Wednesday September 16, 2009 Malte about some of his work at Sun Microsystems, Inc.
| Malte Timmermann's Blog Malte about some of his work at Sun Microsystems, Inc. |
|
|
Wednesday September 16, 2009 Security and Privacy Feature Improvements in upcoming OpenOffice.org 3.2 I had commented on the Black Hat 2009 OOo Security Paper some time ago. There have been some points which could be clarified directly, or
where I didn't agree on, but there also have been some valid points,
where I promised that we would try to address them in OOo 3.2 –
what we did. Issues listed in the article, where improvements to OOo had been necessary
Update: In OOo 3.2, you can't anymore add unencrypted macro streams, or replaces existing streams with different (unencrypted) versions. For compatibility reasons, this check is only done for ODF 1.2 documents written with OOo 3.0 or newer. But OOo won't rely on the ODF version listed in manifest.xml alone, and will also check the version listed in the encrypted content.xml, so people manipulating the document can't circumvent the check by manipulating (downgrading) the ODF version in manifest.xml. You still can remove all macros streams together, because we still can't protect manifest.xml. Fixing this would need further enhancements to ODF, since we don't want to create an OOo only solution, which would result in OOo complaining about all encrypted documents written with other applications. Another thing is that you can add encrypted macro streams, but this won't have any effect. The reason is that macro streams can have different encryption keys, because the user can give each basic library an other password. But adding encrypted macro streams doesn't matter, because OOo wouldn't be able to decrypt them, and they also can't be registered in the basic library, because that file is also encrypted. To resolve the remaining (and probably minor) issue that macro
streams can be removed in encrypted documents, different options need
to be evaluated very carefully: This can be the protection of the
manifest.xml via some signature algorithm, or the encryption of the
complete ODF zip stream. That later solution could also be wrapped in
an ODF container, so you have a mimetime stream for better system
integration, and a place where you can document which encryption algorithms have been used. Explaining these options and the advantages and disadvantages would be to much for this article – if you are interested in working on this with us, please join the OpenOffice.org Security Project. Let's discuss the ideas on the Security Project's mailing list, where you should subscribe in advance, because replies normally only make it to the list.
Update: We changed the ODF 1.2 spec (that is the version where digital signatures are covered for the first time). The definition for document signatures now states that all streams in the ODF package, including manifest.xml, must be covered by the document signatures. The only exception is that the signature stream itself might be excluded. In OOo 3.2, the manifest.xml is part of the document signature now.
Update: As I already said in my initial comments, it doesn't change much for security whether or not the file is declared in manifest.xml, because manifest.xml could also be updated very easily. But because it's good practice to make sure that all files are declared in manifest.xml, OOo 3.2 will make this check for ODF 1.2 documents. The ODF 1.2 specification will also state more clearly that all files need to be registered in manifest.xml. Because older versions of OOo already registered all files in manifest.xml, it might be worth discussing if this check could/should also be done for older documents.
Update: As already explained in the first issue above, OOo won't except any not encrypted streams in encrypted documents anymore, independent from the ODF version used in the document.
ODF 1.2 now allows for using different encryption algorithms, and all details about the algorithms used need to be documented in the manifest.xml (which is the reason that the manifest.xml itself can't be encrypted). These ODF enhancements have been submitted to the OASIS ODF TC, and OOo 3.2 already implements them. Please note that this only means OOo would put all needed information into manifest.xml. It doesn't mean that OOo would have new built-in encryption algorithms yet.
For other things in the loop, see the Security Project's Wiki pages.
That's great - but I can't find any download for OpenOffice.org 3.2 OOo 3.2 is not final now – expect the final version to be available end of November. And please make sure to only download from trusted sources, like http://OpenOffice.org. The reason is explained here.
