Which "openoffice" to download for 256MB system?


Forum: Apps
Topic: Which "openoffice" to download for 256MB system?
started by: mourafa

Posted by mourafa on May 29 2008,03:03
Being a Linux and DSL newbie I have difficult to choose which "oppenoffice" I should downnload, considering my system has 256MB. Without any advises, I would be tempted to pick "openoffice.org2.0.uci" from MyDSL browser as it looks like it is the latest version there and ... it is there, available for some reason.

Via MyDSL browser, I found:
openoffice-1.1.4.tar.gz
openoffice.tar.gz
openoffice-2.0.uci
openoffice.org2.0.uci
openoffice.uci

What are the differences/advantages/disadvantges/aplicabilities between ".tar.gz" and ".uci" versions?

But what about dowloading directly the newest OpenOffice.org 2.4.0 for Linux, (US English version), found at < http://download.openoffice.org/index.html >

Also, when and why should I be satisfied with applications available at the MyDSL browser rather than looking for the latest version available at the official site, like the newest OpenOffice.org 2.4.0 for Linux?

Is it likely an application should first be trimmed down by experts to fit DSL needs before it should be attempt to be used?

I will appreciate very much your help.

Mourafa

Posted by ^thehatsrule^ on May 29 2008,03:12
If you're on a typical frugal setup, use .uci
Posted by mourafa on May 29 2008,03:51
Yes, I have a frugal install
Posted by meo on May 29 2008,05:03
Hi mourafa!

I agree fully with "hats". If you check out a download site of mydsl you'll find that there is always and info file about every package where you can find more information about them. The most rescent openoffice in the repository (in english) is openoffice.org2.0.uci which is really the 2.0.4 version of openoffice. I hope this is of some help to you.

Have fun discovering DSL,
meo

Posted by Juanito on May 29 2008,05:07
Quote
Also, when and why should I be satisfied with applications available at the MyDSL browser rather than looking for the latest version available at the official site, like the newest OpenOffice.org 2.4.0 for Linux?
I would suggest downloading openoffice.org2.0.uci and trying it on your system to see how things go. If it works OK, then there is probably not much need to look further.

Quote
Is it likely an application should first be trimmed down by experts to fit DSL needs before it should be attempt to be used?
- ideally the application should be compiled (built) for dsl and for sure, as per the dsl ethos, it is better to trim an application down. You don't need to be an expert though and these forums are a great place to learn how to do these things and more.

Posted by mourafa on May 29 2008,05:21
^thehatsrule^, meo and Juanito, thank you so far!

One point still to clarify is: What are the differences/advantages/disadvantges/aplicabilities between ".tar.gz" and ".uci" files?

thanks again

Posted by Juanito on May 29 2008,05:39
Quote
One point still to clarify is: What are the differences/advantages/disadvantges/aplicabilities between ".tar.gz" and ".uci" files?
- .tar.gz mydsl extensions will uncompress the application and write all the files in it to the dsl file system under /opt/myappname. Depending on the application (and openoffice is big) this can use a lot of space and since you are running frugal/toram this will use a lot of memory - 256MB might not even be enough to run openoffice in this way.

.uci mydsl extensions uncompress the files in the application when only required (or something like that) - they will still appear under /opt/myappname but will not use nearly as much memory (In fact hardly anything).

Posted by ^thehatsrule^ on May 29 2008,06:05
Guess the first post was modified...
Quote
But what about dowloading directly the newest OpenOffice.org 2.4.0 for Linux, (US English version), found at < http://download.openoffice.org/index.html >

Also, when and why should I be satisfied with applications available at the MyDSL browser rather than looking for the latest version available at the official site, like the newest OpenOffice.org 2.4.0 for Linux?

Is it likely an application should first be trimmed down by experts to fit DSL needs before it should be attempt to be used?
If it doesn't say anything in the .info, then it's probably just repackaged to the MyDSL standards with icons/links, etc.

If you feel you need the latest one you could always try that it.
You could also make/request an extension for it.

Posted by mourafa on May 29 2008,06:36
^thehatsrule^, you are right as I had to edit my first post - by mistake I posted it without the text.

