smashedbug.com, tech music and geek news

On eWeek’s website, there is a review: Office 2003 vs. OpenOffice.Org.

What is this article all about? It is from the perspective of Ed Benincasa, VP of MIS at FN Manufacturing Inc. in Columbia, S.C. The company is using Microsoft Office 97 and Office 2000 on 300+ desktops and Microsoft no longer distributes new licenses for these older versions and as a result, is forcing FN Manufacturing to upgrade to Office 2003.

“Office 97 does everything we want it to do, and we would stay on that suite if we could. It pains me to have to spend money for features and functions most of my end users won’t even begin to need.”

So how does OpenOffice.org stack up to Microsoft Office 2003? Lets take a look:

Word Processing: Writer vs Word
Moving from Word to Writer was not difficult. Writer was “familiar” and “very easy to perform the standard basic tasks”. Additionals such as PDF export and word-complete were seen as a plus as well as integration between various components. I’m surprised they didn’t mention OOo’s extensive use of styles.

Spreadsheets: Calc vs Excel
“There was not much difference between Office 2000, OpenOffice.org and Office 2003 for my use”, “similar to Excel, and it would be easy to learn the slight differences.”. Calc overall seemed to be the least capable as a drop-in-replacement for the Office equivilant as many spreadsheets used in business utilize the macro language which is incompatible. In addition, certain advanced data analysis tools are not as refined on Calc as of v1.1.1.

Presentation: Impress vs. PowerPoint
Move to either PowerPoint 2003 or Impress would require significant training. Certain transitions and 3D text were not compatible (in both directions). However, Philippe Nemery, IT manager at FN’s parent company said he *prefers* Impress’s application organization when compared to PowerPoint 2003.

The bottom line: OpenOffice.org is currently at v1.1.1 .. the second point release and first major release of the suite. The fact that it can even be compared toe to toe with Office 2003, the 11th version of a suite that has dominated for over the last decade and has had input from millions of users and developers is truly amazing.

What is very cool about the OOo is the future is very bright. OOo v2, expected early 2005, will tout a modern interface, additional wizards, improved advanced features, increased performance and undoubtedly, even better file format compatibility with Microsoft Office.

Month of drive crashes? Perhaps?

During the month of April, I had two of my hard drives fail on me, a friend had two of his destoryed (along with other components of his system), my mother’s brand new laptop had a hard drive failure within the first 2 weeks and an associate had a drive fail.

All told, this amounted to 560GB of storage space wiped and perhaps around half of that being data. Needless to say, data was lost. In all but one case, the drive simply stopped working — no warning, no indicators, nothing.

While this struck me as very odd, considering that I never had witness more than perhaps one drive die in a month (generally 1 or 2 a year, tops) it did bring to light several red flags in backup strategy that I would like to share:

#1 — maintain a separate backup from your main system

In one of the failures, both drives died in the same system with what appeared to be caused by a power supply failure. As a result, certain “backups” such as RAID 1 or simply syncing two drives on a schedule would not suffice in a similar power spike situation, virus situation, intrusion, etc.

#2 — Backup drive failed? Replace IMMEDIATELY!

In my particular situation, I have two systems which sync important data on a nightly basis. My older system’s drive failed a few weeks ago and I didn’t get around to replacing that drive until last Friday. Unfortunately my main drive failed Friday morning and with it went much of my recent important data.

Needless to say, if your backup fails, address this issue IMMEDIATELY! Don’t try to play odds like I did “well my main drive is less than a year old.. its ok to wait a few weeks for a good deal..”

Best Practices..

So what is the best idea? I tend to like the following setup:

Some type of RAID setup .. no we are not talking RAID 0, but rather RAID 1 and higher. This will allow for a drive to fail but not require a restore from a static snapshot (ie tape, CDs, other backup device). However as already mentioned, this should not be th end-all in your backup strategy! In addition to a RAID setup (or if you opt not to have RAID) there should be some type of out-of-computer backup procedure. This might include CD-RW, DVD+RW, Tape, Removable hard disk or other backup medium.

In addition to backing up documents, there may be some consideration as to how long it takes to get back up and running in case of a failure. While I was backing up documents, I didn’t take into consideration system configuration files, compiled binaries and other important pieces required to get my FreeBSD system up and running 100%.

In the case of my FreeBSD system, I am working on a backup method that will include core system configuration files (ie the /etc, /usr/local/etc folders), logs and custom packages of applications I install. Theoretically I should be able to install a base system in 10 minutes, copy over my backed up configuration files and have it reinstall all my custom packages to hopefully get back up and running full speed within an hour of a total system failure. Will it work? We’ll find out. I plan on getting a spare hard drive to run the test to determine the validity of my backup strategy (which will most likely back up important documents & configurations to CD-RW and the less important data to a secondary hard drive, located in a seprate system).

Assume your entire computer is inaccessible and everything was destoryed/stolen/etc.. Is your backup strategy suffice to keep you afloat?

Multimedia editing applications for Linux have been on a steady increase in both quanity, capability and usability. Here is a list of some multimedia editing apps for Linux:

Cinelerra - video & audio capturing, compositing and editing. Designed primarily for professional use, similar to Adobe Premiere.

