tech

  • The Document Foundation seeks boost to LibreOffice developer numbers

    The Document Foundation has announced a new drive to increase its developer community beyond the level of 1,000 reached in October 2015.

    The growth of the LibreOffice developer community has been extraordinary, with a monthly average of over 16 new hackers contributing to the code since September 2010. This is due in the main to mentoring by the project’s founders. After five years and 1,000 new developers, though, the complexity has changed, and the project needs to invest on mentoring a new generation of coders.

    LibreOffice has always been available on multiple operating systems – Linux, Mac OSX and Windows – and is now on the verge of being available on multiple platforms: desktop, mobile and cloud. Consequently, the project needs a wider range of developer skills, which can be achieved only with a renewed effort targeted to attract new contributors.

    graph showing growth in LibreOffice developer numbers

    “When LibreOffice started, the codebase we inherited was known for being extremely hard to contribute to, for both technical reasons and a lack of mentors reaching out to new hackers,” says Bjoern Michaelsen, a member of LibreOffice engineering steering committee and a director of The Document Foundation. “Today, the LibreOffice project is known for its welcoming atmosphere, and for the fun. We strive to continue on this path for the next 1,000 code contributors.”

  • LibreOffice wins two awards

    PortalProgramas.com has announced that LibreOffice, the leading open source office productivity suite, has won 2 prizes in its 2015 awards for free software applications.

    essential for companies free software awardgreatest potential award

    The 2 categories in which LibreOffice won were:

    1. Esencial para empresas (essential for companies), because it covers all enterprise office automation needs without adding licensing costs;
    2. Mayor potencial de crecimiento (best growth potential); this was awarded because LibreOffice is regularly updated and is open to new features and applications.

    Other winners included GNU Health (most revolutionary), WordPress (essential for communication) and CyanogenMod (best for mobile).

    Congratulations to LibreOffice, The Document Foundation and all the other winners.

  • A World Without Linux – episode 4

    The Linux Foundation has released episode 4 of its A World Without Linux video series.

    Called “Avatar Reimagined”, this latest video sees characters Sam and Annie going to the pictures (as we used to call them when I was a lad. Ed.) to watch a film with really bad special effects to make the point that the effects in many blockbuster movies are made on Linux supercomputers.

    The Linux Foundation commissioned six episodes for the series, leaving one left before the final episode featuring Mr Linux Kernel himself, Linus Torvalds.

  • Trusty Tahr brought down by cat

    Ubuntu logoLinux distribution bug reports are not a place one expects to find stuff to make one smile: they’re normally places where the faults and failings of software are described in normally boring detail.

    However, today proved an exception to the rule, courtesy of one filed a short while ago for Ubuntu 14.04 LTS, codenamed “Trusty Tahr, which has just come to prominence.

    14.04, locked screen to go to lunch, upon return from lunch cat was sitting on keyboard, login screen was frozen & unresponsive.

    To replicate: In unity hit ctrl-alt-l, place keyboard on chair. Sit on keyboard.

    Resolution: Switched to virtual terminal, restarted lightdm, lost all open windows in X session.

    What should have happened: lightdm not becoming unresponsive.

    Ubuntu fans are now trying to reproduce this bug, including some who want to try and reproduce it with other pets, as per the latest comment on the bug report page reproduced below.

    will it also work with a small dog, please some one with a small size dogs test it!

    LightDM is the display manager running in Ubuntu. According to the Ubuntu Wiki, it starts the X servers, user sessions and greeter (login screen).

    What’s a tahr? Wikipedia informs us that tahrs form a family of three species of large Asian ungulates related to the wild goat. The three species are the Himalayan tahr, Nilgiri tahr and Arabian tahr.

    Finally, there are millions of pictures of cats and kittens all over the internet. Indeed, there’s even a Firefox add-on called Kitten Block that steps in whenever the user who has it installed attempts to access the right-wing Daily Mail and Daily Express websites. However, there are far fewer pictures of tahrs. Let’s remedy that with a fine picture of a male Himalayan tahr courtesy of Wikimedia Commons.

    male Himalayan tahr

    Hat tip: Softpedia

  • “Open source can liberate local authorities being held to ransom,” says Dutch MP

    Open source software is a good option for local authorities who are dissatisfied with the price and quality of their software, says Dutch Labour MP Astrid Oosenbrug. This former sysadmin believes open source and open standards can liberate local authorities from their current suppliers, who she maintains can have too much power over their customers.

    Situation “has been going on for years”

    It recently became apparent from an investigation by NRC and Reporter Radio that many local authorities feel they are being held hostage by their software suppliers who are making the most of a dysfunctional market with price increases. According to Oosenbrug, the situation “has been going on for years”. She has been campaigning for a long time for open standards and open source solutions, her greatest success being a parliamentary motion passed in April according to which the government would be obliged to give preference to open source in invitations to tender.

    More opportunity for open source

    From their dissatisfaction, Oosenbrug perceives that local authorities are seeking alternatives to their current software. Oosenbrug states: “The opportunities for open source are increasing and definitely now the government is giving it preference. Amongst local authorities we do find those where the councillors won’t interfere (with procurement choices. Ed.), but I’ve also sat in the council chamber myself. Not every intervention from The Hague is in itself bad or negative, but is on the contrary supportive.

