back to article Apache OpenOffice: Not dead yet, you'll just have to wait until mid-May for mystery security fixes

Apache OpenOffice, sized for euthanasia by one of its own last year, still lives and should see an update before the end of May, allegedly. The open-source productivity suite has been referred to as "a shambling corpse" by those appalled at its languid update schedule and those skeptical that its skeleton crew of volunteers …

  1. ITS Retired

    I prefer OpenOffice

    over LibreOffice. Why? Because it seems smother, easier to use than LibreOffice.

    I have both on my computers and only use LibreOffice, when I need to, on certain, newer MS Word/Excel documents I receive from others.

    1. keithpeter
      Pint

      Re: I prefer OpenOffice

      @ITS Retired

      Interesting experience. oOo uses its own font rendering library and LO uses, since version 5 I think, the native library on the OS it is running on. Information about your OS and graphics driver would help pin that one down.

      Concrete example: ancient Thinkpad X61s, intel graphics, intel open source driver under Slackware 14.2 with stock KDE, I could see a response difference between oOo installed from the Apache rpms on the one hand and the Alien Bob LO binaries/version built from source on the other.

      Pint to all involved with both projects. I use them almost every day.

    2. DrXym Silver badge

      Re: I prefer OpenOffice

      I prefer LibreOffice over OpenOffice. Because it's receiving active development new features and bug fixes for the past several years that OO hasn't.

      I think the name LibreOffice is horrible though. It would be nice some day if it could reclaim the use of the name OpenOffice.

      LibreOffice (and OpenOffice assuming it ever develops) really need to start thinking about the future though, especially cloud storage and other forms of online integration. Microsoft are really pushing this hard to lock people into Office 365 so it would be good for LibreOffice to offer something analogous for businesses that want to get out. 5.3 has an "online" collaborative mode so that would be a good thing to expand and push the benefits of.

      1. Ken Moorhouse Silver badge

        Re: ...pushing this hard to lock people into Office 365...

        If something is good then there is no need to lock people in. MS has already demonstrated that your storage allocation may go down as well as up.

        If ephemeral storage (that's what cloud storage should really be called) is needed then let that be provided by a third-party that makes available hooks for all products, including maybe {O36x|x<5}

        Apart from "core competency" considerations, Integrating cloud into LibreOffice, and integrating cloud into OpenOffice using a different technique forces people into making a committed choice. If the projects were ever to merge then this would be a barrier to merging.

        P.S. I prefer OO because I started using that first, but I have both on my system.

      2. Anonymous Coward
        Anonymous Coward

        Re: I prefer OpenOffice

        > LibreOffice (and OpenOffice assuming it ever develops) really need to start thinking about the future though, especially cloud storage and other forms of online integration

        No. An office suite is an office suite, and the storage problem is quite orthogonal to it.

        And with that said, there are more than a few "cloud storage" solutions to choose from. At our organisation, it is Nextcloud with locally installed desktop (and phone) clients, which makes the "cloud storage" part of the equation transparent to users. That is just an example though, and many other solutions are possible, none of which are tied to the office suite vendor.

        1. Doctor Evil

          Re: I prefer OpenOffice

          "No. An office suite is an office suite, and the storage problem is quite orthogonal to it."

          This. Could be said for most (virtually all?) desktop applications. Marketers, however, like to throw around "cloud storage" as a buzzword implying deep new functionality.

          1. Anonymous Coward
            Anonymous Coward

            Re: I prefer OpenOffice

            > Could be said for most (virtually all?) desktop applications.

            Indeed.

        2. nijam

          Re: I prefer OpenOffice

          > An office suite is an office suite, and the storage problem is quite orthogonal to it.

          True. And yet...try getting Microsoft to understand that.

      3. IGnatius T Foobar

        LibreOffice 365

        Develop the code to run LibreOffice (or even OpenOffice, merge the damn projects already) and simply publish it to the world. Now everyone can run an online office suite on their own servers, or on any of the thousands of providers that will inevitably appear. The benefits of online without the lock-in.

        1. jake Silver badge

          Re: LibreOffice 365

          WHY? Sounds like an 'orrible idea to me. Adding more layers of things to go wrong is an anathema to the very concept of secure, stable and available computing.

        2. Ken Moorhouse Silver badge

          Re: LibreOffice 365

          The benefits of online without the security

          Apologies for being negative.

          Opensource has lots of benefits, but consumers of it have to be savvy about the ancestry of the build they use. Checksum hashes help to check credentials of the issuing source, but arguably these two downloads (app and hash) need to be on separate domains, independent of each other to prove veracity.

