09.28.10

Microsoft Claims Credit for Failing in Security

Posted in Microsoft, Security, Windows at 7:37 am by Dr. Roy Schestowitz

Summary: Latest security issues and systematic deception, mostly from Microsoft and its various boosters across the Web (giving credit to Microsoft after Microsoft messed up)

Gratis as in Lock-in

A FEW days ago we wrote about Microsoft's attempt at disconnecting the air supply from third-party AV vendors, at least in small businesses. This would only decrease security due to monoculture, decreased competition, and lack of incentive to improve. The funny thing here is that Microsoft sells a vulnerable operating system and then claims to be distributing “free of charge” (only to some people) what ought to have been a characteristic of the operating system, not an add-on. The spinners from Seattle call it a “free” anti-virus software and what’s meant by free is not freedom. It’s free as in gratis, with lock-in. It decreases one’s personal freedom and also impedes freedom of choice. A better headline than “Free Anti-Virus Protection Spurs More Robust Options” would be “Free-of-charge Anti-Virus Pseudo-protection Depresses More Robust Options”.

Watch the Indian press turning the whole thing into Vista 7 promotion: “IT major Microsoft has launched a campaign to help computer users identify threats to their systems and how their networks can be made secure using Original Windows 7 that now comes with the advantage of Microsoft Security Essentials.”

So Microsoft wants to dump Security Essentials on the market (as expected by many people all along) and already we learn that “Scareware Apes Microsoft Security Essentials”. Microsoft has always performed very poorly among the security products already available and well established. “Anti-virus systems get tested” says The Inquirer which gives the following details:

A NUMBER of the most common anti-virus security systems have had a beady eye passed over their effectiveness and fitness for purpose in an assessment.

The study, which was carried out by the Austrian AV Comparatives group, looked at twenty products from the main providers that volunteered to take part.

We do not know who if anyone refused, but AV Comparatives said that it had limited test subjects to no more than twenty and required that participants adhered to its undisclosed criteria.

“Over half of all apps have security holes,” claims Veracode (which we mentioned in [1, 2]).

More than half of all software applications failed to meet an acceptable level of security, according to a study based on real-world code audits by application security firm Veracode.

Around 57 per cent of applications failed to pass muster when first submitted to Veracode’s cloud-based testing service. A similar 56 per cent of finance-related applications failed first testing by Veracode’s security audit. The quality of the code used in many business-critical banking and insurance operations was simply not up to snuff.

ASP.NET Under Attack, Spin

In security news, the other major issue last week was the Microsoft ASP.NET vulnerability, which we wrote about in [1, 2, 3, 4].

“Is this really praise-worthy, especially when someone responds to flaws which the same someone is responsible for?”The ASP.NET problem alarmed Microsoft a great deal and the PR spin strives to make Microsoft be seen as responsive. An advisory was quickly issued [1, 2, 3] because of bad publicity and because it was already being exploited (a demo existed). There is only a temporary fix, not a permanent one. There are third-party fixes.

So, once again Microsoft pays attention to flaws a tad too late and then scrambles to limit damage it could probably prevent. Is this really praise-worthy, especially when someone responds to flaws which the same someone is responsible for?

Just like in the case of Russian spin [1, 2], Microsoft is trying to make itself look like the saviour rather than the problem. Lee Pender of the Microsoft boosters is trying to make Microsoft look good by painting it as responsive and responsible. To quote: “Well, late last week, we got an update from a Microsoft spokesperson who wanted to tell us that Microsoft hasn’t just buried its head in the sand on Stuxnet.”

We wrote about Stuxnet in [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14].

Microsoft-Police

Over in Australia, Microsoft is involving the police right now (funded by taxpayers) [1, 2, 3, 5]. It’s about a computer scam that affects Microsoft.

Twitter and Fog Computing

The other day we wrote about the major problem Twitter.com was having. Half a million Twitter users are said to be affected by a Twitter worm and Slashdot discusses the matter before and after the patching. Here are “the names and faces behind the ‘onMouseOver’ Twitter worm attack”. It’s one of those risks of Fog Computing. Even a teenager turns out to have been smart enough to do it.

But later, some mischievous users of the site started using the exploit to make people “retweet” infected messages (when they hovered over a tweet with the code inserted) that they had not authorised.

The guy is Australian, so will the police get involved? Or does the Australian police get involved only to help Microsoft? █

Permalink Leave Your Comment      Send this to a friend

Windows Insecurity Becomes a Political Issue

Posted in America, Asia, GNU/Linux, Microsoft, Security, Windows at 6:10 am by Dr. Roy Schestowitz

Summary: As wiretapping gets an upper hand in the United States and Iran’s computing facilities (about 30,000 machines with Windows) come under attack, questions are asked about GNU/Linux as a true need

“Chinese Internet espionage against human rights activists and journalists” reveals this new article on which Glyn Moody commented by saying: “Windows-based, it seems” (it may seem related to the latest incidents reported in Russia [1, 2]).

As the world becomes increasingly connected and increasingly digital, the choice of technology matters a lot to politics, including foreign affairs. Last week we wrote about Stuxnet [1, 2, 3, 4, 5, 6, 7, 8, 9, 10], which some people suspect was targeting Iran specifically [1, 2, 3] and was designed for this purpose. Security guru Bruce Schneier does not believe that this is the case. Some days ago he wrote: “The article speculates that the target is Iran’s Bushehr nuclear power plant, but there’s not much in the way of actual evidence to support that.”