You all, thanks a lot so far for your inputs - it is a great help!

For now I will try "openoffice.org2.0.uci" ... I am letting it download now and I'll try it tomorrow.

Again thanks a lot!

Posted by curaga on May 29 2008,08:44
About using the latest from a project's site:
If they do offer binaries, they can be used just fine, as long as they work on DSL. Sometimes the binaries are compiled with newer libraries than in DSL, so they won't work.
It's also a question of convenience, when you have a tarball you need to figure where to unpack it to not have it hog ram etc. and DSL extensions go to the right place automatically.

Posted by setecio on June 11 2008,18:16
Looking at
< http://distro.ibiblio.org/pub/linux/distributions/damnsmall/mydsl/uci/ >
they all seem to be 2005 & 2006
Is there any reason why there haven't been any uci added in 2007 & 2008 .... has another (better ? ) thing replaced uci ? Or are newer ones stored somewhere else ?

I'm just curious as uci seems a good system from the above posts about Open Office.

Posted by Juanito on June 12 2008,03:35
The newer uci are all in the "testing" section of mydsl
Posted by setecio on June 12 2008,07:59
OK, are the ones in testing pretty stable and reliable ?

Is there a ways of downloading 'almost everything' available for DSL or an iso that contains almost everything, the point being to be able to browser around all the apps and try them out, rather than just guess what to download from within mydsl ?

Posted by lucky13 on June 12 2008,09:09
Why would you want to tie up your computer with several GB (I haven't counted it out) of stuff you may not even care to try? Either as a download or by effectively mirroring MyDSL? What's "small" about that?

You *can* wget everything from MyDSL and burn a DVD or two or three. Maybe Robert has a du for how much room is needed to mirror to give you an idea. It's easier to download as-needed or to try and then store whatever you decide you want to keep.

The Open Office versions in MyDSL work. That includes the 1.1 version which is half the size of 2.0+ while still having about 90% of the functionality. *All* versions of Open Office have security flaws, many of them quite serious. They just released 2.4.1 yesterday to patch a lot of stuff including a critical vulnerability (heap overflow) affecting all previous 2.0+ versions before 2.4.1.

The larger and more complex anything is, the more likely it will be to have problems.

I keep Open Office on a CD with other extensions and use it only as-needed. Mainly because of its size and insecurity but also because I find many smaller tools already in DSL or available elsewhere to be more than adequate for daily needs without clogging up my RAM like Open Office does.

(edited)

Posted by setecio on June 12 2008,21:32
I just wondered if such a download was available to have a look at various apps.

If you only use OpenOffice for basic (local) word processing and spreadsheets, how are there security risks from it? Surely it doesn't open ports or connect out to the net for basic worrprocessing etc ? Is it only when you are reaching out to the net from it that there are security issues ?

Posted by lucky13 on June 12 2008,21:48
Search google for these terms: openoffice security advisories. My first try:
Results 1 - 10 of about 345,000 for openoffice security advisories. (0.28 seconds)

Shortest answer to the first question: That presumes your local documents contain no shared information and no content (images, etc.) from other sources. I didn't narrow down my search to include anything affecting OOo with JRE whether remote or local...

Okay, now I have. I thought I remembered this:
< http://news.cnet.com/Java-fl....13.html >

Plenty more if you have time to read through all the links for OOo-specific security advisories.

Posted by humpty on June 13 2008,06:25
Quote (setecio @ June 13 2008,05:32)
I just wondered if such a download was available to have a look at various apps.

You can also visit the website to browse the apps,

< http://distro.ibiblio.org/pub/linux/distributions/damnsmall/mydsl/ >

Posted by setecio on June 13 2008,08:47
Thanks humpty, that looks the best way.

lucky13, about the security side of running DSL and various apps, I thought that :

a) DSL being Linux
b) running in root
c) being behind a hardware firewall
d) being 'only' a home user as opposed to a corporate business with any 'important stuff'

that I would be pretty safe using DSL and apps such as Open Office.

Posted by lucky13 on June 13 2008,11:28
Layers...