    Open source good option for local authorities

    Astrid OosenbrugIn open source software the software’s source code is published and freely available to the public. The software can therefore be freely copied, adapted and distributed. Software standards between applications that work, services, systems and networks that work with each other can be inspected with open standards.”

    Oosenbrug views open source and open standards as a good choice for local authorities. “Software companies have a hold on them with their products. If there’s no agreement with price rises, they stop providing the services and local authorities get into quite a bit of trouble. With open source local authorities can be freed from the stranglehold. With open source, anyone can examine the software used and inspect the source code. In this way security holes and clumsy coding are quickly traced.” Users with expertise are also looking everywhere, on account of which the software remains up to date and inexpensive solutions can often be found,” declares Oosenbrug. “There is a safe environment in which ethical hackers for example can play a major role.”

    Open standards

    Local authority websites are regularly attacked and are sometimes as leaky as a sieve. Consequently, Oosenbrug is also advocating open standards in addition to open source. “Of the 360 local authorities, only thirty comply with accessibility standards. You can overcome these sorts of problems with open source and open standards.” Oosenbrug believes there should be a template for websites with which local authorities can comply with all standards. “The remainder of a website can then be completed according to the local authority’s own preferences.”

    Investment repays itself

    Open source and open standards mean a considerable investment, but Oosenbrug believes it’s one that is repaid. “The bid that works best wins invitations to tender. Everything is checked for price and quality by the users themselves. Local authorities are currently in the land of the blind where the one-eyed man is king and they must always pay more. Software is becoming safer and cheaper with open source. The government must not view open source as a punishment, but as an opportunity.”

    Municipality of Ede

    Several local authorities have made progress with open source. In this way the Municipality of Ede has been able to make appreciable savings. After the changeover, it has been spending ten times less for software licences than comparable local authorities. On account of this, total ICT expenditure has been one quarter less than previous years.

    Original Dutch source article: http://www.binnenlandsbestuur.nl/digitaal/nieuws/open-source-kan-gegijzelde-gemeenten-bevrijden.9500508.lynkx

    Originally posted on Bristol Wireless.

  • Windows NT 3.1 software crash brings Orly airport to standstill

    Last Saturday, Orly airport‘s air traffic was severely disrupted, leaving thousands of passengers stranded on the ground, Le Monde Informatique reports. The cause: a computer failure of the weather data management system running on Microsoft’s antediluvian Windows NT 3.1 operating system.

    Orly airport viewed from the airComputer system failures in the aeronautical world are nothing exceptional, but always have a far-reaching effect, stranding thousands of passengers on the ground. This is exactly what happened last Saturday at Orly which had to halt of all its inbound and outbound air traffic for more than half an hour. Besides the inconvenience caused, it’s above all the origin of the failure that is somewhat surprising. According to the French satirical paper Le Canard Enchaîné, it was a failure linked to the Decor (Diffusion des données d’Environnement de Contrôle d’Orly et de Roissy = Orly & Roissy Environmental Control data distribution) system managing data provided by Météo France that was the culprit.

    The surprising fact was this software is running on the Windows NT 3.1 operating system released by Microsoft 22 years ago, i.e. an operating system no longer supported at all by Redmond, with all the risks this involves in security terms, especially as it is connected to Météo France’s computer systems.

    “The traffic was not particularly heavy on Saturday morning. But imagine during the Paris Climate Change Conference, the manoeuvring of heads of state disrupted by a piece of software dating from prehistoric times. What will that look like?”, stated an engineer quoted by Le Canard Enchaîné. When contacted by the satirical paper, the Transport Ministry gave an assurance that “equipment modernisation is planned for 2017” (no need to rush, then! Ed.).

  • A world without Linux – episode 3: no social connections

    Although you may not realise it, Linux is the world’s largest collaborative project in the history of computing. It runs most of the world’s technology infrastructure and is supported by more developers and companies than any other operating system. In addition, it’s ubiquitous; it can be found in your phone, car and office. Besides that, it also powers the internet, the cloud, stock exchanges, supercomputers, embedded devices and more.

    The latest episode of the series tries to show us how hard it is to have social connections is a universe without Linux.

    Three more episodes of this Linux Foundation series are planned, with the final video featuring Linux kernel creator Linus Torvalds himself, according to Softpedia.

  • LibreOffice 5.0.3 “fresh” and LibreOffice 4.4.6 “still” released

    Away from the world of alpha versions and bug hunting sessions (posts passim), The Document Foundation yesterday announced the arrival of LibreOffice 5.0.3 “fresh”, the 4th release of the LibreOffice 5.0 family, and LibreOffice 4.4.6, the 7th release of the LibreOffice 4.4 family. Based on feedback from both users and the media, the LibreOffice 5.0 family is the most popular version of this free and open source office suite to date.