“Had it only affected Solaris or GNU/Linux, then surely the press would point this out, so it’s just not fair that Microsoft gets a free pass.”Whether Iran was targeted or not, it sure was among those affected. Glyn Moody says in relation to this article about Iran, “30K Windows PCs: might be time to look at GNU/Linux, eh?”

The cyber-attack on Iranian facilities is also covered in the British press [1, 2] and in Slashdot. The MSBBC doesn’t mention Windows at all, even though it’s exclusively a Windows issue. Had it only affected Solaris or GNU/Linux, then surely the press would point this out, so it’s just not fair that Microsoft gets a free pass.

IT Pro (UK) wonders if Stuxnet is “[t]he most serious threat yet”

Stuxnet is something unique, however. It has been causing something of a stir in the security community since it was first spotted by a small company from Belarus named VirusBlokAda.

When Microsoft put out an alert over the virus in July, Stuxnet quickly moved from being a relative unknown to something serious.

Then earlier this month, Stuxnet was observed doing something unprecedented: exploiting four zero-day vulnerabilities at once. It is this advanced capability that has caused such a commotion.

Now that full wiretapping is a hot subject in the United States (read the new article “Surveillance does not make us safe”), one has to wonder if new legislation is needed. When everyone can access almost everyone else’s (Windows) computer, surveillance down the wire is no longer a strict requirement. The Hill says that the “NSA chief envisions ‘secure zone’ on Internet to guard against attacks”.

The Pentagon official in charge of the military’s cyber unit on Thursday said the government should create a “secure zone” for federal agencies and critical private sector industries to protect them from potential attacks.

General Keith Alexander, who heads the U.S. Cyber Command, told reporters a network sectioned off from the rest of the Internet is probably inevitable for systems crucial to national security.

How about just taking Richard A. Clarke's advice and moving off Windows? █

Permalink Leave Your Comment      Send this to a friend

Microsoft DRM Makes More Windows Botnets, Adds No Security

Posted in DRM, Microsoft, Security, Windows at 5:19 am by Dr. Roy Schestowitz

Summary: New exploit takes advantage of Microsoft DRM (remotely-exploitable vulnerabilities), Engadget reviles DRM

Exploit-db.com has this new entry titled “Microsoft DRM Technology (msnetobj.dll) ActiveX Multiple Remote Vulnerabilities”

“Sort of what the FSF was saying back in the day MS released Vista with its flood of DRM embedded in it,” remarked Chips B. Malroy on it. Here is what boingboing.net had to say about it:

Microsoft’s DRM makes your computer vulnerable to attack

The msnetobj.dll library is an ActiveX control used by Microsoft’s DRM; it is intended to prevent the owner of a computer from saving or viewing certain files except under limited circumstances, and to prevent the computer’s owner from disabling it or interfering with it.

“DRM Library From Microsoft Opens Your Computer to Attacks,” said IDG a few days later, citing boingboing.net.

“The msnetobj.dll library, an ActiveX Network Object, is no exception: according to BoingBoing, msnetobj.dll “is intended to prevent the owner of a computer from saving or viewing certain files except under limited circumstances, and to prevent the computer’s owner from disabling” the library.

“Aside from mandating what sort of files you can and can’t open on your computer, msnetobj.dll is susceptible to three different types of attacks: denial of service, buffer overflow, and integer overflow. Exploit Database notes that “this issue is triggered when an attacker convinces a victim user to visit a malicious website” and that a hacker could then exploit these holes to run malicious code on your system.”

An Engadget editor goes against DRM (very publicly in fact) some time during the weekend. Who can possibly blame him?

It’s been said so many times, but I just got stung hard by the DRM bug, and since there’s a “Senior Associate Editor” next to my name somewhere I get to complain about it. Now, if you’re a regular consumer with a modicum of common sense, nothing I’m going to say here will come as a surprise or revelation. You’re welcome to come along for the ride, but I’m pointing my quivering pen today at the media execs and their willing technologist accomplices that have the nerve in 2010 to enforce HDCP and other completely inane DRM and copy protection schemes to “protect” their content from theft…

The genesis of DRM and its conception was partly rooted in Bill Gates about a decade ago. It wasn’t until Vista that they made it part of Windows (Vista 7 has that too). █

“[Vista DRM] seems a bit like breaking the legs of Olympic athletes and then rating them based on how fast they can hobble on crutches.“

–Peter Gutmann

Permalink Leave Your Comment      Send this to a friend

Novell News Roundup: GroupLink, Bahrain’s MOSD, Messaging Architects, SAP, and Training in India

Posted in Asia, Novell, Virtualisation at 4:58 am by Dr. Roy Schestowitz

Summary: An overview on Novell activity, intended to spare overemphasis on unimportant matters

ZENworks

• GroupLink Announces the Novell ZENworks 10 Integrated Service Desk

GroupLink Corporation, the leader in help desk, service desk, incident management and CRM solutions for Novell environments, announces the only Novell ZENworks 10 integrated service desk, everything HelpDesk. The ZENworks 10 integration adds to the current integration points of GroupWise or Exchange, eDirectory or Active Directory (LDAP), and Linux (OES2/SLES10) or Windows.

• GroupLink unveils new integrated service desk

GroupLink, a provider of help desk, service desk, incident management and CRM offerings for Novell environments, has unveiled Novell ZENworks 10 integrated service desk, an everything HelpDesk.

Virtualisation

• Small shops try virtualization for disaster recovery recovery

Gregory Rosenberg, the CEO of Red Hat value-added reseller RICIS Inc., says his smaller clients use Novell’s open source tool SUSE Studio, a kit for preconfiguring and packaging virtual machines.

