Monthly Archives: October 2015

  • LibreOffice 5.1 will be the fastest ever

    LibreOffice 5.1, the next release of the popular open source office suite, has officially entered the final stage of development with the release of the Alpha version, which has been released in time for the first Bug Hunting Session due to take place from Friday, 30th October to Sunday, 1st November (posts passim).

    LibreOffice 5.1 starts twice as fast as the previous version and, as well as the usual incremental interoperability improvements with MS Office file formats (including MS Office 2016), incorporates some useful new features, such as the Chart Sidebar to change settings in a more intuitive way, easier workflow with Google Drive, OneDrive and SharePoint, plus a Style Menu in Writer.

    LibreOffice 5

    The first LibreOffice 5.1 release candidate (RC) will be available in mid December, followed by second and third RCs in January 2016, with the release version becoming available in early February, just after FOSDEM 2016 (where LibreOffice developers will provide all the technical details about the new and improved software features).

    Over the last 12 months, around 300 developers have hacked the LibreOffice source code, providing over 19,000 commits, representing a weekly average of 375 commits.

    Download LibreOffice

    LibreOffice is available in 2 versions codenamed “fresh” and “still” for production use*.

    LibreOffice 5.0.2, the current “fresh” version, is available for download, whilst LibreOffice 4.4.5, the current “still” version, is likewise available for download.

    * Alpha and pre-release versions should only be used by technology experts or enthusiasts who don’t mind getting their fingers cut by bleeding edge software! Ed. 🙂

  • Leaping salmon

    Wikipedia informs us that the Atlantic salmon (Salmo salar) is found in the northern Atlantic Ocean and in rivers that flow into the north Atlantic.

    The salmon’s journey through life from fresh to salt water and back to fresh is not just an aquatic journey, but a terminological one too, as shall be shown.

    The salmon spend their early life in fresh water, when the immature salmon are known firstly as alevin, then as fry and finally as parr, this final stage being when the juvenile salmon prepare to migrate to salt water.

    When the parr develop into smolt, they begin their trip to the ocean; this occurs mainly between March and June. The length of time that young salmon take before journeying from sweet to salt water can vary between one year and eight years.

    Once large enough, Atlantic salmon change into the grilse phase, when they become ready to breed and return to the same freshwater tributary from which they departed as smolts. It is believed that the salmon’s navigation for this journey involves a combination of magnetoception and the fish’s sense of smell as it nears its destination.

    This return from salt to fresh water occurs from September to November, the time of the salmon run. After spawning most Atlantic salmon die and the salmon life cycle starts over again.

    Many obstacles – some natural, some artificial – face salmon as they migrate upstream to their spawning grounds. One of these is formed by Shrewsbury Weir on the River Severn, the UK’s longest river.

    This year jettybox.com was on hand to record the salmon run over the weir; and do so in slow motion, which adds a poignant beauty to this annual spectacle.

  • NTP updated to counter attacks

    NTP graphicIt’s that time of year again when summer daylight saving time has just ended in Europe and the developers of the NTP time synchronisation service are responding to a series of new attacks with an update, German IT news site heise reports. With these attacks communication between servers and clients can be manipulated so that the clients receive the incorrect time or no time at all.

    The reference implementation of the NTP time server service is now version 4.2.8p4, with which the developers have closed 13 security holes, including a series of vulnerabilities which four Boston University researchers describe in detail in a research paper (PDF). The researchers succeeded in finding several ways of attacking the time service, including preventing clients of the service from using it, also known as a Denial of Service (DoS) attack and providing them with the wrong time under certain circumstances.

    NTP is used to synchronise the local clocks of all kinds of computers via the network. Various providers make different servers available which a client can query for the current clock time. Nearly all modern operating systems adjust this unnoticed in the background. Nevertheless, there have been attacks in the past on software implementations of this system and on the NTP protocol itself.

    Kiss of death

    Two of the new attacks are characterised mainly by the fact that the attacker does not need to hook up to the connection between client and server as a “man in the middle“. Both kinds of DoS attack take advantage of the so-called “Kiss o’ Death” (KoD) packet to cripple communication between the client and server. The KoD packet tricks the client into thinking that a NTP server is very busy or overloaded and the client should send fewer queries.