Posted by Malte Timmermann ( Sep 16 2009, 01:20:10 PM CEST ) Permalink Comments [0]
Friday September 11, 2009 Big Win for ODF IBM asks all their employees to stop using Microsoft Office, and completely switch to Lotus Symphony - IBM's office suite which is based on OpenOffice.org 1.1. The important thing here is not that all employees should use IBM software, which you would expect anyway (eat your own dog food). The important thing is that the main goal with this is to completely switch to the OpenDocument Format (aka ODF) - the free and open standard for office documents. I guess this might have some signaling effect for many other companies - ODF is the broadly accepted free and open standard for office documents. Most people wouldn't consider Microsoft's OOXML format as an alternative, and meanwhile almost everyone knows that it's important to migrate away from Microsoft's binary document format - to ease further document processing, to make sure that you will still be able to read you documents in many years, and to avoid further vendor lock-ins. Right now I could only find German news articles about this, but I am sure English articles will show up later this day. Posted by Malte Timmermann ( Sep 11 2009, 10:35:23 AM CEST ) Permalink Comments [2]
Friday August 14, 2009 Microsoft using Sun Ray Thin Clients I just stumbled over this interesting article "Microsoft Enterprise Engineering Center Chooses Sun Ray Thin Clients" and wanted to share it with you, because I really like Sun Ray environments. We also make heavy use of Sun Ray systems in our OpenOffice.org Team here in Hamburg. All productivity software is maintained centrally on Sun Ray servers, running Solaris.Other systems are "only" needed for OpenOffice.org QA and Development tasks. QA members mainly use visualization to easily access all different kind of operating systems for testing our products. Developers connect to different kind of operating systems running on different physical machines via RDP or ssh and X11, because you would notice differences in performance when compiling large projects like OOo in virtual machines. But virtual machines are also sometimes very handy for developers, when it comes to debugging issues on some ancient operating system, or when an issue only occurs with certain configurations/languages.
Using such an environment, it doesn't matter where you work. At home, in the office, in some other Sun office around the world. Your session will travel with you, it doesn't matter where you log on. No PCs in the office, no noise. I really like it... Posted by Malte Timmermann ( Aug 14 2009, 06:43:27 PM CEST ) Permalink Comments [0]
Wednesday June 03, 2009 Sun ODF Plugin 3.1 for Microsoft Office A new version of the ODF Plugin for Microsoft Office is available. As I wrote in the last ODF Plugin announcement, the Plugin nowadays uses the same version number like the underlying OpenOffice.org version, so this version is now based on OpenOffice.org 3.1. Some people asked for it, so I have added the possibility to disable the update feature and the registration feature. Since the registration will only be triggered once after installation (and you don't have to register!), and the update feature never executes automatically, disabling these features is probably only interesting/needed in enterprise deployments. See the FAQ for details.
Posted by Malte Timmermann ( Jun 03 2009, 12:24:08 PM CEST ) Permalink Comments [9]
Wednesday May 27, 2009 OpenOffice.org Connector for Alfresco CMS People using Alfesco, the Open Source Alternative for Enterprise Content Management, might want to try our brand new OOo extension "Sun Connector for Alfresco CMS". It was just released today, feedback welcome.