Interesting features:

• Renderfarm capability - have multiple systems rendering the final video
• 6 channel audio for surround sound effects - supports mp3, ogg, CD ripping and more.
• Built in audio effects (reverb, pitch shift, synthesis, EQ, delay, etc..)
• Unlimited tracks
• Batch rendering & capturing
• Active development & user communities

Kino - Non-linear DV editor.

Features:

• Excellent IEEE-1394 Integration (capture, control and recording)
• RawDV & AVI format support
• Frame-accurate navigation/scrubbing
• Video & Audio filters, transitions, effects

KDEnLive - Non Linear Video Editing Suite - DV quality editing, dual video monitors, support for external effects, built in capture, built on Piave. [Screenshot]

Commercial Offerings:
MainActor
SoftImage 3D - 3D Editing Suite
Alias Maya- 3D Editing Suite

In addition there are plugins such as EffectTV, a realtime effects engine that includes 32 effects.

According to Steve Ballmer, CEO of Microsoft — Microsoft’s top priority is security … well umm.. atleast thats what he says when talking to Department of Homeland Security Secretary, Tom Ridge and other government officials. heh..

Ballmer claims that a “significant percentage” of Microsoft’s R&D investment is dedicated to developing technology to combat security problems.

So what are some of the wonders that these millions (billions?) is bringing to the Windows security front?

Well .. a new Windows XP service pack will have a firewall .. well of course, as most of you know, Windows XP already has a firewall, but this time around, the firewall will be defaulted to “on” .. hah.. Taking a quick peak at Linux, OpenBSD, etc.. you know what? standard practice for years.

Ballmer pointed out an automatic pop-up blocker for Internet Explorer — yet again, something that has been in Mozilla for a very long time — however, how this relates to security, I am dumbfounded.

A Windows security center is in the works that notifies users about security risks. Hmm.. yet again, Linux, FreeBSD and other FOSS has had bugtrack, security bulletins, mailing lists, auto updates, cvsup and other methods to get security updates out and installed in a timely manner.

Microsoft says for corporate customers, they are developing a stronger firewall as well as technology to block malicious e-mail and junk mail. Yet again, OpenBSD, ClamAV, Postfix, SpamAssassin and a myriad of other open source solutions have been pretty much standard in these areas for years by anyone “in the know” about security.

A “Network Quarantine” inspects PCs before connecting them to a corporate network — sounds interesting for laptops and such. AFAIK, there is nothing like that on the FOSS side .. perhaps nessus and other security vulnerability checkers — but I think this has more to do with the fact that FOSS is built correctly with regards to security rather than band-aided like this “innovative” technology.

In the spirit of ultimate security, Ballmer said that Microsoft may change its policy in delivering free patches to users who do not properly license products — as in, if you don’t license properly, Microsoft will not give you security updates. Guess this is an area where FOSS still reigns supreme. You don’t have to license to get security updates.

Needless to say, Ballmer and Co., still don’t understand security. You simply don’t throw money at security and “productize” it with firewalls, virus scanners, etc. To truly understand security, they need to simply retire a LOT of poorly written source code and from the ground up, rebuild their software with a true focus of being secure. For example, regular user accounts to NOT be administrative or “super user”, nurturing an environment based on standards where everyone is not required to run the same exact software, disabling ALL listening ports by default, providing access rights (user accounts or similar) for running applications, having jails/chroot and other technologies to allow administrators to sectionalize their systems, providing a comprehensive kiosk model (similar to KDE) so administrators can precisely adjust the access rights of the desktop interface for users.

Of course, using strong ciphers, defaulting to encrypted channels of communication, building stronger access controls (ie everyone has a USB mem stick with their private/public keys for access computing resources versus having passwords), having the system automatically backup user data so if an exploit IS found, data is still safe, etc..etc..etc..

Throughout March I have been keeping tabs on viruses. Tons of viruses were released, many considered high risk. On my servers, at certain times, around 30% of all emails received contained some type of a virus. In addition to viruses, there was a lot of automated virus replies, people unaware of the issue accusing others of sending them viruses and so forth. Needless to say, as an admin, I spent a great deal of time updating virus scanners, creating filters and calming people’s concerns regarding these issues.

Anyways, Globe Technology has an article about the recording shattering month.

The two big viruses for the month were NetSky and Bagle, NetSky being the “winner” in March, taking 7 of the top 12 places in the most prevalent viruses list from Central Command.

The two top viruses created over 30 new variants in March. NetSky accounted for a staggering 70.5% of all confirmed virus occurences.

In addition, the first quarter of 2004 had lots of other record breaking numbers. According to the London-based mi2g Intelligence Unit, DDos (Distributed Denial of Service) attacks caused between $3.4 and $4.1 billion in damage, compared to $1.3 to $1.6 billion for all of 2003. The volume of spam sent out exceeded 1.6 trillion messages, which exceeded the 1.5 trillion sent out in all of 2003. Economic damage from spam lies between $58 billion and $71 billion worldwide for Q1 2004.