• Novell PlateSpin Orchestrate Graph Rendering Component Vulnerability

• Bahrain Ministry of Social Development adopts Novell technology, reduces IT support workload by up to 60 per cent (also here)

Bahrain’s Ministry of Social Development (MOSD) has recently implemented the Novell Open Enterprise solution, which has resulted in a more stable, secure, flexible and cost-efficient IT infrastructure, while helping reduce up to 60 per cent of the Ministry’s IT support workload. Novell, the leader in Intelligent Workload Management (IWM), has likewise helped MOSD successfully streamline and automate user and desktop management within its offices, keeping skilled technicians free to focus on more important tasks.

Messaging Architects

• Messaging Architects: The Future of Novell – Better Informed Speculation

Messaging Architects: “Messaging Architects webinar to feature former Novell Canada chief Don Chapman” (page removed)

Analysis

• The Future of Novell — Better Informed Speculation: Don Chapman, Former President of Novell Canada Speaks at a Live Webinar

Mr. Chapman will discuss the decisions that led up to the current situation and what elements can be considered as almost inevitable in the short term. He will present his views on what this will probably mean for Novell clients and partners, and the options they should be considering. Time will be provided for questions.

Don Chapman served as President of Novell Canada for 11 years and is currently Advisor to Institutional Investors that track Novell.

SAP

• Novell and SAP Collaborate to Optimize Customers’ SUSE Linux-Based SAP® Application Deployments – press release (also here)

• Novell and SAP team up to make SLES for SAP

Excerpt: “Novell and SAP have released a specialised version of SUSE Linux Enterprise Server, SLES for SAP Applications. Designed to ease deployment issues and reduce installation time and costs, SLES for SAP offers – an unattended installation framework to seamlessly load SAP applications onto the operating system, clustering support and a stack validated by SAP and Novell. SAP says it is committed to delivering support for its proprietary software on open source based platforms.”

• Novell, SAP Buddy Up On SUSE Linux-based SAP Apps

• Novell and SAP in Linux application alliance

• Partnership extends SAP data management to Novell users

• Novell Launches SUSE Linux for SAP

• Novell Releases SUSE Linux Optimised For SAP

• Novell Debuts Linux OS for SAP Apps

Well, this whole relationship is generally not new.

SUSE

• 2 Universities Deploy High-Density Rack Servers for Research Computing

Excerpt: “The PowerEdge C6100 is a high-density rack server with low energy requirements. It runs Intel Xeon 5600 processors running Novell or Red Hat Linux and can accommodate up to 96 GB of memory. Each node in the unit can be serviced separately from the others.

• HP tunes blades for Oracle apps

Excerpt: “Novell’s SUSE Linux Enterprise Server has not been certified on this Matrix for PeopleSoft setup because, as Crowsen puts it, no one has asked for it yet.”

• Novell: Why we don’t need a third Linux distro (relates to two SUSE items we covered before [1, 2], now we have other critiques)

Training (Novell India)

This is not belated news as we suspected last week, but it’s about India and it comes via India PRwire/Novell India.

• Novell announces new SUSE Linux Certification Programs in association with Leading Institutes and Training Partners

Excerpt: “Novell India announced their new SUSE Linux Certification Programme in conjunction with leading academic institutes and training partners.”

A Novell-certified blind woman makes the Canadian news [1, 2].

LDS

• New website aims to link LDS businesspeople

Excerpt: “A self-described social-networking junkie has launched a new website designed to help Mormons and others with similar business interests meet online.

“David Bradford, chairman and former chief executive of Fusion-io and a former Novell executive, is creator of LDS.biz, which formally debuted Tuesday but has been quietly attracting followers for several weeks.”

• LDS.Biz Launches Social Networking Site

The site was started by David Bradford, who was the former CEO of solid state disk drive firm Fusion-io, and also has been an executive at Novell.

Misc.

• Pay me now or Pay me later (John Dragoon speaks favourably about the marketing needs)

The bottom line is that, while Hurd was able to achieve some short-term goals by cutting the R&D budget at HP, the company now has to make up the loss by essentially buying innovation and they are paying top dollar. Alternative innovation investment strategies are also an interesting commentary on make versus buy and how critical innovation is as a core competence of technology companies.

Being a marketeer, I brought this back to marketing. Many organizations think that they can save money by draconian cuts to the marketing budget and, frankly, in the short term they can save money in this way. But at what cost?

• Running The Data Center

Excerpt: “Benjamin Grubin, director of solutions at Novell (www.novell.com), says containerization, virtualization, and cloud computing are three related technologies. Containerization, or the use of densely packed, highly standardized computing resources in modular containers, can potentially accelerate the shift to standardized pools of resources, Grubin says. These pools can be divided among various shifting computing duties.”

• Excom unsecured creditors owed $2.14m

Among the listed creditors are Excom in Australia, Google, Microsoft in Singapore, Novell and VMware International. The liquidators report notes these creditors may not have filed a claim in the liquidation.

Permalink Leave Your Comment      Send this to a friend

Fog Computing Focus at Novell

Posted in Free/Libre Software, Novell, Servers at 4:13 am by Dr. Roy Schestowitz

Summary: Novell drifts further away from Free software and deeper into the foggy realms of ‘cloud’ computing, which may suit an acquisition by a virtualisation company rather well

Novell has been redefining its focus recently. It positions itself as a Fog Computing (‘cloud’) company and it truly shows. This may also suit a buyer like VM_Bware, which is all about virtualisation at its core. “A Key to Unlocking the Cloud” is a new article which is an interview with Novell about Fog Computing. From the introduction: “Arthur Cole spoke with John Stetic, vice president of product management, Novell. Cloud lock-in is such a concern among enterprises that whenever a company like Novell releases a system said to traverse multiple platforms, we take notice. Stetic explains how the new Cloud Manager crosses the barriers between virtual and cloud platforms and helps tighten resource allocation in the bargain.”