          That's the first thing.

          Second, consumers of opensource stuff, do they bother to check Checksum hashes anyway?

          1. Ken Moorhouse Silver badge

            Re: LibreOffice 365: downvote

            Shame that the downvoter didn't care to share their thoughts with us.

            Never mind. Here's my view FWIW:-

            Mint's site got hacked a while ago, and dodgy ISO's were being served up.

            How does one know what one is getting when downloading anything? If there is a tie-up between Checksum hashes on a separate independent domain - such as distrowatch, then it helps increase one's confidence in what is being downloaded is the real deal.

            But Libreoffice is not in the same category as Mint. But one's confidential data is more critical to be secured. How do you safeguard your on-line data when using a gateway such as LibreOffice?

            In three words: provenance is key.

            1. Anonymous Coward
              Anonymous Coward

              Re: LibreOffice 365: downvote

              > How does one know what one is getting when downloading anything?

              You definitely know what you're getting. What you do not know is if that's what you expected to get.

              How do you know that when you're logging into the Office whatever site you are really logging into the right site and not a fake one? How do you know that whatever software updates you are getting are really what you're expecting to get (yes I know about signatures)?

              The answer is, it depends on the degree of sophistication of both the target and the attacker.

              Quite what in God's name this has to do with LibreOffice, or FOSS, or anything else, however, I cannot fathom.

          2. Anonymous Coward
            Anonymous Coward

            Re: LibreOffice 365

            > Opensource [sic] has lots of benefits, but consumers of it have to be savvy about the ancestry [sic] of the build they use.

            By ancestry do you mean origin? Or the actual commit history?

            And perhaps you would care to explain your actual point? I for one have no idea what you're trying to say.

          3. Anonymous Coward
            Stop

            Re: LibreOffice 365

            Spot on.

            "......but consumers of it have to be savvy about the ancestry of the build they use. Checksum hashes help to check credentials of the issuing source......"

            Whooossshhhhhh...

            And that is the sound of what you have said going over 99.999% of consumers heads.

            And we wonder why IT is seen as nerdy.

    3. Anonymous Coward
      Anonymous Coward

      Re: I prefer OpenOffice

      I prefer Google's docs, it's easier to use, no backups or undo history to lose, is free, doesn't need installing of updating does proper collaboration, and above all is very secure (1 document protected by 2FA and revokable permissions, not multiple uncontrollable emailed copies floating about)

      For corporate security Google apps for work offers a very compelling featureset.

      If only Sony pictures had used this, their hack would have likely not occured, or would have been vastly less widespread

      1. Anonymous Coward
        Anonymous Coward

        Re: I prefer OpenOffice

        That's fine if you trust Google not to spy on you or do (deniable?) indirect demographics, I don't trust it much, so blacklist its search engine and limited how much I use its stuff, including excluding a lot of data from my Android devices.

        You can get a usable Port of LibreOffice for Android i.e. can be used off-line, so is probably harder to snoop on.

        Sony had seriously flawed security because corporations eventually regress, because the management isn't exposed to a much risk as an individual or family which fully own a business.

    4. Charlie Clark Silver badge

      Re: I prefer OpenOffice

      over LibreOffice. Why? Because it seems smother, easier to use than LibreOffice.

      Same for me on MacOS. Despite the undoubted technical advances in LibreOffice it's crashed too often for me to be usable. But most worryingly is how the UI seems to be going backward. I'm increasingly thinking of switching to MS Office 2016.

    5. nijam

      Re: I prefer OpenOffice

      > ...it seems smother...

      Odd phrasing, but I take it to mean you're supporting the OpenOffice euthanasia vote.

  2. Joe User

    Updates for OpenOffice

    Amounts to one last transfusion because the body is still warm....

    1. a_yank_lurker Silver badge

      Re: Updates for OpenOffice

      Still warm; barely above room temperature.

  3. Jonathan 27 Bronze badge

    If it gets too bad they can always switch to a "just pull all changes from LibreOffice strategy". At this point LibreOffice just feels like the most recent update to OpenOffice and OpenOffice just feels dated.

    1. Chemical Bob

      They can't do that. LibreOffice is released under a dual LGPLv3/MPL license and OpenOffice under the Apache license. The practical result is that LibreOffice can incorporate any OpenOffice improvements but OpenOffice can't incorporate any LibreOffice improvements.

      1. jimjag
        Pint

        Which they (LO) has done quite aggressively. Even if for no other reason, Apache accepting OpenOffice from Oracle (if Apache had not accepted it, OO would have been shuttered), allowed the relicensing of the entire codebase to ALv2, which was a VERY good thing for LO, since it provided them with true IP provenance and patent protection.

