Announcement

Collapse
No announcement yet.

Apache OpenOffice Vulnerable To One-Click Code Execution

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • stormcrow
    replied
    Originally posted by alcalde View Post
    There's a topic trending on Twitter now because some snooty Harvard PhD candidate is complaining about Gen Z not using Microsoft Office and how when he requires a paper in .doc format all his students say they're using Google Docs and people are rightly laughing at him, including his objection to the cost issue being "Harvard gives you Office for free". But what's really scary is all the (certainly Windows) users replying on Twitter saying how they're happy OPEN Office users and encouraging others to use OPEN Office. I'm replying to as many as I can with links to articles about OpenOffice security vulnerabilities and encouraging them to switch to LibreOffice, but there are so many of them....

    We don't realize how many Windows users know absolutely NOTHING about open source or anything that happens in the open source world. I don't think I've met a Windows user yet who knows about OpenOffice forking into LibreOffice and of course only some who have ever heard of OpenOffice. When I showed one a laptop that had Linux installed on it she said "I didn't know you could run anything else [other than Windows] on a computer!".

    Maybe the community needs to file 500 sexual harassment lawsuits against Richard Stallman and then use the proceeds to fund an advertising campaign targeting Windows users. Those who aren't hardcore developers know as much about their computers as I know about dishwashers.
    I have a foot in both worlds, free software & proprietary software, and frankly LibreOffice is awful. No really, it's awful for doing much more than just typing out an abstract or letter. Yes I used it for years till I actually tried using Word and writing anything bigger than a letter. Like Harvard students, I get Office 365 for free from my college. The G-docs students should be educated enough to know they can export *.doc from G-docs without any real trouble, and those that already know, complaining about a couple of extra clicks is just plain lazy. Once you get past the first year students, that problem solves itself. Older students know what's expected and they get it done regardless of what they really use.

    To me, the problems with LibreOffice goes way beyond just a few extra clicks here and there. It's just an all around pain in the... rump to use compared to Word. It's the crowning jewel of free software consistently missing the final 10% of design and implementation.

    The only reason OpenOffice for Windows users are still around is because most of them don't realize that most schools have a free (included in tuition) sub to Office 365 to all students these days. That's because the schools generally use far more than just Word for homework. Internal school email uses Outlook & Exchange (cloud Exchange, rarely on-prem these days). Some schools are using Teams for collaboration and meetings. The standard for spreadsheets is Excel. The free as in beer thing was what got OpenOffice for Windows its very small fan base back in the day, not that it was open source. There's always going to be a lot of broke students looking for handouts when they can get them. I was there at one time, too.

    On the lawsuits thing... not going to work. Stallman files bankruptcy and the plaintiffs are left holding the bag on legal fees. The only thing Bankruptcy won't touch are criminal fines, taxes, student and other gov. backed loans.

    Leave a comment:


  • alcalde
    replied
    There's a topic trending on Twitter now because some snooty Harvard PhD candidate is complaining about Gen Z not using Microsoft Office and how when he requires a paper in .doc format all his students say they're using Google Docs and people are rightly laughing at him, including his objection to the cost issue being "Harvard gives you Office for free". But what's really scary is all the (certainly Windows) users replying on Twitter saying how they're happy OPEN Office users and encouraging others to use OPEN Office. I'm replying to as many as I can with links to articles about OpenOffice security vulnerabilities and encouraging them to switch to LibreOffice, but there are so many of them....

    We don't realize how many Windows users know absolutely NOTHING about open source or anything that happens in the open source world. I don't think I've met a Windows user yet who knows about OpenOffice forking into LibreOffice and of course only some who have ever heard of OpenOffice. When I showed one a laptop that had Linux installed on it she said "I didn't know you could run anything else [other than Windows] on a computer!".

    Maybe the community needs to file 500 sexual harassment lawsuits against Richard Stallman and then use the proceeds to fund an advertising campaign targeting Windows users. Those who aren't hardcore developers know as much about their computers as I know about dishwashers.