“New Product News” is another fresh item which contains the following: “Novell Inc. announced the release of Novell Cloud Manager, a new solution that enables users to create and manage cloud computing options. Novell Cloud Manager automatically creates and deploys workloads into the virtual environment based on pre-defined workload templates, as well as allows users to create and manage private clouds on all leading hypervisors, operating systems and operating platforms.”

Oddly enough, Novell also spreads some fear of Fog Computing, as means of selling products for it:

Cloud is a delight for hackers, says Novell

[...]

An identity-infused enterprise, which would see a user’s profile monitored by every IT system they interface with in real time, is one way of tackling cloud security problems, according to Brian Singer, senior solutions marketing manager for security management at Novell.

ITWeb says that “Novell releases cloud manager” and LNLP is covering this timely product (about 5 minutes from the start: “Novell punts cloud control tool, Fact or Fiction?”).

There is also this new video to accompany the product:

Over at Novell’s PR blog, looking at the past 2 weeks’ items, we find just proprietary software in all cases pretty much (nearly everything), sometimes with Fog Computing spin and selective promotion
for the CEO. There is also one press release for proprietary software. Those who still call Novell an “open source” company are simply not paying attention to its recent activities and announcements. █

Permalink Leave Your Comment      Send this to a friend

Update on Novell and SCO Asset Sales

Posted in NetWare, Novell, SCO, SLES/SLED, UNIX at 3:23 am by Dr. Roy Schestowitz

The SCO-Novell case is at stake as both companies look to alter ownerships

Summary: No buyer is found for SCO’s software assets (at least not just yet) and Novell keeps exploring more acquisition options

THERE has not been much news regarding the Novell sale and the SCO asset sale [1, 2, 3, 4]. What we do know, however, is that a buyer has not been found by SCO yet (there are speculations) and SCO is not reorganising just yet.

Finally, SCO filed its MORs for July. Is anybody noticing they don’t seem to be reorganizing?

Scott Ruecker wrote this nice summary last week and it seems like a good fit:

It seems that the SCO trial has finally come to an end but even in the settling of the dust the lawyers can’t stop filing motions. The Oracle-Sun deal looks to be the next long term big story in FOSS I believe. The possible implications for FOSS with Oracle now owning one of the most extensive technology patent portfolios outside of IBM mean that there are more exciting times ahead, if that is what you want to call it.

All the while Microsoft still puts out tasty pieces of FUD every so often and I have come to find it reassuring in its consistency.

That’s the part which Novell helped initiate. It backfired and Novell is left in the street. It is now being claimed that Novell has trouble selling just SUSE because it would leave the rest somewhat orphaned. As one site put it, “The trouble is Netware and other legacy properties that made Novell a force to be reckoned with in the days before Microsoft taught Windows how to network. It appears that Novell doesn’t want to sell SUSE unless Netware and identity management divisions are included in the deal at a premium price. Or else, they don’t want to sell SUSE unless they sell Netware first, at a premium price. Either way, they evidently want a lot of bucks for Netware. More that anyone seems to be willing to pay.” This is also covered in [1, 2, 3] and as Pogson puts it:

From my point of view, Suse Linux will be sold with or without the other baggage (except the identity stuff which will be important for a while) but the dealing and the price eventually agreed will indicate the value some serious players give in their assessment of the future of GNU/Linux. There is no need to buy Suse unless you figure they have a foot in the door and you want to ride it when the door opens.

As people who depend on Novell wait and watch Novell’s next steps [1, 2, 3], most Novell news is financial news about Novell’s sharp movements in the stock market [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23].

At the end of last week it was reported that “Novell shares fall on report of auction delay” and “Novell Falls Nearly 7%”. As Novell sales fall, the longer it waits, the less valuable it will be. UNIX needs to receive a trustworthy new steward like IBM. █

Permalink Leave Your Comment      Send this to a friend

Novell Sales Are Hurt by VM_Bware Plan to Acquire SUSE

Posted in Novell, SLES/SLED, VMware at 2:42 am by Dr. Roy Schestowitz

Summary: Sales of products from Novell/SUSE are depressed by expectations of a takeover

NOVELL was recently seen slamming Oracle Linux. Oracle just wants a lot of control, which is why OpenOffice.org gets forked for example.

Left out from Novell’s blog post, however, was a statement about Novell’s relatively low share in the GNU/Linux market. As The VAR Guy put it in his post “Memo From Novell to Oracle: No Oracle Linux Needed”:

Applebaum certainly has a point: When it comes to business-centric Linux, Red Hat and Novell seem to dominate the market. But Applebaum doesn’t take the time to disclose individual market share numbers for Red Hat and Novell. Hmmm…

While Red Hat continues to grow organically, some Novell customers are delaying purchases because of Novell’s unclear ownership status. Novell’s board reportedly has been trying to sell the company off — perhaps in two parts — but the potential deals apparently hit a snag amid unclear valuations for Novell’s legacy businesses.