        LO could, of course, be "neighborly" and return some patches improvements to AOO, despite not being required to due to their licensing, but have chosen not to, which is their right. But it does seem ironic that LO requires patches to their code to be contributed back, but don't feel the need/desire to do so in cases where it's not required. It proves, to me at least, is that copyleft licenses are all about forcing behavior that one doesn't expect to simply happen, which is a sad outlook.

        1. Anonymous Coward
          Anonymous Coward

          [...]which is a sad outlook.

          Outlook™ is sad.

          1. Anonymous Coward
            Anonymous Coward

            Outlook™ is sad.

            .. but alas the key to the iron grip Microsoft has on end users so they stick with Office 365.

            That said, the security problem and bug in Outlook 2016/365 is massive - it polls the root domain of your email address before bothering to access the host you have actually configured, and it takes only a few lines of code to make it give you the account password. It's a good thing only a few know about it (MS claims it's a "feature", but because it is part of auto-config doesn't mean it's actually sane to do this).

            To be honest, OO has dropped off my radar quite a while ago. By way of illustration, LO has now matured to such a degree that they have now implemented a sort of "ribbon" clone in the advanced features (it's called Notebook Bar) and to be fair, it is a good clone as it is as ghastly as Microsoft's ribbon and just as productivity destroying. Evidently there was not that much more to add. On the topic of that specific "innovation" - I find it so compatible with the MS ribbon that it is worth avoiding with the same enthusiasm..

            At least you have a choice here, though, it's not rammed down people's throat. As a matter of fact, it's hard to find, I just came across it when reading the release notes (yes, I read those, I'm that one hit of last month :) ).

            1. Anonymous Coward
              Anonymous Coward

              It gets worse ...

              Pen-tester gets past Microsoft VB macro barriers

              Outlook Forms aren't macros, after all - but is it a bug or a feature?

        2. Chemical Bob

          "copyleft licenses are all about forcing behavior that one doesn't expect to simply happen"

          Apache didn't have to choose a shit license.

    2. Snowman

      Even that is problematic for them to do

      It was brought up how bad the licensing chosen when transitioned from Oricle to Apache was announced, it was set up in a way they can not easily include LibreOffice's improvements but LibreOffice can include most anything from OpenOffice other than things like trademarks of OO. Granted one of the reasons for the split was there was a ton of third party improvements that had not been merged into the core code base and they did a lot of clean up too, so it was likely going to be a long time before OpenOffice would be in a position to be doing work that was not already done on LibreOffice even if it had gone well and attracted a much larger set of devs.

  4. Gene Cash Silver badge

    "Apache changed its public records"

    Wow. That's a move worthy of Trump. What a bag of dicks. And they wonder why devs don't want to work with them so much...

    1. Anonymous Coward
      Anonymous Coward

      They don't wonder why devs don't want to work with them. They never intended for devs to want to work with them.

      1. Anonymous Coward
        Anonymous Coward

        "They never intended for devs to want to work with them."

        I appreciate that Oracle are cynical and self-interested enough for that to be plausible, but why would that still be the case now it's under the control of the Apache Foundation?

      2. jimjag
        Flame

        That is priceless FUD. Congrats!

    2. 2Nick3 Bronze badge

      Downvoted for the unnecessary political quip. The comment works just as well without the second sentence.

    3. jimjag

      Did you even read *why* the public records were changed? Because it was confidential information.

      1. nijam

        > Because it was confidential information.

        Maybe it used to be, at some point in history. But once it's been on a public facing website, even for only a few minutes, it's not confidential information.

  5. Anonymous Coward
    Go

    I admire their spunk!

    Context: I'm a Microsoft Office 2010 user, I never got a click with both OpenOffice and LibreOffice. I do have LibreOffice installed on my FreeBSD powered laptop but that's it. On my desktop it's Word, Excel and all from 2010.

    So first of all: a major security flaw? I can see the risks but you honestly need to take this within context as well. It's not as if OpenOffice actively reaches out across the Internet. Also: cause & effect? You conclude that the change was made because of your probing, but can you really be sure of that without having checked what triggered the change?

    See, I can do better than you guys here ;)

    "OpenOffice is DOOMED, they shown refusal to fix an important flaw in the software. Previously they promised to include one security fix within their next release, but while thinking about writing this message (which took me one week at least, honest! <fingers crossed>) all of a sudden they changed the release notes and removed mentioning of this!"