Posted by Malte Timmermann ( May 27 2009, 03:50:52 PM CEST ) Permalink Comments [2]
Thursday May 07, 2009 OpenOffice.org 3.1 released - download the genuine and FREE version now! The final version of OpenOffice.org 3.1 is available for download now! A lot of new features and improvements make it really worth updating to this new version. Important: Make sure to download genuine OpenOffice.org from a trusted site! Almost daily, the OpenOffic.org Security Team receives mails from people who downloaded from commercial sites and had to charge for that in advance, or are asked for some kind of key or serial number when they want to install. Selling OpenOffice.org is allowed, and is fine as long as you get some extra service, like a CD, printed handbook or support. Unfortunately, some people and companies try to make easy money with OpenOffice.org, without providing any extras, and these download sites are often in the first hits when searching for OOo downloads. If you are not sure whether or not a download site can be trusted, simply use http://OpenOffice.org.This is very easy to remember, and mirrors make sure that you don't have to care about optimal download locations yourself. Posted by Malte Timmermann ( May 07 2009, 12:25:45 PM CEST ) Permalink Comments [5]
Thursday April 30, 2009 Using the Sun ODF Plugin for Microsoft Office with Office 2007 SP2 ODF is now nativity supported if MS Office 2007 with Service Pack 2. Nevertheless, people asked if it would still be possible to use the Sun ODF Plugin also in Office 2007 SP2, because the ODF quality might be better. I just gave the final version of SP2 a try, but only to verify that the Sun ODF Plugin still can be used. My intention was not to figure out how good the native ODF filters in SP2 are. OK, I must admit that I couldn't resist to quickly figure out what would happen with tables in presentation, because I know that SP2 only implements ODF 1.0. Tables in presentations got specified in ODF 1.2, same holds true for formulas in spreadsheets. As expected, you might want to continue using the Sun ODF Plugin if you need these features. If you want to use the Sun ODF Plugin for ODF documents, instead of he new built-in filters:
In Excel and PowerPoint, using the new built-in filters is more convenient, because you can simply use open/save, instead of the extra UI. But the fact that the filter in Excel doesn't support formulas let me think that this filter is quite unusable for most users... (Don't get fooled when testing it: Formulas written with Excel will work when loading the same ODF file in Excel, because the information about the formulas is preserved with the help of some MS Office specific XML tags, which no other ODF application will recognize) Alternatively, now that you are interest in ODF, you might want to give OpenOffice.org a try, in case you not already did so... Posted by Malte Timmermann ( Apr 30 2009, 04:42:08 PM CEST ) Permalink Comments [6]
ODF support in MS Office 2007 with Service Pack 2 Service Pack 2 for MS Office 2007 is now publicly available. The biggest improvement from my point of view: Support for the Open Document Format (ODF). It's a native Filter in Word, Excel and PowerPoint, so you can use ODF as your new default file format there! Of course Microsoft only did it for business reasons, because otherwise they could not continue selling Office to governments or companies where ODF is mandatory nowadays. But in the and it doesn't matter why they did it - more important is that they did it, and that this is another step in ODF becoming the open standard file format for Office documents. I didn't test the filters, so I don't know how good the quality is. But if people start to consequently use ODF now, I am sure the filters will be improved constantly, as well as the ODF specification in case that something is missing what is needed to store certain Office features... Posted by Malte Timmermann ( Apr 30 2009, 11:06:10 AM CEST ) Permalink Comments [0]
Monday April 20, 2009 Oracle to buy Sun Well, I always believed that Sun would be able to survive without being bought by another company. We have great products, hardware as well as software, and we only have done poorly in making money with the products, or with service contracts for our (open source) software products... Now it seems I will never figure it out, since Oracle will by Sun. We have just been informed about this some hours ago, and its in all news now. Right now, I don't know enough about Oracle to make me a picture whether or not this is (for me) better than IBM buying us. IBM is interested in OpenOffice.org, so probably also in Sun's OOo team here in Hamburg. What about Oracle? Posted by Malte Timmermann ( Apr 20 2009, 03:17:16 PM CEST ) Permalink Comments [3]
Friday February 13, 2009 About the update feature in the Sun ODF Plugin for Microsoft Office One of the questions I receive quite frequently is whether or not it would be possible to disable the update feature from the Sun ODF Plugin. Well - from my point of view, this wouldn't change much, because the update feature doesn't look for updates on it's own, nor would it download or install anything itself. I tried to explain that in the FAQ, but it seems someone decided my explanation would be too long or too technical, and shortened the item in the FAQ. For those who want it explained a little bit more, here is my original FAQ item: Q: Can I disable the auto update feature? A: No. The auto update feature just checks whether or not a newer version is available, but it doesn't download or update anything on it's own. Also the check is never done automatically, but the user has to select it manually. When a newer version is available, the same download web site will be presented to the user like when he would look up for a new version there. Download and installation is the same procedure like for users who don't use the Sun ODF Plugin for Microsoft Office yet, so there are no additional other mechanisms involved which a system administrator might want to restrict. Makes sense? Posted by Malte Timmermann ( Feb 13 2009, 06:06:14 PM CET ) Permalink Comments [1]
Friday February 06, 2009 Sun ODF Plugin 3.0 for Microsoft Office Finally, a new version of the ODF Plugin for Microsoft Office is available! It's been a while that we have released version 1.2 - but hey, why is it called 3.0? Did I miss version 2.0? Well, the answer is very simple. I thought it would be a good idea to give it the same version number like the underlying version of OpenOffice.org. This way, people know exactly which versions of the conversion filters are used. The conversion between ODP/PPT and between ODS/XLS is exactly the same like in the equivalent version of OpenOffice.org. The conversion between ODT/DOC is basically the same, but might differ in some case because the Word Filter API is based on RTF, so there is an additional conversion involved. This version of the plugin supports ODF 1.2 and loading ODF template files. The conversion filters have been further improved.