It may seem amusing that Novell was trying to limit choice, but either way, the interesting part to be taken from the above is that “some Novell customers are delaying purchases because of Novell’s unclear ownership status.” That’s just to be expected. In the next post we are going to address this subject. Novell was down 7% after acquisition worries/hesitation. █

Permalink Leave Your Comment      Send this to a friend

LibreOffice is Launched, Offering Independence from Oracle

Posted in Fork, GNOME, GNU/Linux, Google, OpenDocument, OpenOffice, Oracle at 2:00 am by Dr. Roy Schestowitz

Summary: The Document Foundation and LibreOffice are formally announced, beginning an era of a vendor-independent office suite with ODF support, no copyright assignment requirements, and a clear direction with long-term commitment

The Document Foundation has just been announced and Techrights was briefed about it weeks in advance. Basically, OpenOffice.org is being forked, and that is probably a positive thing, although it may depend on one’s perspective.

Oracle Does Not Understand Software Freedom

Oracle cannot be trusted with and around Free software. Its boss does not understand software freedom. To quote some old interviews:

• Larry Ellison: “If an Open Source Product Gets Good Enough, We’ll Simply Take It.”
• Larry Ellison: “We Have to Exploit Open Source.”

Remarking on more recent events, Matthew Aslett wrote: “Only a few hours in to #oow10 and already detected a subtle but important change in how Oracle describes its relationship with open source. [...] Out goes “we have no open source strategy” in comes “we are are proprietary company that believes there’s an important role for open source””

Is this a company that can be relied on in the long term? Well, as part of Oracle’s recently-announced transition to Fog Computing it was announced that the company would make better use of JavaFX to incorporate the Web and commitment to Java gets extended, just not quite in the way which preserves freedom. Zonker says that there is more than GPL compliance to stay true to and thus Oracle is failing. To quote: “The GNU General Public License (GPL) and other open source licenses dictate the things you’re allowed to do with code. Simply because the GPL allows parasitic behavior, doesn’t mean that Oracle can’t be called out when it’s not being a good community citizen. Some see the GPL’s reciprocal requirements as restrictive — but even the requirements to give back changes and share code only go so far. Open source licenses leave a lot of room for companies to behave poorly while still complying with the license. Oracle could ship GPL’ed code on DVDs in wallets made out of the finest baby seal pelts housed in ivory boxes, and it wouldn’t be against the GPL. But that doesn’t mean the house that Larry built should get a pass if it chooses to do so.”

On the OpenOffice.org side, new Developer Snapshots recently arrived, e.g. (from GullFOSS):

• New: OOo-DEV 3.3.x Developer Snapshot (build OOO330m8) available

  Developer Snapshot OOo-Dev OOO330m8 is available for download.

  OOO330 is the development codeline for upcoming OOo 3.3.x releases.

• New: OOo-DEV 3.x Developer Snapshot (build DEV300m88) available

  Developer Snapshot OOo-Dev DEV300m88 is available for download.

  DEV300 is the development codeline for upcoming OOo 3.x releases.

• DRCSs don’t quite cut it (yet)

Beyond this release, the future of OpenOffice.org is unknown, whereas the future the LibreOffice is very much certain, thanks to the backing from many committed parties.

Oracle’s Bad Direction for OpenOffice.org

Here is an insight into Oracle’s plan for OpenOffice.org:

As such, it competes against Google Docs and the browser version of Office, Microsoft Office Web Apps.
The narrator in the Oracle Cloud Suite video touts the integration with Oracle Open Office (natch), the open document format (ODF) and is compatible with Microsoft Office. And Oracle Cloud Suite is accessible to the industry’s increasing mobile workforce.
But the International Business Times pieces raises a few questions about how viable the Oracle threat is.

“Oracle preps Google and Microsoft Office challenger,” says another headline:

The Reg understands Cloud Office is a closed-source product developed by Oracle, rather than a part of the OpenOffice Project.

Oracle has promised that Cloud Office uses web standards, but it will also use JavaFX – the currently closed Java scripting language for rich-internet applications and UIs Oracle inherited from Sun Microsystems.

With an imminent OpenOffice.org Hackfest, it is clear that OpenOffice.org is not being abandoned by Oracle, but increasingly it is taken in a proprietary direction where Oracle gains greater control. From Roberto Galoppini’s blog:

Few days ago I shortly mentioned the OpenOffice.org Hackfest, and today I asked my friend Florian Effenberger – OpenOffice.org Marketing Project Lead – to tell us more about the event, to be held on the 6-7 of November at the Attraktor in Hamburg.

How many will attend now that LibreOffice is where all the action is at?

Fork Announced

So, OpenOffice.org is being forked and here is what people need to know. The press release is appended below and documentfoundation.org contains more information as it has only just come live (9 AM Paris/Berlin time).

First of all, the fork is backed by many vendors, as well as non-commercial entities such as the GNOME Foundation. The licence will be LGPLv3 (and no copyright agreement is required, which is now one of the various pressures Oracle is putting on the community). The details are all at the bottom.

Why is it so necessary? To quote someone from the Steering Committee, the “situation with Oracle inside Openoffice.org is untenable… they don’t even want to commit after the 3.3… they refuse to communicate on roadmap… are getting insolently crazy on trademarks… are shutting down portions of our open development process…”

Asked about OpenSolaris as an analogy, we we told that it’s “a bit like that, but with less hostility… they don’t want to shut it down, they want to have it their way exclusively, so we are forking…. we [as in] Novell, Red Hat, Google, the Brazilian Government, its banks and largest companies, several international OOo associations (forming the backbone of the community), and we’re awaiting some more supporters such as the SFLC, the FSF, the OSI, the FSFE… in fact SFLC, Debian, OSI and FSFE are more or less already acquired… Canonical and Red Hat will ship our own binaries in their next version of Ubuntu and Fedora.”

