Open Standards

LibreOffice 4.4.7 released

11/12/2015 Steve WoodsOpen Source, Open Standards, Tech

Yesterday The Document Foundation announced the release of LibreOffice 4.4.7, the seventh and final minor release of the LibreOffice 4.4 family. LibreOffice 4.4.7 is the “still” version, which is aimed at more conservative users and enterprise deployments.

The Document Foundation recommends the deployment of LibreOffice in enterprises and large organisations with the backing of certified professional support.

LibreOffice 4.4.7 is available for download from http://www.libreoffice.org/download/libreoffice-still/.

The next release of the more cutting edge LibreOffice 5.x series will take place early in 2016.
The Document Foundation seeks boost to LibreOffice developer numbers

25/11/2015 Steve WoodsLinux, Open Source, Open Standards, Tech

The Document Foundation has announced a new drive to increase its developer community beyond the level of 1,000 reached in October 2015.

The growth of the LibreOffice developer community has been extraordinary, with a monthly average of over 16 new hackers contributing to the code since September 2010. This is due in the main to mentoring by the project’s founders. After five years and 1,000 new developers, though, the complexity has changed, and the project needs to invest on mentoring a new generation of coders.

LibreOffice has always been available on multiple operating systems – Linux, Mac OSX and Windows – and is now on the verge of being available on multiple platforms: desktop, mobile and cloud. Consequently, the project needs a wider range of developer skills, which can be achieved only with a renewed effort targeted to attract new contributors.

“When LibreOffice started, the codebase we inherited was known for being extremely hard to contribute to, for both technical reasons and a lack of mentors reaching out to new hackers,” says Bjoern Michaelsen, a member of LibreOffice engineering steering committee and a director of The Document Foundation. “Today, the LibreOffice project is known for its welcoming atmosphere, and for the fun. We strive to continue on this path for the next 1,000 code contributors.”
LibreOffice wins two awards

23/11/2015 Steve WoodsOpen Source, Open Standards, Tech
PortalProgramas.com has announced that LibreOffice, the leading open source office productivity suite, has won 2 prizes in its 2015 awards for free software applications.

The 2 categories in which LibreOffice won were:
1. Esencial para empresas (essential for companies), because it covers all enterprise office automation needs without adding licensing costs;
2. Mayor potencial de crecimiento (best growth potential); this was awarded because LibreOffice is regularly updated and is open to new features and applications.
Other winners included GNU Health (most revolutionary), WordPress (essential for communication) and CyanogenMod (best for mobile).

Congratulations to LibreOffice, The Document Foundation and all the other winners.
“Open source can liberate local authorities being held to ransom,” says Dutch MP

13/11/2015 Steve WoodsOpen Source, Open Standards, Politics, Tech

Open source software is a good option for local authorities who are dissatisfied with the price and quality of their software, says Dutch Labour MP Astrid Oosenbrug. This former sysadmin believes open source and open standards can liberate local authorities from their current suppliers, who she maintains can have too much power over their customers.

Situation “has been going on for years”

It recently became apparent from an investigation by NRC and Reporter Radio that many local authorities feel they are being held hostage by their software suppliers who are making the most of a dysfunctional market with price increases. According to Oosenbrug, the situation “has been going on for years”. She has been campaigning for a long time for open standards and open source solutions, her greatest success being a parliamentary motion passed in April according to which the government would be obliged to give preference to open source in invitations to tender.

More opportunity for open source

From their dissatisfaction, Oosenbrug perceives that local authorities are seeking alternatives to their current software. Oosenbrug states: “The opportunities for open source are increasing and definitely now the government is giving it preference. Amongst local authorities we do find those where the councillors won’t interfere (with procurement choices. Ed.), but I’ve also sat in the council chamber myself. Not every intervention from The Hague is in itself bad or negative, but is on the contrary supportive.

Open source good option for local authorities

In open source software the software’s source code is published and freely available to the public. The software can therefore be freely copied, adapted and distributed. Software standards between applications that work, services, systems and networks that work with each other can be inspected with open standards.”

Oosenbrug views open source and open standards as a good choice for local authorities. “Software companies have a hold on them with their products. If there’s no agreement with price rises, they stop providing the services and local authorities get into quite a bit of trouble. With open source local authorities can be freed from the stranglehold. With open source, anyone can examine the software used and inspect the source code. In this way security holes and clumsy coding are quickly traced.” Users with expertise are also looking everywhere, on account of which the software remains up to date and inexpensive solutions can often be found,” declares Oosenbrug. “There is a safe environment in which ethical hackers for example can play a major role.”

Open standards

Local authority websites are regularly attacked and are sometimes as leaky as a sieve. Consequently, Oosenbrug is also advocating open standards in addition to open source. “Of the 360 local authorities, only thirty comply with accessibility standards. You can overcome these sorts of problems with open source and open standards.” Oosenbrug believes there should be a template for websites with which local authorities can comply with all standards. “The remainder of a website can then be completed according to the local authority’s own preferences.”