Posted by Malte Timmermann ( Feb 06 2009, 12:13:51 PM CET ) Permalink Comments [3]
Friday December 19, 2008 Configuration Viewer - a new and very useful OpenOffice.org extension My colleague from the NetBeans team (who happened to be my SEED mentee), just uploaded his new extension for OpenOffice.org. It's the Configuration Viewer extension. This useful extension lets you see all key/value pairs from your configuration - even those that are not accessible via the OpenOffice.org user interface. It distinguishes between configuration items stored in the shared configuration layer and the user's custom configuration. A little checkbox on the bottom of the dialog helps you for quickly identifying configuration items which are storade in the user's configuration layer. With the Export button you can export the currently displayed configuration items into a text file. After installing the extension (which needs Java to run), you can find it behind a new menu item: "Tools / Configuration...". If you think this is a useful extension, let Stan know via a comment - maybe he will then continue working on it, adding other cool stuff like editing the configuration items :) Posted by Malte Timmermann ( Dec 19 2008, 05:20:36 PM CET ) Permalink Comments [0]
Monday November 17, 2008 StarOffice 9 arrived Finally, StarOffice 9 is available. Basically it's almost the same as the recently released OpenOffice.org 3.0. The most important differences are indemnification, and up to 3 warranty support calls included in the retail version. Some people also like our hotfixes and patches that we provide for StarOffice only, while you always have to do full installations for new OOo releases. It's really up to you whether you want to use StarOffice or OpenOffice.org - in the end we are happy to offer different levels of services contracts for both products. Posted by Malte Timmermann ( Nov 17 2008, 07:11:20 PM CET ) Permalink Comments [2]
Wednesday November 05, 2008 China again I am just attending the 6th OpenOffice.org conference in Beijing. It's more more than a year ago that I visited RedFlag 2000 to teach them different things from OOo architecture, and some things in Beijing changed meanwhile, mostly because of the Olympic games. There are many more subway lines, and the new ones are really modern. Interesting that you have to put your luggage into some X-Ray machine when you enter the train system. I guess they started it for Olympics games, and didn't give up afterwards. I have the feeling that the traffic situation has improved. People are still driving like crazy, and as a pedestrian you better be very careful, but it seems there are less cars – people probably prefer the train now, which is fast and really cheap (~ EUR 0,25 for a one way ticket, distance doesn't matter). I will stay here until the week end, because we will have some guided tourists tours then. I have seen most places on my last trip, but: Last time I was here on my own. This time, I am here with 35 colleagues! This will be fun, and I tend to compare it with a “school trip”. More to come...