Asked about the role of Novell, it turned out that they are included in this. There was “no choice”, but “the source code will be OOo vanilla (no go-oo patches) [...] but we’re using the ooo-build system (well, everyone on Linux uses it except Red Hat who made the decision now to switch to us).”

All the infrastructure was made ready about two weeks ago when they were “in the process of registering the trademarks”. Later on it was decided that “the Foundation will be named The Document Foundation [...] the office suite named LibreOffice.”

“Libre” is good in the sense that it conveys something better than just “open source”.

As Glyn Moody put it some days ago, “We [May Be] Entering the Golden Age of Forks”. OpenOffice.org was named by Moody:

Oracle’s high-handed approach to open source is fast making it Public Enemy Number 1 as far as free software is concerned (yes, even relegating Microsoft to second place). This means that people working on the MySQL or OpenOffice.org projects are going to be far warier, and more distrustful of the company’s moves in future.

Let’s get this ball rolling and the word spread as far as possible. In order for LibreOffice to succeed in a major way, people all around the world need to be aware of it. █

---

OpenOffice.org Community announces The Document Foundation

The community of volunteers developing and promoting OpenOffice.org sets up an independent Foundation to drive the further growth of the project

The Internet, September 28, 2010 – The community of volunteers who develop and promote OpenOffice.org, the leading free office software, announce a major change in the project’s structure. After ten years’ successful growth with Sun Microsystems as founding and principle sponsor, the project launches an independent foundation called “The Document Foundation”, to fulfil the promise of independence written in the original charter.

The Foundation will be the cornerstone of a new ecosystem where individuals and organisations can contribute to and benefit from the availability of a truly free office suite. It will generate increased competition and choice for the benefit of customers and drive innovation in the office suite market. From now on, the OpenOffice.org community will be known as “The Document Foundation”.
Oracle, who acquired OpenOffice.org assets as a result of its acquisition of Sun Microsystems, has been invited to become a member of the new Foundation, and donate the brand the community has grown during the past ten years. Pending this decision, the brand “LibreOffice” has been chosen for the software going forward.

The Document Foundation is the result of a collective effort by leading independent members of the former OpenOffice.org community, including several project leads and key members of the Community Council. It will be led initially by a Steering Committee of developers and national language projects managers. The Foundation aims to lower the barrier of adoption for both users and developers, to make LibreOffice the most accessible office suite ever.

The Foundation has chosen the LibreOffice brand as an alternative to OpenOffice.org, and will coordinate and oversee the development of the software, which is available in beta version at the placeholder site: http://www.libreoffice.org. Developers are invited to join the project and contribute to the code in the new friendly and open environment, to shape the future of office productivity suites alongside contributors who translate, test, document, support, and promote the software.

Speaking for the group of volunteers, Sophie Gautier – a veteran of the community and the former maintainer of the French speaking language project – has declared: “We believe that the Foundation is a key step for the evolution of the free office suite, as it liberates the development of the code and the evolution of the project from the constraints represented by the commercial interests of a single company. Free software advocates around the world have the extraordinary opportunity of joining the group of founding members today, to write a completely new chapter in the history of FLOSS”.

FSF President Richard Stallman welcomed LibreOffice release and it’s stated policy of only recommending free software. “I’m very pleased that the Document Foundation will not recommend nonfree add-ons, since they are the main freedom problem of the current OpenOffice.org. I hope that the LibreOffice developers and the Oracle-employed developers of OpenOffice will be able to cooperate on development of the
body of the code”.

“The Document Foundation supports the Open Document Format, and is keen to work at OASIS to the next evolution of the ISO standard”, says Charles Schulz, member of the Community Council and lead of the Native Language Confederation. “The Document Foundation brings to the table the point of view of developers, supporters and users, and this might accelerate the adoption process of ODF at government and enterprise level”.

Chris DiBona, Open Source Programs Manager at Google, Inc., has commented: “The creation of The Document Foundation is a great step forward in encouraging further development of open source office suites. Having a level playing field for all contributors is fundamental in creating a broad and active community around an open source software project. Google is proud to be a supporter of The Document Foundation and participate in the project”.

“Viva la LibreOffice”, said Markus Rex, Senior Vice President and General Manager, Open Platform Solutions at Novell. “We look forward to working with the Document Foundation to help develop a solid open source document software offering. Ultimately, we hope to see LibreOffice do for the office productivity market what Mozilla Firefox has done for browsers”.

Jan Wildeboer, EMEA Open Source Affairs at Red Hat, has commented: “All over the world, users, companies and governments are moving to truly open solutions based on Open Standards. LibreOffice delivers the missing link, and at Red Hat we are proud to join this effort”.

Mark Shuttleworth, founder and major shareholder of Canonical, the makers of Ubuntu, has declared: “Office productivity software is a critical component of the free software desktop, and the Ubuntu Project will be pleased to ship LibreOffice from The Document Foundation in future releases of Ubuntu. The Document Foundation’s stewardship of LibreOffice provides Ubuntu developers an effective forum for collaboration around the code that makes Ubuntu an effective solution for the desktop in office environments”.

“The Open Source Initiative has observed a trend back towards open collaborative communities for open source software”, said Simon Phipps, a Director of the Open Source Initiative. “We welcome The Document

Foundation initiative and look forward to the innovation it is able to drive with a truly open community gathered around a free software commons, in the spirit of the best of open source software”.

Additional information, including the mission, are available on the web site of The Document Foundation: http://www.documentfoundation.org

Biographies and pictures of the founding members of The Document Foundation are available here: http://www.documentfoundation.org/foundation/.

There is a specific page for people interested in contributing to the development of the code: http://www.documentfoundation.org/developers/.

