracked via a Consumer Reports survey from 2003 to 2007. Consumer Reports published it in August 2008.
One notable point: These repair figures are all within a 3 percent margin of error. Is it possible that’s because every PC vendor is outsourcing manufacturing to the same contractor? Nevertheless, Lenovo seems to be carrying the ThinkPad torch at least as well as IBM did.
Thoughts?
Subscribe to:
Posts (Atom)