Investment repays itself

Open source and open standards mean a considerable investment, but Oosenbrug believes it’s one that is repaid. “The bid that works best wins invitations to tender. Everything is checked for price and quality by the users themselves. Local authorities are currently in the land of the blind where the one-eyed man is king and they must always pay more. Software is becoming safer and cheaper with open source. The government must not view open source as a punishment, but as an opportunity.”

Municipality of Ede

Several local authorities have made progress with open source. In this way the Municipality of Ede has been able to make appreciable savings. After the changeover, it has been spending ten times less for software licences than comparable local authorities. On account of this, total ICT expenditure has been one quarter less than previous years.

Original Dutch source article: http://www.binnenlandsbestuur.nl/digitaal/nieuws/open-source-kan-gegijzelde-gemeenten-bevrijden.9500508.lynkx

Originally posted on Bristol Wireless.
LibreOffice 5.0.3 “fresh” and LibreOffice 4.4.6 “still” released

04/11/2015 Steve WoodsOpen Source, Open Standards, Tech
Away from the world of alpha versions and bug hunting sessions (posts passim), The Document Foundation yesterday announced the arrival of LibreOffice 5.0.3 “fresh”, the 4th release of the LibreOffice 5.0 family, and LibreOffice 4.4.6, the 7th release of the LibreOffice 4.4 family. Based on feedback from both users and the media, the LibreOffice 5.0 family is the most popular version of this free and open source office suite to date.

LibreOffice 5.0.3 is more feature-rich and as such is aimed at power users and tech enthusiasts, whilst LibreOffice 4.4.6 is targeted to more conservative users and enterprise deployments as it has been in widespread use for a longer time and as such offers a better experience for document production.

For security reasons it is recommended that all LibreOffice users update their software at least to LibreOffice 4.4.6.

Both software packages include many fixes introduced since the previous versions which can be viewed here for 5.0.3 RC1 and 5.0.3 RC2 respectively and here for 4.4.6 RC1 and 4.4.6 RC3.

Download LibreOffice

Both new versions can be downloaded via the following links:
- LibreOffice 5.0.3;
- LibreOffice 4.4.6.
Support

When deploying LibreOffice in large organisations and for enterprise use, The Document Foundation strongly recommends the use of professional support by certified individuals.
LibreOffice 5.1 will be the fastest ever

29/10/2015 Steve WoodsOpen Source, Open Standards, Tech

LibreOffice 5.1, the next release of the popular open source office suite, has officially entered the final stage of development with the release of the Alpha version, which has been released in time for the first Bug Hunting Session due to take place from Friday, 30th October to Sunday, 1st November (posts passim).

LibreOffice 5.1 starts twice as fast as the previous version and, as well as the usual incremental interoperability improvements with MS Office file formats (including MS Office 2016), incorporates some useful new features, such as the Chart Sidebar to change settings in a more intuitive way, easier workflow with Google Drive, OneDrive and SharePoint, plus a Style Menu in Writer.

The first LibreOffice 5.1 release candidate (RC) will be available in mid December, followed by second and third RCs in January 2016, with the release version becoming available in early February, just after FOSDEM 2016 (where LibreOffice developers will provide all the technical details about the new and improved software features).

Over the last 12 months, around 300 developers have hacked the LibreOffice source code, providing over 19,000 commits, representing a weekly average of 375 commits.

Download LibreOffice

LibreOffice is available in 2 versions codenamed “fresh” and “still” for production use*.

LibreOffice 5.0.2, the current “fresh” version, is available for download, whilst LibreOffice 4.4.5, the current “still” version, is likewise available for download.

* Alpha and pre-release versions should only be used by technology experts or enthusiasts who don’t mind getting their fingers cut by bleeding edge software! Ed. 🙂
NTP updated to counter attacks

25/10/2015 Steve WoodsOpen Source, Open Standards, Tech

It’s that time of year again when summer daylight saving time has just ended in Europe and the developers of the NTP time synchronisation service are responding to a series of new attacks with an update, German IT news site heise reports. With these attacks communication between servers and clients can be manipulated so that the clients receive the incorrect time or no time at all.

The reference implementation of the NTP time server service is now version 4.2.8p4, with which the developers have closed 13 security holes, including a series of vulnerabilities which four Boston University researchers describe in detail in a research paper (PDF). The researchers succeeded in finding several ways of attacking the time service, including preventing clients of the service from using it, also known as a Denial of Service (DoS) attack and providing them with the wrong time under certain circumstances.

NTP is used to synchronise the local clocks of all kinds of computers via the network. Various providers make different servers available which a client can query for the current clock time. Nearly all modern operating systems adjust this unnoticed in the background. Nevertheless, there have been attacks in the past on software implementations of this system and on the NTP protocol itself.

Kiss of death

Two of the new attacks are characterised mainly by the fact that the attacker does not need to hook up to the connection between client and server as a “man in the middle“. Both kinds of DoS attack take advantage of the so-called “Kiss o’ Death” (KoD) packet to cripple communication between the client and server. The KoD packet tricks the client into thinking that a NTP server is very busy or overloaded and the client should send fewer queries.