The Document Foundation has a Twitter account: http://twitter.com/docufoundation and an Identi.ca account: http://identi.ca/docufoundation.

The announcements mailing list is at: announce+subscribe@documentfoundation.org.

The discussion mailing list is at: discuss+subscribe@documentfoundation.org.

The Document Foundation

The Document Foundation is an independent self-governing democratic Foundation created by leading members of the former OpenOffice.org Community. It continues to build on the Foundation of ten years’ dedicated work by the OpenOffice.org community, and was created in the belief that an independent Foundation is the best fit to the Community’s core values of openness, transparency, and valuing people for their contribution. It is open to any individual who agrees with our core values and contributes to our activities, and welcomes corporate participation, e.g. by sponsoring individuals to work as equals alongside other contributors in the community.

Media Contacts

Florian Effenberger (Germany)
Mobile: +49 151 14424108
E-mail: floeff@documentfoundation.org

Olivier Hallot (Brazil)
Mobile: +55.21.88228812
E-mail: olivier.hallot@documentfoundation.org

Charles H. Schulz (France)
Mobile: +33 6 98655424
E-mail: charles.schulz@documentfoundation.org

Italo Vignoli (Italy)
Mobile: +39 348 5653829
E-mail: italo.vignoli@documentfoundation.org

APPENDIX

STEERING COMMITTEE MEMBERS

Sophie Gautier

Francophone project co-lead, former Project Lead Education Project, former Community Council Member for Native Lang projects category

I’ve been deeply involved in the OpenOffice.org Community since its very beginning in 2000. First I participated to the Documentation Project, then I’ve been the lead of the French-speaking project from 2002 to 2007, then the co-lead in 2009 until now. I’ve represented the Native Language Confederation at the Community Council since its launch until last year. Now I’m managing the French localization of the OOo product and satellite sites and participating to QA, Documentation, User Support and Marketing. In my daily job, I’ve worked as an OpenOffice.org consultant and trainer on my own first, then for the Linagora Group from 2006 to 2010 and I’m currently unemployed.

Thorsten Behrens

GSL Project co-lead, OASIS ODF TC / ECMA TC45 / ISO SC34 WG4 participant

Thorsten was part of OpenOffice.org almost from the start, when he joined the then-Sun-Microsystems development team back in early 2001. He’s a computer scientist by education, and a Free Software enthusiast by heart, a geek from early childhood – and someone who was lucky enough to turn a hobby into an occupation.

During his now nine years of tenure in the project, he’s spent most of his time hacking the code, in areas ranging from build system, platform abstraction libraries, Impress and Writer. Thorsten is currently co-lead of the graphical system layer project, member of the OASIS ODF technical committee, the ECMA TC45, and technical advisor on the ISO/IEC JTC 1/SC 34 working group 4.
He’s sponsored by Novell to work full-time on OpenOffice.org.

Florian Effenberger

Marketing Project Lead and German MarCon, Distribution Project Lead

Florian Effenberger has been an open source evangelist for many years. He is lead of the international OpenOffice.org marketing project as well as a member of the management board of the non-profit OpenOffice.org Deutschland e.V. He has ten years’ experience of designing enterprise and educational computer networks, including software deployment based on free software. He is also a frequent contributor to a variety of professional magazines worldwide on topics such as free software, open standards and legal matters.

Caolán McNamara

Former Writer Project co-lead and member of the OpenOffice.org Engineering Steering Committee

Caolán is a Senior Software Engineer at Red Hat, Inc, and has over 10 years experience in developing OpenOffice.org. Starting 2000 in Hamburg as an employee of Sun Microsystems developing StarOffice before its subsequent release under the LGPL as OpenOffice.org later that year. From 2000 to 2005 Caolán specialized in improving the the binary MSWord import/export filters, building on his prior experience developing libwv, libwmf and other free software projects to parse Microsoft binary file formats.

From 2005 to present Caolán has been employed full-time by Red Hat, Inc. to maintain, improve and enhance OpenOffice.org, typically focusing on GNOME desktop integration, font and glyph replacement, Indic text layout, linguistic components, tooling to improve overall code quality, debugging the type of problems no one wants to touch, while retaining an interest in MSOffice compatibility.

Olivier Hallot

BrOffice.org CFO, Community Council Member, Main translator for pt-BR

Graduated Electronic Engineer in 1982, MSc in Digital Signal Processing in 1985 and MBA in Oil&Gas industry in 2001.

I initiated my career as Assocate Researcher for digital signal processing in the IBM Scientific Center in Brasilia, Brazil, for the Oil&Gas industry in seismic data processing and high performance computing. Later I moved to marketing and sales for the same industry all over Latin America. In 1998 I joined Oracle Brazil in sales for the Oil& Gas industry and later as Alliance relationship manager for large hardware manufacturers as well as with the Oracle academic initiative. Since 2002 and on my own, I have participated actively in FLOSS projects notably in OpenOffice.org as one of the translators for
Brazilian Portuguese and volunter CFO of BrOffice.org NGO. I am now senior consultant in OpenOffice.org technology for large corporations on migration projects.

André Schnabel

Coordinator for German localization, former Project Lead QA Project, former Community Council Member for accepted projects category

André is involved in the OpenOffice.org project since 2001. Being a software developer in his professional live he focused his voluntary work for OpenOffice.org on user support, documentation and quality assurance. He has been Co-Lead of the Germanophone project as well as project lead of the Quality Assurance project and member of the Community Council for several years. Today he is maintaining the German localization and working on a translation process based on open standards. André is also founding member and chairman of the board of the German non-profit OpenOffice.org Deutschland e.V.