    LibreOffice 5.0.3 is more feature-rich and as such is aimed at power users and tech enthusiasts, whilst LibreOffice 4.4.6 is targeted to more conservative users and enterprise deployments as it has been in widespread use for a longer time and as such offers a better experience for document production.

    For security reasons it is recommended that all LibreOffice users update their software at least to LibreOffice 4.4.6.

    Both software packages include many fixes introduced since the previous versions which can be viewed here for 5.0.3 RC1 and 5.0.3 RC2 respectively and here for 4.4.6 RC1 and 4.4.6 RC3.

    Libreoffice download graphic

    Download LibreOffice

    Both new versions can be downloaded via the following links:

    Support

    When deploying LibreOffice in large organisations and for enterprise use, The Document Foundation strongly recommends the use of professional support by certified individuals.

  • LibreOffice 5.1 will be the fastest ever

    LibreOffice 5.1, the next release of the popular open source office suite, has officially entered the final stage of development with the release of the Alpha version, which has been released in time for the first Bug Hunting Session due to take place from Friday, 30th October to Sunday, 1st November (posts passim).

    LibreOffice 5.1 starts twice as fast as the previous version and, as well as the usual incremental interoperability improvements with MS Office file formats (including MS Office 2016), incorporates some useful new features, such as the Chart Sidebar to change settings in a more intuitive way, easier workflow with Google Drive, OneDrive and SharePoint, plus a Style Menu in Writer.

    LibreOffice 5

    The first LibreOffice 5.1 release candidate (RC) will be available in mid December, followed by second and third RCs in January 2016, with the release version becoming available in early February, just after FOSDEM 2016 (where LibreOffice developers will provide all the technical details about the new and improved software features).

    Over the last 12 months, around 300 developers have hacked the LibreOffice source code, providing over 19,000 commits, representing a weekly average of 375 commits.

    Download LibreOffice

    LibreOffice is available in 2 versions codenamed “fresh” and “still” for production use*.

    LibreOffice 5.0.2, the current “fresh” version, is available for download, whilst LibreOffice 4.4.5, the current “still” version, is likewise available for download.

    * Alpha and pre-release versions should only be used by technology experts or enthusiasts who don’t mind getting their fingers cut by bleeding edge software! Ed. 🙂

  • NTP updated to counter attacks

    NTP graphicIt’s that time of year again when summer daylight saving time has just ended in Europe and the developers of the NTP time synchronisation service are responding to a series of new attacks with an update, German IT news site heise reports. With these attacks communication between servers and clients can be manipulated so that the clients receive the incorrect time or no time at all.

    The reference implementation of the NTP time server service is now version 4.2.8p4, with which the developers have closed 13 security holes, including a series of vulnerabilities which four Boston University researchers describe in detail in a research paper (PDF). The researchers succeeded in finding several ways of attacking the time service, including preventing clients of the service from using it, also known as a Denial of Service (DoS) attack and providing them with the wrong time under certain circumstances.

    NTP is used to synchronise the local clocks of all kinds of computers via the network. Various providers make different servers available which a client can query for the current clock time. Nearly all modern operating systems adjust this unnoticed in the background. Nevertheless, there have been attacks in the past on software implementations of this system and on the NTP protocol itself.

    Kiss of death

    Two of the new attacks are characterised mainly by the fact that the attacker does not need to hook up to the connection between client and server as a “man in the middle“. Both kinds of DoS attack take advantage of the so-called “Kiss o’ Death” (KoD) packet to cripple communication between the client and server. The KoD packet tricks the client into thinking that a NTP server is very busy or overloaded and the client should send fewer queries.

    Attackers can now fake packets for all services which a client normally queries for its time; and do so in such a way that the client doesn’t update its internal clock for months or even years on end. The elegant thing about this hack is that the attacker only needs to send very few packets. In the second attack possibility described by the researchers the attacker must fake many client requests and thus force the server to silence the client with KoD packets. This also results in the client no longer updating its clock.

    Both holes (CVE-2015-7704 and CVE-2015-7705) have been plugged in the new version of NTP.

    Time shift

    With 2 further attack methods the researchers succeeded in foisting incorrect clock times on clients. Clients should normally ignore times which differ by more than 1,000 seconds from their system time – the so-called “Panic Threshold“. However, in many configurations this does not apply to NTP queries sent immediately after a reboot of the client. Their system times can therefore be manipulated almost at will if they can be forced to reboot. Cryptography operations can be gerrymandered or DoS attacks conducted on the software running on the client with such a manipulation.

    The intentional fragmentation of IPv4 packets can also be abused to confound a client’s time queries and foist an incorrect time on it. However, this method is very fiddly and the researchers did not want to test in the the wild since it uses the techniques of the decades-old Teardrop attacks and can crash old operating systems. This problem with overlapping TCP/IP packets is not a specific error of the NTP protocol, but of the underlying operating systems.

    Admins should patch NTP

    The Boston University researchers discovered the security holes on 20th August. Their paper has only been published now to give the NTP developers time to plug the holes. The researchers are recommending that admins running NTP servers update them as quickly as possible to version 4.3.8p4.

    Reposted from Bristol Wireless.

Posts navigation