Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Take advantage of Black Friday with 15% off sitewide with coupon code "BLACKFRIDAY" on Slashdot Deals (some exclusions apply)". ×

Comment Re:Apache Openoffice is "dormant"? (Score 1) 236

Recently I put in a bug report for AOO and after a few months they had a fix incorporated into a new release. It seems like there is still life there.

Link to bug ID? I question your value of 'recent' given there hasn't been an Apache OpenOffice release since August 2014 ...

Comment Re:OpenOffice vs LibreOffice (Score 1) 236

Local user arbitrary code execution when opening a specially crafted document (via the HWP filter, document can have any extension to disguise it a bit).

CVE disclosed in April 2015 with LibreOffice having a fix out the same month (within a week tops of disclosure) ...

Apache OpenOffice is still exploitable at the present time with 4.1.2 due to fix the bug (by removing the HWP filter entirely as opposed to fixing the filter) ... but they've been struggling to get this built and released for months at this point.

Comment Re:OpenOffice vs LibreOffice (Score 3, Informative) 236

I wrote about this on reddit only recently ... Link to the discussion there

Copied in full to here:

So back when Sun maintained OpenOffice.org and sold StarOffice they had a Contributor License Agreement that required handing over ownership of patches to them so they could sell the closed source supported suite and license out to IBM for Symphony.

To get around this bureaucracy and to not sign over ownership for patches most distributions used go-oo.org (aka ooo-build) that was the source code of OpenOffice.org with a bunch of patches on top to help compatibility with MS Office and some other things that Sun could or did not want in the upstream oo.org code.

When Oracle bought Sun they left oo.org languishing with no maintenance for months. This was naturally unacceptable to the various linux distros and they didn't want to be beholden to Oracle's whims (for good reason given the state of the various projects that used to be with Sun). Due to this they got together and formed The Document Foundation and took the go-oo.org code (which was basically what this group used and collaborated on anyway) and forked it to LibreOffice.

Fast forward some more time and Oracle decide they don't want anything to do with OpenOffice.org after all and essentially (with IBM's help ... presumably so there would be a sort of maintained base for Symphony) dumped it on the Apache Software Foundation. As per their requirements it went through an incubation process and all the code was relicensed to the Apache Public License. This was months after LibreOffice had been created and worked on and most consider it a pretty petty move rather than giving the brand to TDF to work with.

From that point on it's pretty much been IBM driving Apache OpenOffice (as they renamed oo.org to) although they appear to have stopped caring about it mid to end last year. The amount of development work on AOO is minimal compared to LO and the number of active committers is in the teens (at best) for AOO compared to the hundreds for LO.

Due to the way the licensing works out LO can merge in any fixes (there were some in the early days, not many now as can be seen in the CVE issue I mentioned) but AOO cannot merge in work from LO.

The last release of AOO was August 2014 and if you go look at the changelogs from 3.4 (the first AOO release as opposed to oo.org IIRC... mostly rebranding) up to the 4.1.1 then you'll see there's been minimal work - mostly translations. Anything developed/fixed in AOO is either merged into LO or improved/obsoleted by other work. Compare these to the release notes for each LO release from the forking point of 3.3 and it really is quite significant - the heavy work on clean up and better build systems for LO lower the barrier to entry for LO contribution by the common person too.

The proposed AOO release of 4.1.2 is going forwards at the moment - driven mostly by only a few people Apache OpenOffice Dev mail archives.

To give an idea how bad this has got the no-interaction code execution as privileges of user bug by a special HWP file was announced publicly last April. It was fixed in LibreOffice the same month and users would have had the update notification and been protected. Anyone using Apache OpenOffice is still vulnerable and although there was a disclosure on the security part of the AOO site at the time, the workaround was to 'delete .dll/.so' ... not a release with a fix and unless anyone actively went to check up on this they would not have known the issue.

To add to this (if it's not enough already) AOO can still only read and not write docx/xlsx/pptx (OOXML) files produced by MS Office whereas LibreOffice can write these as well... and LO fixes a lot of layout bugs in the translation of the formats.

Finally don't be confused by the version number jumps and think significant progress has been made in AOO compared to the ancient OpenOffice.org... There have only been a few actual releases in this time under the Apache umbrella ... compare this to the release schedule of LibreOffice.

Okay that ended up being a lot more history and writing than I was planning on - I hope you see why AOO is slowly dying and why anyone sane and following along with the history will be using LibreOffice instead if they care about performance, compatibility or security.... and if you made it this far you earned yourself a cookie ;)

Comment Re:MS Office will still reign supreme (Score 1) 164

The likelihood is that they have Software Assurance anyway so are covered for whatever version of MS Office they choose to run on whatever version of Windows they want to support.

If the IS staff deem an upgrade required there will be a time/people cost of sorts (although remember the staff will be employed doing X anyway so it's more a scheduling priority) but not an licensing upgrade cost.

Comment Re:Entire Article... (Score 2) 123

It genuinely was down at one point yesterday (around 7pm BST onwards... not sure when it was usable again).

I couldn't even log into the uplay website much less authenticate my game. Interestingly it was partially working as it would try to authenticate and then the uplay application would crash - I assume with some sort of null pointer error ... although I didn't bother to debug it.

Since I had already started it once earlier in the day though before uplay services took a nose dive disabling my network interface allowed me to start uplay in offline mode (I could then re-enable the interface after choosing offline) and play the game fine - just without the multiplayer features.

Submission + - Linksys/Belkin release WRT1900ac as followup to WRT54g but fall flat on promises

JImbob0i0 writes: Back in January Linksys/Belkin made a big deal about their new router and how they were working with OpenWRT. Fast forward to this week and they release it but their promises have fallen far short needing to apply patches (which don't apply cleanly) and compile yourself ... so long as you don't need wireless support. There has not been much response from Linksys on the mailing list to criticism of the improperly formatted patch dump and poor reviews as a result.

Comment Re:Odd... (Score 1) 186

One of the most interesting bits of the announcement for me is the deprecation (and future removal) of the SRPMS at ftp.redhat.com ...

Instead the sources will be provided directly at git.centos.org ...

That could have very interesting implications on SciLi/OEL...

Without life, Biology itself would be impossible.