Announcement

Collapse
No announcement yet.

Apache OpenOffice Vulnerable To One-Click Code Execution

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #41
    Originally posted by jacob View Post

    The anti-systemd folks have been living in conspiracy land from day 0, but if this is the sort of "argument" they are now pushing, they must be getting really desperate.
    Yes it seems so, I remember the days when people had proper pro and counter arguments for systemd.

    Now its somewhere between "lets pretend this completely unaffiliated malware that named itself "systemd-service to be not so easily spotted has something to do with the systemd project" or the "they hide my private information in the binary log to later send it home via the systemd NTP sync".

    Comment


    • #42
      Originally posted by Alexmitter View Post

      Yes it seems so, I remember the days when people had proper pro and counter arguments for systemd.

      Now its somewhere between "lets pretend this completely unaffiliated malware that named itself "systemd-service to be not so easily spotted has something to do with the systemd project" or the "they hide my private information in the binary log to later send it home via the systemd NTP sync".
      I wonder what they would say if there was malware called "openrc-init".

      Comment


      • #43
        Originally posted by jacob View Post

        I wonder what they would say if there was malware called "openrc-init".
        Then it would be simply malware abusing glorious openrc-init's name to be undetected on woke openrc-init user PCs.

        Stay woke, don't use systemd.

        Comment


        • #44
          Originally posted by andyprough View Post
          progress was incredibly slow compared to LO, what progress that was made was mostly backported stuff from LO
          AFAIK Openoffice couldn't backport stuff from LO, because OO requires a signed CLA that LO devs of course never did. IIRC LO did backport some (few) stuff from OO.

          Comment


          • #45
            Originally posted by Alexmitter View Post

            Then it would be simply malware abusing glorious openrc-init's name to be undetected on woke openrc-init user PCs.

            Stay woke, don't use systemd.
            Dunno, more likely it would be an obvious conspiracy by the systemd team in order to discredit the glorious Init Freedom(tm).

            Comment


            • #46
              Originally posted by jacob View Post

              Dunno, more likely it would be an obvious conspiracy by the systemd team in order to discredit the glorious Init Freedom(tm).
              Their issue is simply that systemd is too good, especially in today's state. It gets hard to criticize something when there is simply not much wrong with it. So they go over to pretend imagination issues like this imaginary malware in a imaginary systemd component, or the imagination bloat, or its imaginary posix principle incompatibility or whatever.

              Init freedom also is the freedom of a distro to simply choose the working solution, and systemd will continue to be this choice for every sane issue as long as its haters don't get their stuff together and stop gluing things onto old style init in the hope to somehow recreate systemd features. But if they finally would work on a new solution, it would end up to kinda be like systemd after all, no matter what.

              Comment


              • #47
                Honestly, I think this is a non-bug, at least as far as Openoffice and Libreoffice are concerned. You click on a URL, and the office program hands the URL to the OS to act on. That might not be a URL you really wanted to access, but that's not the fault of your office suite. *shrugs* Oh, and if you want the libre/openoffice story straight from the horse's mouth: https://twit.tv/shows/floss-weekly/episodes/446

                Comment


                • #48
                  Originally posted by Adarion View Post
                  I wonder who these 2.4 Million people (bots?) are that download AOO. AOO is quite dead. For a long time. They should really transfer naming rights to the TDF/LibO. And redirect to the website. There's no use in wasting engineering power and people still downloading an inferior product that is not really actively developed.
                  Sometimes multiple solutions are good to have an alternative, but those come from the same origin. Just one branch is totally withered now.
                  I agree, but as an example - a language school i study at uses AOO, either because they do not know any better or maybe due to some restrictions wrt their support.

                  I know better than to try to advise them to use LO, since i do not work there.

                  Comment


                  • #49
                    Originally posted by jbennett View Post
                    You click on a URL, and the office program hands the URL to the OS to act on.That might not be a URL you really wanted to access, but that's not the fault of your office suite. *shrugs*
                    It depends whether the OS is supposed to handle the URL in a secure way, or just naively open it. In the second case, it's AOO's job to provide the protection, in this case an Ok/Back window.

                    Although I still https://www.phoronix.com/forums/foru...04#post1254904 don't really understand the way that URL-s can be harmful.

                    Comment


                    • #50
                      There's a topic trending on Twitter now because some snooty Harvard PhD candidate is complaining about Gen Z not using Microsoft Office and how when he requires a paper in .doc format all his students say they're using Google Docs and people are rightly laughing at him, including his objection to the cost issue being "Harvard gives you Office for free". But what's really scary is all the (certainly Windows) users replying on Twitter saying how they're happy OPEN Office users and encouraging others to use OPEN Office. I'm replying to as many as I can with links to articles about OpenOffice security vulnerabilities and encouraging them to switch to LibreOffice, but there are so many of them....

                      We don't realize how many Windows users know absolutely NOTHING about open source or anything that happens in the open source world. I don't think I've met a Windows user yet who knows about OpenOffice forking into LibreOffice and of course only some who have ever heard of OpenOffice. When I showed one a laptop that had Linux installed on it she said "I didn't know you could run anything else [other than Windows] on a computer!".

                      Maybe the community needs to file 500 sexual harassment lawsuits against Richard Stallman and then use the proceeds to fund an advertising campaign targeting Windows users. Those who aren't hardcore developers know as much about their computers as I know about dishwashers.

                      Comment

                      Working...
                      X