Posted by Malte Timmermann ( Nov 05 2008, 05:46:25 PM CET ) Permalink Comments [2]
Tuesday October 21, 2008 Web 2.0 Expo in Berlin I am just attending the Web 2.0 Expo in Berlin. After more than 17 years of mainly C++ software development, I thought this would be a good opportunity to get more in touch with all this Web 2.0 technologies and products. I just enjoyed the keynote (which was held AFTER the workshops) from Tim O'Reilly. After that, six start ups had the opportunity to talk about their new products. One of them was aka-aki. This is an interesting product, I think. Nothing I would need personally, but I am sure kiddies, teens and students will love it. It's also interesting from the technology standpoint of view - can use blue tooth, GPS and/or GSM cell information for phone/friend detection. Aka-aki will launch tomorrow here in Germany, this fall internationally. Posted by Malte Timmermann ( Oct 21 2008, 06:28:24 PM CEST ) Permalink Comments [0]
3000000x3 OpenOffice.org version 3 is available for 1 week now, and was already downloaded more than 3 million times! And this is only what we can count - it doesn't include torrents and other ways of distributions. More information and links in this blog. Posted by Malte Timmermann ( Oct 21 2008, 11:16:56 AM CEST ) Permalink Comments [0]
Thursday October 16, 2008 Review of OpenOffice.org 3 You might be interested in the Computerworld's review of OpenOffice.org 3. "...Given that the full suite is free, this is one of the best deals you'll find in all of computing. It'll do just about anything you expect from an office suite..." Just one point I would like to clarify: The statement "... It won't, however, work with the newest Office 2007 formats such as .docx..." is not 100% correct. You cannot save as docx, but you can open docx files. So this gives you the ability to salvage all the documents you created with your pre-installed MS Office 2007 trial version, which only stored your documents in this format and you don't know how to open them now w/o buying MS Office ;)
Beside the review itself, the blog has many users comments worth reading...
Posted by Malte Timmermann ( Oct 16 2008, 10:23:23 AM CEST ) Permalink Comments [0]
Monday October 13, 2008 OpenOffice.org 3 is there... somewhere! Well, when you try to get it from the official site (www.openoffice.org) NOW, you probably won't see it because too many people are trying to get it now. But it's there, and the new release comes with many new exciting features. The biggest addition probably is the native support for Mac OSX, but there are also many other great new features like a PDF import, import of Office 2007 documents, a multi page view in Writer, native tables in Impress, a Solver in Calc, and much more... When the web site is fully back to live, you should find a feature guide here. So the new version is absolutely worth updating your old installation, or finally start using OpenOffice.org at all. Posted by Malte Timmermann ( Oct 13 2008, 08:07:45 PM CEST ) Permalink Comments [2]
Wednesday July 23, 2008 Sun Java Communications Suite 6 - now with Convergence AJAX client Jim Parkinson has just blogged about the availability of the new release from the Java Communications Suite. Our messaging server is already well known for being rock solid and for it's great scalability. The new release offers interesting new features for mobile messaging (LEMONADE support). For me, as an end user in this case, the most interesting new feature is the web based mail and calendering client - Convergence. If you are interested, you can find many more details in Jim's blog. Posted by Malte Timmermann ( Jul 23 2008, 10:36:36 AM CEST ) Permalink Comments [0]
Thursday July 17, 2008 StarOffice 9 Beta 2 available! StarOffice 9 is ready for beta testing. If you want to give it a try, you can download it here. One of the biggest "features" is the native Mac support. This is something the people really wanted to have for a while now. You can find some interesting blog postings about the efforts on GullFOSS. Some people might be more interested in the new PDF import, or the nice presenter console. Writer learned a dual page view and has improved handling of notes. Impress has native support for tables now, as defined in ODF 1.2.
Calc has some features for collaborative editing, a new solver tool and improved charting functionality. You see - many improvements worth updating to the new version. Posted by Malte Timmermann ( Jul 17 2008, 07:31:20 PM CEST ) Permalink Comments [0]
Monday June 02, 2008 Big Buck Bunny and Network.com You might have seen all the news about the new open movie called "Big Buck Bunny". I just got aware that it was rendered on our Network.com platform! This is great. You can find a description about how they made use of our computing platform in this article.
Posted by Malte Timmermann ( Jun 02 2008, 03:29:54 PM CEST ) Permalink Comments [0]
Wednesday May 21, 2008 Office 2007 won't support ISO's OOXML Reading the announcement that Microsoft will implement ODF in Office 2007, it's also interesting to read that they will NOT support the ISO version of OOXML in Office 2007. Note that, for good reasons, also OpenOffice.org doesn't claim to support OOXML, but to implement import filters for the MS Office 2007 document formats. The new filters will become available in OpenOffice.org 3.0, which is already available as a beta version.