Charles-H. Schulz

NLC Lead, Community Council Member (Lang Representative)

Charles-H. Schulz (The “H” letter standing for his second name “Henri”) is a French technologist, Free Software and Open Standards advocate. As a long time contributor to the OpenOffice.org project he helped grow its community from a few mostly european communities to over a hundred communities and teams of various sizes. In the end of 2009 he was elected at the Community Council of the OpenOffice.org project. He is currently the lead of the Native-Language Confederation and a member of the Community Council. He also contributed to the development and adoption of the OpenDocument Format standard through the company he co-founded, Ars Aperta. Member of several international organizations he helped to create the Digital Standards Group and is part of the OASIS standards consortium, of which he is now one of the directors.

Italo Vignoli

Italian MarCon, President of Associazione PLIO (Italian National Language Project)

Italo Vignoli is president of PLIO, OpenOffice.org Italian National Language Project, a not for profit association that represents the community of volunteers who promote the free office productivity suite. In everyday life, is partner and president of Quorum PR, a public relations agency with a strong bias to the integration of traditional media and social network. He has almost thirty years of experience in marketing and communication of high-tech companies in Italy and at international level, and is responsible for the social networks practice within the Italian Federation of Public Relations.

Since 1984, it is connected to the network with a portable PC and a messaging or e-mail system despite a degree in humanities from the University of Milan, where he has been a researcher on urban geography. He is working as a freelance journalist since 1972, writing about sports, music and IT. He blogs in Italian about libre software at http://www.cwi.it/blogs/sistemaperto/.

MESSAGE FOR ORACLE

Gentlemen – as founders and principle supporters of the OpenOffice.org Community during the past decade, we’re giving you advance notice that we will shortly be announcing the launch of an independent Foundation to take the Community forward into its next decade.

You will be aware that this has been discussed many times over the years. We now feel the time is right to make the move. We believe it will be more powerful if the move is initiated by the Community itself, which is why we are launching this initiative.

We do of course hope that you will be able to move with us on this exciting new journey. As custodians of many OpenOffice.org assets, your continued support will be most warmly appreciated.

Signed on behalf of the group:

Sophie Gautier
Thorsten Behrens
Florian Effenberger
Olivier Hallot
Caolan McNamara
Christoph Noack
Charles-H. Schulz
André Schnabel
Italo Vignoli

MESSAGE FOR THE COMMUNITY

Dear OpenOffice.org community members,
Dear leads of the native-language projects,
Dear project leads,

Today, we would like to introduce you to an idea that has grown very concretely during the past weeks. We ask you to NOT share it with anyone else at this moment. There will be plenty of time to discuss and work on it soon.

Over the past decade, thanks to your great help, support and enthusiasm, OpenOffice.org has grown to a important open source projects.

Now that we are approaching our tenth birthday, it is time to mark a major step in the evolution of OpenOffice.org. For the last ten years, the idea of an independent OpenOffice.org foundation has been existing (see http://www.openoffice.org/white_papers/OOo_project/openofficefoundation.html) but has never been realized.

We feel now is the time to make the vision from the very beginning of the project a reality. Therefore, a group of long-term community contributors, is about to establish a foundation called

“The Document Foundation”
(http://www.documentfoundation.org from September 28th on)

and will publicly announce these plans on Tuesday, September 28th

Our mission is to facilitate the evolution of the OpenOffice.org community into a new open, independent, and meritocratic organizational structure within the next few months.

We invite you to join us in these efforts. Help us to bring our community and our software to a new level and shape the next logical step of its evolution.

As it is yet uncertain whether we will get the OpenOffice.org trademark from its owner, Oracle Corporation, we plan to establish a new brand for the product, called
“LibreOffice” (http://www.libreoffice.org from September 28th on)

We have invited Oracle, which we owe much respect for all the good things that they have done in the past years, to become a member and partner of our initiative, and we hope they will join us together with the Hamburg development team, so that LibreOffice indeed is a temporary placeholder, which is our true wish.

We have already seen wide support from companies like Google, Novell and Red Hat as well as our friends from the Brazilian BrOffice.org community. Others are in favour of our plans and might actively join our initiative soon.

As of today, about 25 well-known and long-term contributors to the OpenOffice.org community are part of our initiative. We have formed an interim Steering Committee to drive things forward.

We currently work hard to put all the needed infrastructure at your disposal, to be able to quickly communicate with the community.

All this and maybe more will be announced on

Tuesday, September 28th

You are invited to join our

* official mailing list by subscribing at discuss+subscribe@lists.documentfoundation.org

* IRC channel at #documentfoundation on irc.freenode.net (irc://irc.freenode.net/#documentfoundation)

* initiative by signing the manifesto at http://www.documentfoundation.org

All the above addresses will be available from September 28th on.

We are here for any questions and suggestions that you will have. We hope for your support in this next major step and are sure that you will as be thrilled by this new project as we are, which is in fact the continuity of our community.

Yours truly,

the members of the Steering Committee and founders of the Document Foundation
Sophie Gautier, sophie.gautier@documentfoundation.org
Thorsten Behrens, thorsten.behrens@documentfoundation.org
Florian Effenberger, floeff@documentfoundation.org
Olivier Hallot, olivier.hallot@documentfoundation.org
Caolán McNamara, caolan.mcnamara@documentfoundation.org
André Schnabel, andre.schnabel@documentfoundation.org
Charles Schulz, charles.schulz@documentfoundation.org
Italo Vignoli, italo.vignoli@documentfoundation.org

Permalink 10 Comments      Send this to a friend