First layer, kernel. Linux is just a kernel. It has its own set of security issues, just like any other complex, complicated set of code known as an operating system. Check the changelogs and security advisories and patches (such as novmsplice).

----------------------- edit ----------------------------------
I just remembered that grsecurity recently had this note about the problem of transparency and openness in 2.6:
"Due to Linux kernel developers continuing to silently fix exploitable bugs (in particular, trivially exploitable NULL ptr dereference bugs continue to be fixed without any mention of their security implications) we continue to suggest that the 2.6 kernels be avoided if possible."
< http://www.grsecurity.net/news.php >
-------------------  end edit  ------------------------------------

Above that in the next layer are all the utilities that make the kernel useful. Those, too, have vulnerabilities that affect security. Just because they're used in Linux/Unix doesn't make them any safer than if they're used in any other OS (including Windows).

The next layer includes userland applications. Some of these are very complex sets of code and with that complexity they're more susceptible (exponentially?) to security breaches. For example, Firefox and Open Office are among the larger and more complex applications made available in many Linux distros. Both of these applications have long histories of security problems and often have made new security releases within days of previous releases. Both, of course, are also available for other operating systems. It's not the OS -- the first two layers of kernel and utilities -- that's responsible for these security issues. It's all the interrelated pieces of the complex puzzles such as libraries used, as well as the way those are implemented in the whole scheme of things, that's problematic. Especially today with the increased risk of cross-scripted attacks that take advantage of holes in "Software A" to do something else with "Software B" to compromise a system running on "Operating System C." These attacks often transcend OS. (edit - see below)

You're not inherently safer using Open Office or Firefox in Linux than you are in Windows or OSX. The same issues plague the same software without regard for OS. The degree of severity can vary from OS to OS, especially if run as root (don't do that!!) and thereby having full system access.

Security is a function of a lot of things and the weakest link is always the user -- not the OS. The OS can make it easier or more difficult to be secure, but the OS is NOT your security blanket. Blindly trusting an OS as a security measure is folly.

Edit 2: from my pwn2own collection:
"The flaw is in something else, but the inherent nature of Java allowed us to get around the protections that Microsoft had in place," he (Macaulay) said in an interview shortly after he claimed his prize Friday. "This could affect Linux or Mac OS X."
< http://blogs.zdnet.com/security/?p=993 >

Posted by curaga on June 13 2008,13:34
I wonder if that reference to Java is the same thing my, sadly still, bank uses to snoop on it's clients.
They use a side of Java IIRC called JIS that lets you do the exact opposite of Java, execute code outside the Java sandbox.

..Which is one of the reasons I don't have Java..

Posted by lucky13 on June 13 2008,14:11
Code Sample
..Which is one of the reasons I don't have Java..

Would you feel any safer if they used perl? Would you feel any safer if they used php? What languages are inherently safe regardless of programmer (in)familiarity with security issues?

Posted by curaga on June 13 2008,14:52
It's not about the language, some just have more "bad" uses than others.
Also, perl and php are both server-side, so they couldn't do a thing to my security (if that's what you meant, of course)

And the use of Java against it's very existence and base idea is.. well, an atrocity. I have to wonder why did Sun even allow that.

Posted by setecio on June 13 2008,16:46
Thanks for the info.

How does AbiWord measure up in term of security  ?

Posted by lucky13 on June 13 2008,17:51
As with many things, it all depends which version, what features, etc.
< http://secunia.com/product/3723/ >  
< http://secunia.com/product/5774/ >  
< http://secunia.com/product/5865/ >  
< http://secunia.com/product/16471/ >

It also depends what your threshhold is and how you use any app including Open Office. If you're running off CD/frugal and using a UCI, you're limiting what can be done and how long to the duration the UCI is actually loaded. If you're running a hard drive install and you install a .dsl or tar.gz extenion, your exposure is the duration of time the application is installed. Hard drive is fully persistent. Frugal/CD refreshes the base every reboot, but your persistent home and opt partition(s) doesn't -- so anything compromised in those would be permanent until fixed.

Powered by Ikonboard 3.1.2a
Ikonboard © 2001 Jarvis Entertainment Group, Inc.