Posted by Malte Timmermann ( May 21 2008, 09:14:30 PM CEST ) Permalink Comments [0]
Microsoft to implement ODF in Office 2007 Here are the news! Sure we can't know how good their ODF support will be, but it's great that they start a native implementation for ODF now, coming with SP2 first half of 2009. Seems, for now, they only plan to have ODF for Word. If this is not enough for you, you are still invited to use our free ODF Plugin for MS Office, which gives you high quality ODF support in Word, Excel and PowerPoint. Posted by Malte Timmermann ( May 21 2008, 08:51:17 PM CEST ) Permalink Comments [0]
Monday May 19, 2008 A better Favorites Menu for OpenOffice.org Some time ago I posted my solution for a favorites menu in OopenOffice.org. This worked fine for me, but was somewhat like a quick hack. You had to configure the menu items in a basic Script - no GUI was assisting you in this. But somebody got aware of it, and started creating a neat bookmark solution with some GUI. I just gave the Bookmarks Menu Extension a try and decided to get rid of my own script - hanya's solution is much more convenient to use, thanks! Posted by Malte Timmermann ( May 19 2008, 11:21:14 AM CEST ) Permalink Comments [0]
Monday May 05, 2008 Sun ODF Plugin 1.2 available now We have just released version 1.2 of our Sun ODF Plugin for Microsoft Office. There are many improvements to the filters, especially in Word, so it's really worth downloading it. Posted by Malte Timmermann ( May 05 2008, 05:19:58 PM CEST ) Permalink Comments [7]
Wednesday March 26, 2008 Document Freedom Day Today is Document Freedom Day! This is great. And because it is about open document standards, it's mainly about ... yes, the Open Document Format (ODF), as you can read at the Document Standards page.
Posted by Malte Timmermann ( Mar 26 2008, 03:03:55 PM CET ) Permalink Comments [0]
Thursday March 06, 2008 OpenOffice.org goes LGPL v3! OpenOffice.org will switch to LGPL v3 with the upcoming OOo 3.0 Beta. Beside that, we will also exchange the old Joint Copyright Assignment (JCA) with the Sun Microsystems Inc. Contributor Agreement (SCA), which has some advantages for contributors. This change is effective immediately. More details can be found here. Posted by Malte Timmermann ( Mar 06 2008, 08:02:10 PM CET ) Permalink Comments [0]
Thursday February 07, 2008 OpenOffice.org runs on OLPC! J David Eisenberg wrote an email to the OASIS OpenDocument Format (ODF) Adoption TC, confirming that OpenOffice.org can be used on the OLPC. So you can use all kind of documents on your OLPC, since OpenOffice.org has filters for many different formats! Needles to say that of course this includes ODF files, even in a stripped down (USB stick optimized) OOo installation, since ODF is OOo's default file format. BTW: Most likely you don't need the JRE - OpenOffice.org uses Java only for some of the seldom used Wizards. So if the JRE doesn't fit on your USB stick, just go without it. Posted by Malte Timmermann ( Feb 07 2008, 12:24:51 PM CET ) Permalink Comments [0]
Wednesday December 12, 2007 Sun ODF Plugin 1.1 now fully working with Microsoft Office 2007! I just learned from Brian Jones that Microsoft has fixed a bug with Office 2007 SP1, which hindered the Sun ODF Plugin to work with Word 2007. I gave SP1 a quick try, and - it's working now! If you are interested in the details, just look at my older ODF Plugin FAQ and Brian's comments. This is really great news, and I am sure Brian took care that this would really be fixed with SP1 - thanks for this! If you already have the Sun ODF Plugin (and Office 2007) installed, just install SP1 and that's it. If you haven't installed the ODF Plugin yet, you can find it here. Posted by Malte Timmermann ( Dec 12 2007, 03:35:29 PM CET ) Permalink Comments [10]
Wednesday December 05, 2007 OpenOffice.org 2.3.1 is there OpenOffice.org 2.3.1 is available for download now. In addition to many fixes it also contains a security fix, so you really should consider updating.
Posted by Malte Timmermann ( Dec 05 2007, 10:00:03 AM CET ) Permalink Comments [2]
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
