Is what I did safe?

Hi again everybody,

I’m still tinkering with my dual-boot XP/Mint 17.2 (Mate) computer, and I still have a LOT to learn, so I’m afraid I must pester you all again.

Although Libre Office seems to be a good program, I much prefer WPS Office. WPS seems to be the only program which flawlessly opens my Word 2007 files without compromising their existing format. All of the pictures, captions, headings, and everything else work perfectly with WPS. So today, I was amazed to find that WPS was available for Linux. However, as I started to read the install instructions, I knew I was in way over my head. Thus, after I searched around on Google for a while, I found the code listed below:

 

sudo gdebi kingsoft-office_9.1.0.4244~a12p3_i386.deb

cd && wget -O wps-office.deb http://kdl.cc.ksosoft.com/wps-community/download/a15/wps-office_9.1.0.4751~a15_i386.deb

sudo dpkg -i wps-office.deb

sudo apt-get -f install && rm wps-office.deb

wget -O web-office-fonts.deb http://kdl.cc.ksosoft.com/wps-community/download/a15/wps-office-fonts_1.0_all.deb

sudo dpkg -i web-office-fonts.deb

 

At that point I held my breath and entered each command. The process did work, and WPS installed and runs great. Which brings me to my questions:

What exactly did I do (yes, I know I installed WPS  ), and is it safe to install software following code I don’t understand? Also, why isn’t the program available from the Mint repository if it works?

I apologize for asking questions which may seem obvious to many of you, but being new to Linux, it gets very confusing.

Thank you all again. 

Well those commands you normally see are generalized instructions.

The reason why most of them offer command line is that commandline is very universal in linux.

The biggest advantage to linux is its customization but its also its biggest drawback.

What GUI instructions work for distro a with setup a may not work for distro b with setup a.

Each distro has its own sets of setups, sure there are some universal standards but in the end its the distro itself that is the difference maker.

Those commands you see online are generally safe, but there are commands that certainly ruin your day, like if someone ever says enter the command sudo rm -rf /

 

Never EVER do it, thats the sudo bad juju command and will destroy your root system.

Not good.

 

As for why WPS isnt in Mint, its all down to licencing WPS is totally proprietary software so distros like Mint could not ship it out.

There are exceptions Mint Makes like giving out flash but even that isnt 100% "legal"

Not saying you are breaking laws by using Linux Mint but there is some major legal mumbo jumbo behind the scenes.

Edited by MadmanRB, 13 December 2015 - 06:40 PM.

@MalwareMutilator

 

Will you provide the link, can't find it on their page? very interesting

Did you Scan the .deb after download?

Did you Scan the .deb after download?

 

Usually Mint checks the integrity

 

He probably got WPS via this:

 

http://wps-community.org/

 

Seems legit by the package description

 

Usually Mint checks the integrity

 

Really, thanks...did not know that.  It does this via md5sum?

 

Thanks for the link, this is good stuff, thanks also MM!

Yeah it does, mind you I dont use Mint as my primary distro (though am using it right now to give 17.3 a spin) but it works the same as its always has.

 

Also your welcome, seasoned Linux vet here :D

Next Year will mark my 10th year of using Linux as my primary OS, been using it longer but officially I have been using Linux 10 years now

Edited by MadmanRB, 13 December 2015 - 07:12 PM.

Personally I am not a fan of downloading .deb from some site and installing it, same for unknown PPA's, Checking the MD5 means nothing when the same site you download from gives you the numbers.

 

 

Doing this is the same as downloading some .exe from some site for Windows.

Meh its safe enough, google chrome works fine and most PPA's are in the clear.

Now if its a project from a page I done know about, than I get worried.

But PPA's are in general safe to work with

Edited by MadmanRB, 13 December 2015 - 07:23 PM.

I searched around on Google for a while, I found the code listed below

I presume this is only a snippet of the full instructions, as step 1 here, makes zero sense as a first step.

What exactly did I do

I'll go into further detail below, but basically you downloaded a couple DEB files, installed them, and then attempted (and presumably succeeded) in installing any dependencies.

sudo gdebi kingsoft-office_9.1.0.4244~a12p3_i386.deb

Gdebi installs "kingsoft-office_9.1.0.4244~a12p3_i386.deb" from the currently browsed directory, as well as any dependencies (provided they are available in your repos).

cd && wget -O wps-office.deb http://kdl.cc.ksosoft.com/wps-community/download/a15/wps-office_9.1.0.4751~a15_i386.deb

Cd kicks you to your user's directory, Wget then downloads "wps-office_9.1.0.4751~a15_i386.deb" from the specified URL, and saves it as "wps-office.deb" in your currently browsed directory.

sudo dpkg -i wps-office.deb

Dpkg installs "wps-office.deb".

sudo apt-get -f install && rm wps-office.deb

Apt-get installs any missing dependencies for any packages (not just WPS Office) if they are available in your repos. Rm deletes the file "wps-office.deb" from your currently browsed directory.

wget -O web-office-fonts.deb http://kdl.cc.ksosoft.com/wps-community/download/a15/wps-office-fonts_1.0_all.deb

Wget downloads "wps-office-fonts_1.0_all.deb" and saves it as "web-office-fonts.deb" in your currently browsed directory.

sudo dpkg -i web-office-fonts.deb

Dpkg installs "web-office-fonts.deb".

is it safe to install software following code I don’t understand?