Attackers can now fake packets for all services which a client normally queries for its time; and do so in such a way that the client doesn’t update its internal clock for months or even years on end. The elegant thing about this hack is that the attacker only needs to send very few packets. In the second attack possibility described by the researchers the attacker must fake many client requests and thus force the server to silence the client with KoD packets. This also results in the client no longer updating its clock.

Both holes (CVE-2015-7704 and CVE-2015-7705) have been plugged in the new version of NTP.

Time shift

With 2 further attack methods the researchers succeeded in foisting incorrect clock times on clients. Clients should normally ignore times which differ by more than 1,000 seconds from their system time – the so-called “Panic Threshold“. However, in many configurations this does not apply to NTP queries sent immediately after a reboot of the client. Their system times can therefore be manipulated almost at will if they can be forced to reboot. Cryptography operations can be gerrymandered or DoS attacks conducted on the software running on the client with such a manipulation.

The intentional fragmentation of IPv4 packets can also be abused to confound a client’s time queries and foist an incorrect time on it. However, this method is very fiddly and the researchers did not want to test in the the wild since it uses the techniques of the decades-old Teardrop attacks and can crash old operating systems. This problem with overlapping TCP/IP packets is not a specific error of the NTP protocol, but of the underlying operating systems.

Admins should patch NTP

The Boston University researchers discovered the security holes on 20th August. Their paper has only been published now to give the NTP developers time to plug the holes. The researchers are recommending that admins running NTP servers update them as quickly as possible to version 4.3.8p4.

Reposted from Bristol Wireless.
UK government to switch to open source office suite

20/10/2015 Steve WoodsOpen Source, Open Standards, Tech

A new deal announced today between the Crown Commercial Service and open source consultants Collabora will provide public sector organisations with savings on GovOffice, an open source office suite based on LibreOffice.

Collabora GovOffice is is compatible with both Google Docs and Microsoft Office (including the cloud version Office 365) and includes comprehensive support for the latest version of Open Document Format, which is recommended by the Cabinet Office for use by government organisations.

With a familiar interface for creating documents, spreadsheets, presentations and more (none of that ribbon nonsense. Ed.), Collabora GovOffice offers considerable cost savings compared to competing proprietary packages.

In addition, the forthcoming Collabora CloudSuite will extend Collabora GovOffice with internet and mobile access for viewing and editing documents, as well as online access in web browsers. IT managers will be able to deploy the cloud software locally, providing remote access to documents.

The deal covers both Collabora products and applies to all non-profit making government organisations, including those working on behalf of government, either directly or via outsourcing.
LibreOffice 5.1 – first bug hunting session announced

20/10/2015 Steve WoodsOpen Source, Open Standards, Tech

Writing on The Document Foundation blog, Italo Vignoli has announced that a bug hunting session will take place from 30th October to 1st November for LibreOffice 5.1, the next planned major release of this popular open source office productivity suite.

Over those 3 days, volunteers and members of the LibreOffice community will check the first alpha of LibreOffice 5.1 for bugs and flaws.

On those dates, mentors will be available on the QA IRC channel and via email on the QA mailing list from 08.00 a.m. UTC to 10.00 p.m. UTC to help less experienced volunteers to triage bugs.

People who cannot participate the bug hunting session are always welcome to help chasing bugs and regressions when they have time. There will be a later bug hunting session in December this year to test LibreOffice 5.1 Release Candidate 1.

Additional information on bug hunting is available on The Document Foundation wiki.
ODF is a “financial and social responsibility”

03/10/2015 Steve WoodsOpen Source, Open Standards, Politics, Tech

The Dutch government wants to accelerate the adoption of Open Document Format by the country’s public sector according to a press release by the government’s Standardisation Board.

On behalf of the government, the Standardisation Board is determined to speed up ODF’s adoption throughout the government.

This was one of the most important announcements made at the 11th ODF Plugfest held in The Hague, where a group of international developers, EU policy-makers, digital archivists, academics and other experts assembled to discuss the Open Document Format, an XML-based file format for spreadsheets, charts, presentations and word processing documents that was developed with the aim of providing an open, XML-based file format specification for office applications.

“In view of its extent, the public sector is an important stakeholder when a sound future for office applications is involved”, says Steven Luitjens, the director of Logius, the largest operational IT organisation within the Dutch government. “It is our financial and social responsibility to bring about an improvement. We are therefore increasing our efforts in the Netherlands. We want to play an important role in the huge transition from commercial productivity packages to better, bespoke solutions based on open standards which lies ahead of governments and the private sector.”

ODF is top priority

“The need to adopt ODF speaks for itself,” says Nico Westpalm van Hoorn, Chairman of the Standardisation Board, which is concerned with the choice of IT standards for the government. “However, the adoption is proceeding too slowly. ODF is therefore out top priority”.