    Attackers can now fake packets for all services which a client normally queries for its time; and do so in such a way that the client doesn’t update its internal clock for months or even years on end. The elegant thing about this hack is that the attacker only needs to send very few packets. In the second attack possibility described by the researchers the attacker must fake many client requests and thus force the server to silence the client with KoD packets. This also results in the client no longer updating its clock.

    Both holes (CVE-2015-7704 and CVE-2015-7705) have been plugged in the new version of NTP.

    Time shift

    With 2 further attack methods the researchers succeeded in foisting incorrect clock times on clients. Clients should normally ignore times which differ by more than 1,000 seconds from their system time – the so-called “Panic Threshold“. However, in many configurations this does not apply to NTP queries sent immediately after a reboot of the client. Their system times can therefore be manipulated almost at will if they can be forced to reboot. Cryptography operations can be gerrymandered or DoS attacks conducted on the software running on the client with such a manipulation.

    The intentional fragmentation of IPv4 packets can also be abused to confound a client’s time queries and foist an incorrect time on it. However, this method is very fiddly and the researchers did not want to test in the the wild since it uses the techniques of the decades-old Teardrop attacks and can crash old operating systems. This problem with overlapping TCP/IP packets is not a specific error of the NTP protocol, but of the underlying operating systems.

    Admins should patch NTP

    The Boston University researchers discovered the security holes on 20th August. Their paper has only been published now to give the NTP developers time to plug the holes. The researchers are recommending that admins running NTP servers update them as quickly as possible to version 4.3.8p4.

    Reposted from Bristol Wireless.

  • Translator tampered with meeting minutes

    image of a footballIt’s been an open secret for many years that FIFA – the international governing body for football – has been as reliable as a nine pound note.

    Following the departure from its HQ building by disgraced president Sepp Blatter, further details of malpractice in FIFA’s governance are now coming to light.

    Yesterday’s Daily Mail reported some of this fall-out under the headline “FIFA translator: I was told several times to doctor records of ExCo meetings“.

    According to the Mail, FIFA are investigating claims that a junior member of staff was told to falsify official records of FIFA’s meetings of its Executive Committee (ExCo) between 2001 and 2010.

    Former FIFA employee Scott Burnett first worked as a translator and then as an assistant to FIFA Secretary General Jerome Valcke, who like Blatter, is currently suspended.

    Mr Burnett dropped his bombshell via 3 tweets, as follows.

    Tweet no. 1:

    I wrote the minutes of FIFA ExCo meetings from 2001 to 2010. During that period, I was instructed several times to misrepresent discussions.

    Tweet no. 2:

    The instructions to misrepresent meetings came from the President’s office among others.

    Tweet no. 3:

    I did not share this information before because I was concerned about the repercussions and I did not know who to trust within FIFA circles.

    We linguists – irrespective of whether we work as translators or interpreters or both – deal regularly with privileged and confidential information. This is why I rarely discuss the content of my work in public. As such, I have great sympathy for Mr Burnett since being told to falsify records must clearly have conflicted with that inbuilt sense of integrity which all linguists need to do their jobs.

    Mr Burnett is no longer employed by FIFA and currently volunteers to support grassroots football.

  • Chronological capers

    At 2.00 a.m. this morning British Summer Time (BST) came to an end, the clocks were turned back one hour and the UK reverted to Greenwich Mean Time (GMT) and evenings that get dark earlier.

    This for me marks the gloomiest time of year – at least until we’re over the winter solstice and the day of least daylight!

    However, the changing of the clocks is a major job for some. For instance, for the curators of the Palace of Westminster’s Great Clock (which bongs Big Ben. Ed.), the process involves careful precision and split-second timing. As well as re-setting the time, it gives them an opportunity to make close inspection of the clock mechanism as part of a rolling maintenance programme. The process is described in detail on the UK Parliament website.

    On a lighter note, the Stonehenge Twitter account decided to have some fun with the change, as shown by the following screenshot.

    Stonehenge UK tweet with image showing scientists repositioning the stones for the end of BST

  • Alliterative Linux

    The Ubuntu Linux distribution is well known for its use of alliteration in the naming its releases.

    This convention dates back to the release of version 5.04 which bore the name “Hoary Hedgehog“.

    The latest in the series has just been announced: Softpedia reported yesterday that Ubuntu 16.04 LTS will be named Xenial Xerus.