    Leave a comment:


  • Siuoq
    replied
    Originally posted by jbennett View Post
    You click on a URL, and the office program hands the URL to the OS to act on.That might not be a URL you really wanted to access, but that's not the fault of your office suite. *shrugs*
    It depends whether the OS is supposed to handle the URL in a secure way, or just naively open it. In the second case, it's AOO's job to provide the protection, in this case an Ok/Back window.

    Although I still https://www.phoronix.com/forums/foru...04#post1254904 don't really understand the way that URL-s can be harmful.

    Leave a comment:


  • yoshi314
    replied
    Originally posted by Adarion View Post
    I wonder who these 2.4 Million people (bots?) are that download AOO. AOO is quite dead. For a long time. They should really transfer naming rights to the TDF/LibO. And redirect to the website. There's no use in wasting engineering power and people still downloading an inferior product that is not really actively developed.
    Sometimes multiple solutions are good to have an alternative, but those come from the same origin. Just one branch is totally withered now.
    I agree, but as an example - a language school i study at uses AOO, either because they do not know any better or maybe due to some restrictions wrt their support.

    I know better than to try to advise them to use LO, since i do not work there.

    Leave a comment:


  • jbennett
    replied
    Honestly, I think this is a non-bug, at least as far as Openoffice and Libreoffice are concerned. You click on a URL, and the office program hands the URL to the OS to act on. That might not be a URL you really wanted to access, but that's not the fault of your office suite. *shrugs* Oh, and if you want the libre/openoffice story straight from the horse's mouth: https://twit.tv/shows/floss-weekly/episodes/446

    Leave a comment:


  • Alexmitter
    replied
    Originally posted by jacob View Post

    Dunno, more likely it would be an obvious conspiracy by the systemd team in order to discredit the glorious Init Freedom(tm).
    Their issue is simply that systemd is too good, especially in today's state. It gets hard to criticize something when there is simply not much wrong with it. So they go over to pretend imagination issues like this imaginary malware in a imaginary systemd component, or the imagination bloat, or its imaginary posix principle incompatibility or whatever.

    Init freedom also is the freedom of a distro to simply choose the working solution, and systemd will continue to be this choice for every sane issue as long as its haters don't get their stuff together and stop gluing things onto old style init in the hope to somehow recreate systemd features. But if they finally would work on a new solution, it would end up to kinda be like systemd after all, no matter what.

    Leave a comment:


  • jacob
    replied
    Originally posted by Alexmitter View Post

    Then it would be simply malware abusing glorious openrc-init's name to be undetected on woke openrc-init user PCs.

    Stay woke, don't use systemd.
    Dunno, more likely it would be an obvious conspiracy by the systemd team in order to discredit the glorious Init Freedom(tm).

    Leave a comment:


  • Mathias
    replied
    Originally posted by andyprough View Post
    progress was incredibly slow compared to LO, what progress that was made was mostly backported stuff from LO
    AFAIK Openoffice couldn't backport stuff from LO, because OO requires a signed CLA that LO devs of course never did. IIRC LO did backport some (few) stuff from OO.

    Leave a comment:


  • Alexmitter
    replied
    Originally posted by jacob View Post

    I wonder what they would say if there was malware called "openrc-init".
    Then it would be simply malware abusing glorious openrc-init's name to be undetected on woke openrc-init user PCs.

    Stay woke, don't use systemd.

    Leave a comment:


  • jacob
    replied
    Originally posted by Alexmitter View Post

    Yes it seems so, I remember the days when people had proper pro and counter arguments for systemd.

    Now its somewhere between "lets pretend this completely unaffiliated malware that named itself "systemd-service to be not so easily spotted has something to do with the systemd project" or the "they hide my private information in the binary log to later send it home via the systemd NTP sync".
    I wonder what they would say if there was malware called "openrc-init".

    Leave a comment:

Working...
X