    Sure, I am kidding with the "one week preparations", but if you take that out of the equation doesn't this sound at least somewhat plausible as well? Better yet: it's even hurting the project even more! win win! or.. maybe not.

    My stance is simple: just because a project doesn't use the same release cycle as their competitors doesn't mean it's dead. I also couldn't help notice that there wasn't one single link to back up your claims about said security risk. Which leads up to another possibility: there was no risk in the first place and so it got removed. Which is what you noticed, and then drew ridiculous conclusions that it had something to do with yourself.

    Tunnel vision much perhaps?

    1. keithpeter
      Windows

      Re: I admire their spunk!

      "My stance is simple: just because a project doesn't use the same release cycle as their competitors doesn't mean it's dead. "

      I hope you are right. However, having developers on the project mailing list discussing the best way to 'retire' the software is not generally taken as a sign of rude health...

      https://arstechnica.com/information-technology/2016/09/openoffice-after-years-of-neglect-could-shut-down/

    2. a_yank_lurker Silver badge

      Re: I admire their spunk!

      Not wishing OO ceases but the size and nature of the project makes it difficult for a small group to handle. Also, OO lost too much momentum while Leisure Suit's Minions navel gazed. LO and to a lesser extent MariaDB got a solid jump on their parents during the dithering phase. This hurt OO much more than MySQL.

      I have not looked into the licensing issues. I am not sure Apache will modify the license on OO so they could port LO improvements into OO.

      Personally I would like a healthy OO as another option against Slurp and I like LO. Having a couple of options also means there is some different ideas about the feature set and UI available.

      1. keithpeter
        Coat

        Re: I admire their spunk!

        "Personally I would like a healthy OO as another option against Slurp and I like LO. Having a couple of options also means there is some different ideas about the feature set and UI available."

        Yup - LO are refactoring the code base - I remember them saying that earlier in the fork - quite a lot of the code goes back to StarOffice days apparently.

        oOo are taking different tack and keeping quite a lot of the legacy code I gather so you have diverging back ends and, as 'lurker' says, a choice of UI models should LO do anything too ribbon like as default.

        Note quite Joel Spolsky but it will be interesting to see how the code bases evolve if oOo survives.

        1. Infernoz Bronze badge
          Holmes

          Re: I admire their spunk!

          Code rot is an obsolescence variant of technical-debt which will bite you later, often as security issues (e.g. in OO probably) or as code which is hard to maintain.

          Most code should be written as manageable sized modules for ease of functional testing, and for isolation to allow internal changes which won't break other code as much; it sounds like this is what the LO wisely team is wisely doing with the crufty old OO code, but the obviously Zombie OO project has shufflingly failed to do.

    3. GrapeBunch Bronze badge

      Re: I admire their spunk!

      I suppose there was a time when the phrase "fair dinkum" might have occasioned a raised eyebrow anywhere except Australia. When a gf went to study in the UK, she let go with the expression "a coon's age" (meaning "a long time", a decade or more) to collective shock and horror around the lunch table. I'm sure she would have received feedback around a USA lunch table, too.

      Because of the market dominance of MS, I suppose that open developers must have spent a lot of time around the lunch table discussing to what extent they should provide a compatibility mode. In other words, they will try to render a document as the document instructs them, but in compatibility mode they would render the document the way a particular version of MS Office would render it. Seems like a no-brainer, but seeking compatibility uber alles is a slippery path.

      Around a more exalted table at MS, they must spend a lot of time figuring out ways to get open software to fail to properly render an MS Office document. This also can be a slippery path, though usually a win for the market dominator. E.g. MS-DOS versus DR-DOS.

      I use LibreOffice, but not often. In olden days when faced with (the possibility of) screen garbage, I would ask the originator to save the document to a format old even then (was it Word 2.1 ?). That would stand a better chance of indigestion-free consumption by whatever version of AbiWord I happened to be using. That approach is less productive when the document has been published rather than sent.

      1. Ken Moorhouse Silver badge

        Re: render the document the way a particular version of MS Office would render it

        No point because in the past at least, MS couldn't be bothered to ensure identical page layout between versions of their own products.

        Many years ago I had a global publisher of modular educational materials as a customer. When they moved versions of MS Office (or printer hardware) they had to reprint every single page of every single document that was in their current course portfolio because of page formatting anomalies.

        Arguably they should have been using software with better markup control in the first place, but I suppose budgets got in the way (an example of short-term gain being a long-term nightmare).

      2. nijam

        Re: I admire their spunk!

        > ...at MS, they must spend a lot of time figuring out ways to get open software to fail to properly render an MS Office document

        I don't think they need to. MSOffice makes such a dog's breakfast of layout, font, etc. that it's pretty much a given that well-designed software would struggle with it.

