[ale] [OT] updating, securing OpenOffice, Adobe Reader / Flash

Ron Frazier atllinuxenthinfo at c3energy.com
Mon Mar 14 10:12:04 EDT 2011 

Hi Mike T.,

Thanks for the note. See comments below.

On 03/14/2011 12:12 AM, Michael B. Trausch wrote:
> On Fri, 2011-03-11 at 10:01 -0500, Ron Frazier wrote:
>    
>> OpenOffice is now up to version 3.3.  However, my version 3.2 was not
>> updating properly.  When I'd say check for updates, it just failed.
>> When I heard it was at a new rev level, I uninstalled it and installed
>> version 3.3.  My Ubuntu version is still at 3.2.  I'm not sure why.
>>      
> Ubuntu's policies prohibit major upgrades like that.  That does not mean
> that all is lost, however.  They will backport security-related patches
> to whatever version(s) are in their repositories for distributions that
> are still supported, and so you still receive security updates in that
> way.  That said, dpkg has a long way to go before they get this done
> efficiently.  A minor security patch that might only be 100 lines of
> source changes still requires that you re-download the whole friggin'
> package once they've finished a rebuild.  Alas, nothing is perfect.
>
>    

I inadvertently created double trouble for myself. First, I decided to 
upgrade OpenOffice. Then, I found out LibreOffice "final" was out and 
decided to convert to that. LibreOffice is at version 3.3.1, which is 
probably equivalent to OpenOffice at the moment. So, hopefully it will 
stay up to date on my system. It's good to know that they backport 
security changes though.

> That also said, I think it is important to note that blindly patching
> things can be just as detrimental as patching nothing at all.  I am not
> saying audit every single change, but there is a balance somewhere
> between patching everything, all the time, and patching nothing at all.
> Security patches themselves can introduce security problems, and some
> (though few that I can recall) have been known to break backward
> compatibility in some cases.  There have been a few security fixes in
> Samba that I can recall that have had the effect of breaking backwards
> compatibility (though for the ones that I can recall, they were well
> worth it).
>
> 	--- Mike
>
>    

I know what you mean. I don't manage corporate computers at this time, 
so I can't speak to that. However, for my personal systems, and friends 
and family systems, I've waffled over the issue. I used to want to look 
at the patch list every time. I finally broke down and turned on auto 
update on all the Windows systems. At least that way, I know Windows and 
MS Apps and Microsoft Security Essentials will be patched almost all the 
time. I have heard of a non trivial number, but still low, of patches 
breaking things. Fortunately, I don't think I've ever encountered more 
than one. I think service pack 3 for Vista messed up a lot of people's 
systems temporarily. I heard about that and delayed installing that for 
about a year. However, I did have all the incremental upgrades that came in.

For my Linux systems, I pretty much take a quick glance over the patch 
list when Update Manager pops up every week or so, but I think I've 
always, to this point, told it to install all the things it wanted to. 
That may be the best compromise of effectiveness and efficiency for the 
average user. I have observed that, if there's anything related to the 
kernel in the patch list, I can expect a reboot. Linux seems more 
tolerant about it than Windows, and more willing to wait for the restart 
and then activate new things.

Sincerely,

Ron

-- 

(PS - If you email me and don't get a quick response, you might want to
call on the phone.  I get about 300 emails per day from alternate energy
mailing lists and such.  I don't always see new messages very quickly.)

Ron Frazier

770-205-9422 (O)   Leave a message.
linuxdude AT c3energy.com

More information about the Ale mailing list