NEWS
Weird Unofficial LibreOffice Version Shows Up in the Microsoft Store
A unofficial version of LibreOffice shows up in the Microsoft Store. The app was published by an obscure developer under the name ".net." There is no additional information about the developer. Clicking on the URL takes you to another app by the developer named "dress my doll."
How did this app make it into the store? Given the volume of apps submitted to Microsoft Store, App Store, and Google Play, it's virtually impossible for these vendors to vet each app manually. They all have an automated process.
Microsoft also has a certification process (https://docs.microsoft.com/en-us/windows/uwp/publish/the-app-certification-process): "When you finish creating your app's submission and click Submit to the Store, the submission enters the certification step. This process is usually completed within a few hours, though in some cases it may take up to three business days. After your submission passes certification, it can take up to 24 hours for customers to see the app's listing for a new submission, or for an updated submission with changes to packages. If your update only changes Store listing details, the publishing process will be completed in less than an hour. You'll be notified when your submission is published, and the app's status in the dashboard will be In the Store."
It's not clear if Microsoft also validates the authenticity of the app. It's not surprising that an app like LibreOffice would slip through the certification process and be available to users. Since LibreOffice is a fully open source project, anyone can compile it and redistribute the app, as long as they follow the terms of the license.
I reached out to The Document Foundation (TDF), the organization responsible for LibreOffice, and Italo Vignoli, one of the cofounders of TDF told me, "The Document Foundation has been made aware of an unofficial version of LibreOffice on the Windows [Microsoft] Store. We are investigating further, but we want to be clear: This is not an official version created by The Document Foundation, so the app's page is misleading. The only official source of the software (which can be downloaded for free, i.e., without any cost for the end user) is the LibreOffice website (https://www.libreoffice.org/). Also, the money from the Microsoft Store version is not collected by The Document Foundation."
My advice is to not download and install the app from Microsoft Store as we are unsure if there is any malicious code in it. Microsoft says it checks for malicious code before any app is published; it's better to be safe than sorry.
New Version of the Spectre Vulnerability Allows Attack from the Network
Monthly reports of new Spectre-related vulnerabilities are keeping security experts busy. Now a team of security researchers at the Graz University of Technology (Austria) has discovered another flaw, dubbed NetSpectre, that allows attacks over the network.
The crux of Spectre vulnerabilities is the way modern CPUs speculate on which workload will run next to improve performance. According to the team, "During speculative execution, the processor may perform operations the program usually would not perform. While the results of such operations are discarded if the speculative execution is aborted, microarchitectural side effects may remain."
Attackers exploit these side effects to read memory contents. Previous versions of the Spectre attack have required some kind of local code executive to launch the attack, but the latest discovery changes that.
"NetSpectre marks a paradigm shift from local attacks to remote attacks, exposing a much wider range and larger number of devices to Spectre attacks. Spectre attacks now must also be considered on devices which do not run any potential attacker-controlled code at all," wrote the researchers.
The team informed Intel back in March, and Intel has patched the problem during previous patches released by the company. The best available defense is to keep your systems up to date and install all security patches.
SUSE Sold for $2.5 Billion
SUSE is like a seasoned football player who changes ownership after a few successful seasons. This time the Swedish group EQT is buying SUSE from British-owned Micro Focus. This is the fourth sale of SUSE since its inception in 1992, a year after Linus Torvalds announced the Linux kernel.
What's different this time is that SUSE is being acquired by an investment firm and not a tech company. SUSE CEO, Nils Brauckmann, sees this as a move towards independence, with the company charting its own course instead of being a business unit of another tech company. "By partnering with EQT, we will become a fully independent business," said Brauckmann. "Together with EQT, we will benefit both from further investment opportunities and having the continuity of a leadership team focused on securing long-term profitable growth combined with a sharp focus on customer and partner success."
SUSE is well aware of the fact that the open source community will be keeping a close eye on this development. In a Hangout chat, Richard Brown, openSUSE Board Chairman, and the face of openSUSE community, told me that he received a phone call from Brauckmann updating him with the news and also reassuring him that nothing will change when it comes to open source and community engagement.
"As a SUSE employee, I'm excited about my employer's new owners. As an openSUSE Contributor, I'm not only excited, but thrilled at the proactive steps SUSE has taken to reassure the community, which really shows just how well SUSE understands how to operate as part of the open source world," Brown said.
In case you are curious, EQT is an investment firm with approximately EUR50 Billion in raised capital across 27 funds. EQT has portfolio companies in Europe, Asia, and the US with total sales of more than EUR19 Billion and approximately 110,000 employees.
Linux Magazine
ADMIN HPC
http://hpc.admin-magazine.com/
pdsh Parallel Shell * Jeff Layton
The pdsh parallel shell tool lets you run a command across multiple nodes in a cluster.
ADMIN Online
http://www.admin-magazine.com/
Flatpak, Snap, and AppImage * Valentin Höbel
The Flatpak, Snap, and AppImage package formats work across distributions, but each has its specific disadvantages.
Effective debugging of Docker containersMartin Loschwitz
Bugs can live in Docker containers. Read on for tips on how to debug them.
Continuous integration with Docker and GitLabMartin Loschwitz
GitLab provides the perfect environment for generating Docker containers that can help you operate critical infrastructure reliably and reproducibly.
ADMIN DevOps Focus
http://www.admin-magazine.com/DevOps
AWX: Web-Based Console Manager for Ansible * Chris Binnie
The upstream project of the Ansible Tower enterprise solution is now freely available as AWX. We look at Red Hat's new web-based console manager for Ansible deployments and discover its capabilities.
« Previous 1 2
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Direct Download
Read full article as PDF:
Price $2.95
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Find SysAdmin Jobs
News
-
CarbonOS: A New Linux Distro with a Focus on User Experience
CarbonOS is a brand new, built-from-scratch Linux distribution that uses the Gnome desktop and has a special feature that makes it appealing to all types of users.
-
Kubuntu Focus Announces XE Gen 2 Linux Laptop
Another Kubuntu-based laptop has arrived to be your next ultra-portable powerhouse with a Linux heart.
-
MNT Seeks Financial Backing for New Seven-Inch Linux Laptop
MNT Pocket Reform is a tiny laptop that is modular, upgradable, recyclable, reusable, and ships with Debian Linux.
-
Ubuntu Flatpak Remix Adds Flatpak Support Preinstalled
If you're looking for a version of Ubuntu that includes Flatpak support out of the box, there's one clear option.
-
Gnome 44 Release Candidate Now Available
The Gnome 44 release candidate has officially arrived and adds a few changes into the mix.
-
Flathub Vying to Become the Standard Linux App Store
If the Flathub team has any say in the matter, their product will become the default tool for installing Linux apps in 2023.
-
Debian 12 to Ship with KDE Plasma 5.27
The Debian development team has shifted to the latest version of KDE for their testing branch.
-
Planet Computers Launches ARM-based Linux Desktop PCs
The firm that originally released a line of mobile keyboards has taken a different direction and has developed a new line of out-of-the-box mini Linux desktop computers.
-
Ubuntu No Longer Shipping with Flatpak
In a move that probably won’t come as a shock to many, Ubuntu and all of its official spins will no longer ship with Flatpak installed.
-
openSUSE Leap 15.5 Beta Now Available
The final version of the Leap 15 series of openSUSE is available for beta testing and offers only new software versions.