I would not advise running commands you don't understand, unless doing so in a contained testing environment. Even if you trust the author of the commands, they could neglect to mention something important (assuming you'll know, which you won't), or have a typo (which you won't catch since you aren't familiar with the command). Sudo commands are particularily dangerous to run, because they usually mean you're giving the command permission to run as root (which means it has 100% access to your entire system). In this case, the commands are safe, provided you trust the software developer (while I've never used anything from KingSoft, I have heard of them before). Remember, you can often use "man program-name" or "program-name --help" to find out more information about a command. For example, you used "wget -O" in these commands. If you wanted to know what "wget -O" was doing, you could use "wget --help" and you'd see Wget is a download manager and "-O" specifies an output file.

why isn’t the program available from the Mint repository if it works?

The developers may not have submitted it to be in the repos, or it may not qualify to be in the repos. There is plenty of software not in the default repositories. Some developers setup their own (which you can add to your system), others just provide a download (as is the case here).

I apologize for asking questions which may seem obvious to many of you, but being new to Linux, it gets very confusing.

No need to apologize. These are good questions to ask, and if you're already venturing into this, you've picked up Linux much faster than I did when I started out.

Please note that the instructions you've used install a 32bit version, which is what you want if you're running a 32bit Linux Mint install. If you're running a 64bit version of Linux Mint, you can install the 64bit version of WPS Office, or the 32bit version. The version you've installed is also, not the most recent version. You installed "wps-office_9.1.0.4751~a15", the most recent is "wps-office_9.1.0.4975~a19p1".

EDIT: I hit the quote-box limit so I've changed some of these to code-boxes instead.
 

Personally I am not a fan of downloading .deb from some site and installing it, same for unknown PPA's, Checking the MD5 means nothing when the same site you download from gives you the numbers.

 

Doing this is the same as downloading some .exe from some site for Windows.

I hear you there. If you "trust" the company/org providing the package it's "ok" though.

Very nice hollowface!, I did a VirusTotal check on it

https://www.virustotal.com/en/url/c0a61b84f00d9f3407d64cda48a55bb632d379891a49da9a3586a48274c8a0c5/analysis/1450053724/

 

Interesting that 64bit did not come till a18, and that one did not include "CoreFonts" perhaps those can be used from a15? or they come with a18 and above?

Edited by pcpunk, 13 December 2015 - 07:50 PM.

@pcpunk

From now on, we split the package to main package (wps-office), language package (wps-office-mui) and font package (wps-office-fonts, most of the time you don't need this package unless you deal with CJK documents frequently)

-REF:http://wps-community.org/downloads?vl=a15#download

We now using Online Language instead of the language package, you can switch to the supported languages from Choose Language dialog.

-REF:http://wps-community.org/downloads?vl=a16#download

a18, and that one did not include "CoreFonts" perhaps those can be used from a15? or they come with a18 and above?

-REF:http://www.bleepingcomputer.com/forums/t/599302/is-what-i-did-safe/#entry3885426

Yeah, it's a bit unclear. They stop making fonts packages after a15, but in the a16 changes description they only state that language packs aren't being made anymore, no mention of the fonts pack. Perhaps fonts are being done online like the language support???

 

Personally I am not a fan of downloading .deb from some site and installing it, same for unknown PPA's, Checking the MD5 means nothing when the same site you download from gives you the numbers.

 

Doing this is the same as downloading some .exe from some site for Windows.

I hear you there. If you "trust" the company/org providing the package it's "ok" though.

 

 

Same here, there are some times when we have no other choice, like driver packages that ships as .exe files from OEM's. Though many of these will also carry an SHA-256 checksum, which is hundreds of times more secure than a SHA-1 package & thousands compared to a weak MD5 one. 

 

MD5/SHA-1 are just like those dollar store locks that can be opened with little effort, they're to keep honest folks honest, not to keep a thief out. Anyone who depends on MD5 hashes to keep themselves out of hot water will eventually get burned, a security breach waiting to happen. This will surely happen to the Windows user who lives & dies by MD5, yet just because we run Linux doesn't imply we can't install a bad package by doing the same. Meaning it's possible to infect our Linux installs manually & there's no way to know it unless it's scanned with the proper tools, or until it becomes obvious we're hacked (like our purchase credentials has been stolen). 

 

The best places to download files are from known sources, I've been getting my Linux Mint ISO's from the same official site for 5+ years and have not had problems, and until the last 18 months or so, never considered MD5 hash checking, because it's not a secure hash. Maybe in 2000 it was, yet that was nearly 16 years ago. SHA-1 is somewhat better, yet many Linux distros doesn't even post that. 

 

If one is going to live & die by hash checking, SHA-256 is the best of the lot as it stands for now. While there are even more secure hashing techniques, SHA-256 isn't utilized enough to justify using for the downloading of files, so there's really no way that one higher would be of use, if posted. 

 

Cat

Edited by cat1092, 14 December 2015 - 04:25 AM.