NEWS
Weird Unofficial LibreOffice Version Shows Up in the Microsoft Store
A unofficial version of LibreOffice shows up in the Microsoft Store. The app was published by an obscure developer under the name ".net." There is no additional information about the developer. Clicking on the URL takes you to another app by the developer named "dress my doll."
How did this app make it into the store? Given the volume of apps submitted to Microsoft Store, App Store, and Google Play, it's virtually impossible for these vendors to vet each app manually. They all have an automated process.
Microsoft also has a certification process (https://docs.microsoft.com/en-us/windows/uwp/publish/the-app-certification-process): "When you finish creating your app's submission and click Submit to the Store, the submission enters the certification step. This process is usually completed within a few hours, though in some cases it may take up to three business days. After your submission passes certification, it can take up to 24 hours for customers to see the app's listing for a new submission, or for an updated submission with changes to packages. If your update only changes Store listing details, the publishing process will be completed in less than an hour. You'll be notified when your submission is published, and the app's status in the dashboard will be In the Store."
It's not clear if Microsoft also validates the authenticity of the app. It's not surprising that an app like LibreOffice would slip through the certification process and be available to users. Since LibreOffice is a fully open source project, anyone can compile it and redistribute the app, as long as they follow the terms of the license.
I reached out to The Document Foundation (TDF), the organization responsible for LibreOffice, and Italo Vignoli, one of the cofounders of TDF told me, "The Document Foundation has been made aware of an unofficial version of LibreOffice on the Windows [Microsoft] Store. We are investigating further, but we want to be clear: This is not an official version created by The Document Foundation, so the app's page is misleading. The only official source of the software (which can be downloaded for free, i.e., without any cost for the end user) is the LibreOffice website (https://www.libreoffice.org/). Also, the money from the Microsoft Store version is not collected by The Document Foundation."
My advice is to not download and install the app from Microsoft Store as we are unsure if there is any malicious code in it. Microsoft says it checks for malicious code before any app is published; it's better to be safe than sorry.
New Version of the Spectre Vulnerability Allows Attack from the Network
Monthly reports of new Spectre-related vulnerabilities are keeping security experts busy. Now a team of security researchers at the Graz University of Technology (Austria) has discovered another flaw, dubbed NetSpectre, that allows attacks over the network.
The crux of Spectre vulnerabilities is the way modern CPUs speculate on which workload will run next to improve performance. According to the team, "During speculative execution, the processor may perform operations the program usually would not perform. While the results of such operations are discarded if the speculative execution is aborted, microarchitectural side effects may remain."
Attackers exploit these side effects to read memory contents. Previous versions of the Spectre attack have required some kind of local code executive to launch the attack, but the latest discovery changes that.
"NetSpectre marks a paradigm shift from local attacks to remote attacks, exposing a much wider range and larger number of devices to Spectre attacks. Spectre attacks now must also be considered on devices which do not run any potential attacker-controlled code at all," wrote the researchers.
The team informed Intel back in March, and Intel has patched the problem during previous patches released by the company. The best available defense is to keep your systems up to date and install all security patches.
SUSE Sold for $2.5 Billion
SUSE is like a seasoned football player who changes ownership after a few successful seasons. This time the Swedish group EQT is buying SUSE from British-owned Micro Focus. This is the fourth sale of SUSE since its inception in 1992, a year after Linus Torvalds announced the Linux kernel.
What's different this time is that SUSE is being acquired by an investment firm and not a tech company. SUSE CEO, Nils Brauckmann, sees this as a move towards independence, with the company charting its own course instead of being a business unit of another tech company. "By partnering with EQT, we will become a fully independent business," said Brauckmann. "Together with EQT, we will benefit both from further investment opportunities and having the continuity of a leadership team focused on securing long-term profitable growth combined with a sharp focus on customer and partner success."
SUSE is well aware of the fact that the open source community will be keeping a close eye on this development. In a Hangout chat, Richard Brown, openSUSE Board Chairman, and the face of openSUSE community, told me that he received a phone call from Brauckmann updating him with the news and also reassuring him that nothing will change when it comes to open source and community engagement.
"As a SUSE employee, I'm excited about my employer's new owners. As an openSUSE Contributor, I'm not only excited, but thrilled at the proactive steps SUSE has taken to reassure the community, which really shows just how well SUSE understands how to operate as part of the open source world," Brown said.
In case you are curious, EQT is an investment firm with approximately EUR50 Billion in raised capital across 27 funds. EQT has portfolio companies in Europe, Asia, and the US with total sales of more than EUR19 Billion and approximately 110,000 employees.
Linux Magazine
ADMIN HPC
http://hpc.admin-magazine.com/
pdsh Parallel Shell * Jeff Layton
The pdsh parallel shell tool lets you run a command across multiple nodes in a cluster.
ADMIN Online
http://www.admin-magazine.com/
Flatpak, Snap, and AppImage * Valentin Höbel
The Flatpak, Snap, and AppImage package formats work across distributions, but each has its specific disadvantages.
Effective debugging of Docker containersMartin Loschwitz
Bugs can live in Docker containers. Read on for tips on how to debug them.
Continuous integration with Docker and GitLabMartin Loschwitz
GitLab provides the perfect environment for generating Docker containers that can help you operate critical infrastructure reliably and reproducibly.
ADMIN DevOps Focus
http://www.admin-magazine.com/DevOps
AWX: Web-Based Console Manager for Ansible * Chris Binnie
The upstream project of the Ansible Tower enterprise solution is now freely available as AWX. We look at Red Hat's new web-based console manager for Ansible deployments and discover its capabilities.
« Previous 1 2
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
Halcyon Creates Anti-Ransomware Protection for Linux
As more Linux systems are targeted by ransomware, Halcyon is stepping up its protection.
-
Valve and Arch Linux Announce Collaboration
Valve and Arch have come together for two projects that will have a serious impact on the Linux distribution.
-
Hacker Successfully Runs Linux on a CPU from the Early ‘70s
From the office of "Look what I can do," Dmitry Grinberg was able to get Linux running on a processor that was created in 1971.
-
OSI and LPI Form Strategic Alliance
With a goal of strengthening Linux and open source communities, this new alliance aims to nurture the growth of more highly skilled professionals.
-
Fedora 41 Beta Available with Some Interesting Additions
If you're a Fedora fan, you'll be excited to hear the beta version of the latest release is now available for testing and includes plenty of updates.
-
AlmaLinux Unveils New Hardware Certification Process
The AlmaLinux Hardware Certification Program run by the Certification Special Interest Group (SIG) aims to ensure seamless compatibility between AlmaLinux and a wide range of hardware configurations.
-
Wind River Introduces eLxr Pro Linux Solution
eLxr Pro offers an end-to-end Linux solution backed by expert commercial support.
-
Juno Tab 3 Launches with Ubuntu 24.04
Anyone looking for a full-blown Linux tablet need look no further. Juno has released the Tab 3.
-
New KDE Slimbook Plasma Available for Preorder
Powered by an AMD Ryzen CPU, the latest KDE Slimbook laptop is powerful enough for local AI tasks.
-
Rhino Linux Announces Latest "Quick Update"
If you prefer your Linux distribution to be of the rolling type, Rhino Linux delivers a beautiful and reliable experience.