  6. Woza
    Headmaster

    Impressive doubletalk

    "There is nothing ...secretive about this," Jagielski said. "Some items we are required to keep private..."

    1. Pascal Monett Silver badge

      Re: Impressive doubletalk

      And completely wrong. Altering posted records without justifying oneself openly is very much being secretive. It's also being dishonest.

      We see a lot of that nowadays, so I guess it's normal then.

      1. jimjag
        Facepalm

        Re: Impressive doubletalk

        And that's why we responded to queries about it...

    2. jimjag
      FAIL

      Re: Impressive doubletalk

      Just in case you don't realize the difference, abiding by confidentiality agreements is not the same as "secretive". You hope you understand the importance of that. Do you consider hospitals not disclosing your private medical records as being "secretive"??

  7. Walter Bishop Silver badge
    Terminator

    Unpatched security issue ..

    "Apache OpenOffice 4.1.3 – the latest available version, and released in October – contains at least one undisclosed and so-far unpatched security issue"

    Shurly on issue with the underlying platform?

  8. Boohoo4u

    I'm shocked!

    I've been installing LibreOffice for years, because it was my understanding OpenOffice was dead.

    Now I can pretend I knew, and made conscious decision chosing the better product.

    I made the switch so long ago, it might even be true.

  9. Anonymous Coward
    Anonymous Coward

    Use Googles office suite online equivalent to Office

    Free, usable on windows and linux. What't not to like?

    1. charlie-charlie-tango-alpha
      WTF?

      Re: Use Googles office suite online equivalent to Office

      "Free, usable on windows and linux. What't not to like?"

      Oh jeeeeez.

      Fine, if you are happy for Google to own one more bit of your data. A BIG bit of your data, to go with all your email and all your search data.

      I despair. Why do people care so little for their privacy?

    2. Anonymous Coward
      Anonymous Coward

      Re: Use Googles office suite online equivalent to Office

      > What't not to like?

      Google

    3. Anonymous Coward
      Anonymous Coward

      Re: Use Googles office suite online equivalent to Office

      "What't not to like?"

      It's web based and unusable when you're offline?

      1. Anonymous Coward
        Anonymous Coward

        Re: Use Googles office suite online equivalent to Office

        Untrue. That is pure Microsoft scroogled fud that has no truth in reality.

        https://support.google.com/docs/answer/6388102?co=GENIE.Platform%3DDesktop&hl=en

    4. jake Silver badge

      Re: Use Googles office suite online equivalent to Office

      It's web based and not available from the real Internet?

  10. Oh Homer
    Big Brother

    "studiously read by people for ... ill"

    The AF's Orwellian mentality alone is enough reason for me to prefer LibreOffice.

  11. Herby Silver badge

    Needed feature...

    To be able to read/write the 365's cloud files directly into the application. You do your stuff locally, and save it out the those other guys "cloud".

    This might need to make sure that the formats work correctly, but that is a continuing effort.

    At a previous job, I was in a constant tog-of-war with that other software and LibreOffice. They handled tables and indents differently for me, and every time I read back in the saved file it was mushed up. I might have done something wrong (likely), but it did mess things up.

    What needs to be done is to persuade a hardware vendor to include it in the "shipped software" by default. I suspect the Redmond people might object though!

    1. Anonymous Coward
      Anonymous Coward

      Re: Needed feature...

      "What needs to be done is to persuade a hardware vendor to include it in the "shipped software" by default."

      God no, have enough issues clearing unwanted crap of a new pc, now, please don't add another gig's worth of out of date software on there.

  12. Oh Homer
    Childcatcher

    Re: "What needs to be done"

    No, what actually needs to be done is for Microsoft to stop redundantly "competing" with its own supposedly "open" (and perpetually incomplete) "standard", and just adopt ODF, like it should have done in the first place.

    1. Ken Moorhouse Silver badge

      Re: "adopt ODF"

      One of my clients maintains a daily Foreign Exchange spreadsheet on Excel, and has done for many years. No exotic currencies in there, no exotic formulae or macros or formatting, nothing that a standard four-function calculator couldn't churn out, given time. One day I had a call-out from them as anomalies were creeping into the figures.

      It transpired that somehow the spreadsheet had been saved in an Open Document Format supported by Excel, rather than in customary xlsx format, and this, somehow, caused calculations to go awry. Putting it back to saving as .xlsx everything returned to normal.

      Moral of story: Even if MS indicate that they support something doesn't necessarily indicate the depth of that support.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019