    What’s a Xerus and how is it xenial?

    a family group of xerus inaurisWikipedia informs us that the genus Xerus is better known as African ground squirrels. These squirrels form a taxon of squirrels under the subfamily Xerinae and are only found in Africa. A family group of 3 Xerus inauris or Cape Ground Squirrel is shown to the left of this paragraph.

    There are four species of African ground squirrels divided into three subgenera.

    The subgenus Euxerus is made up of the Striped Ground Squirrel, Xerus erythropus, which lives in south-western Morocco, southern Mauritania and Senegal.

    The subgenus Geosciurus consists of 2 species:

    1. Cape Ground Squirrel, Xerus inauris (also called South African Ground Squirrel), native to Namibia, Botswana, Zimbabwe, South Africa; and
    2. Damara Ground Squirrel, Xerus princeps, native to south-western Angola and Namibia.

    The subgenus Xerus also consists of just one species, the Unstriped Ground Squirrel, Xerus rutilus, whose home range is from north-eastern Sudan to north-eastern Tanzania.

    As for xenial, that’s a great word whose definition is:

    1. Hospitable, especially to visiting strangers or foreigners.
    2. Of the relation between a host and guest; friendly.

    In addition, Dictionary.com informs us that the word originates from the Greek xenía, meaning hospitality.

    However, if you want your computing to be powered by a hospitable African ground squirrel, you’ll have to wait until next April!

  • UK government to switch to open source office suite

    A new deal announced today between the Crown Commercial Service and open source consultants Collabora will provide public sector organisations with savings on GovOffice, an open source office suite based on LibreOffice.

    Collabora GovOffice is is compatible with both Google Docs and Microsoft Office (including the cloud version Office 365) and includes comprehensive support for the latest version of Open Document Format, which is recommended by the Cabinet Office for use by government organisations.

    With a familiar interface for creating documents, spreadsheets, presentations and more (none of that ribbon nonsense. Ed.), Collabora GovOffice offers considerable cost savings compared to competing proprietary packages.

    GovOffice screenshot

    In addition, the forthcoming Collabora CloudSuite will extend Collabora GovOffice with internet and mobile access for viewing and editing documents, as well as online access in web browsers. IT managers will be able to deploy the cloud software locally, providing remote access to documents.

    The deal covers both Collabora products and applies to all non-profit making government organisations, including those working on behalf of government, either directly or via outsourcing.

  • LibreOffice 5.1 – first bug hunting session announced

    Writing on The Document Foundation blog, Italo Vignoli has announced that a bug hunting session will take place from 30th October to 1st November for LibreOffice 5.1, the next planned major release of this popular open source office productivity suite.

    LibreOffice 5

    Over those 3 days, volunteers and members of the LibreOffice community will check the first alpha of LibreOffice 5.1 for bugs and flaws.

    On those dates, mentors will be available on the QA IRC channel and via email on the QA mailing list from 08.00 a.m. UTC to 10.00 p.m. UTC to help less experienced volunteers to triage bugs.

    People who cannot participate the bug hunting session are always welcome to help chasing bugs and regressions when they have time. There will be a later bug hunting session in December this year to test LibreOffice 5.1 Release Candidate 1.

    Additional information on bug hunting is available on The Document Foundation wiki.

  • How long can you frown?

    Up Our Street has produced a film in conjunction with Bristol’s Telling Tales Films about being an active citizen.

    Most active citizens become active after frowning and tut-tutting about problems in their communities, but there’s only so much scowling and muttering that can be done: action ultimately needs to be taken; and that starts with a smile. These East Bristol residents tell you how.

    Up Our Street has also produced an active citizenship toolkit. To get one please give them a ring on 0117 954 2834.

  • Next local litter pick announced

    image of litter pickerMore details have now been received of the forthcoming community litter pick (posts passim).

    As previously announced the time and date will be 11.00 a.m. on Saturday 7th November and the meeting point shall be outside Masala Bazaar, 382-386 Stapleton Road, Bristol BS5 6NQ (map).

    Up Our Street have organised this litter pick with local PCSOs and members of the local community are invited to come along and help to tidy up behind The Coach House pub.

    Participants are asked to wear suitable clothing and footwear. This litter pick is not suitable for children due to the nature of the litter, which may involve sex and drugs litter.

    For further information, please email community (at) eastonandlawrencehill.org.uk.

Posts navigation