Language Selection

English French German Italian Portuguese Spanish

Best free Microsoft Office alternative software

Filed under
LibO
OOo

Thanks to the Open Document Format, you can easily access all files and edit and save them with no hassle.

Read more

More in Tux Machines

Free Software and OSS Leftovers

  • Benefits Of Using Odoo For Small Businesses

    In this tutorial, we will be showing you how using Odoo can benefit a small or medium-sized business. As times have progressed, businesses big and small have become more complex in their operations. With several departments having to function and share information to one another, the need for an integrated system has grown by leaps and bounds. More and more small business are implementing ERP systems. In fact, once an ERP system is implemented, it often becomes the backbone of many corporate-scale businesses. Such systems can seamlessly integrate business lifecycles, such as production, inventory management, order processes, and more. An example of this system would be Odoo, one of the most popular ERP systems currently available.

  • Best WordPress Backup Plugins 2020

    It is at most important to keep multiple backups of your WordPress site. In case the website is compromised or any plugin update breaks your site, WordPress backups can help you restore it quickly. Mainly, a WordPress site consists of three important parts, the database, user-created files such as plugins, themes, and uploaded files, and finally the WordPress core files. If anyone of these three parts is missing or corrupted, the website will not function properly or will not function at all. When we create a backup, we create a backup of the site database and the user-created files. WordPress core files can be downloaded and installed separately.

  • FSF: Volunteers needed: Help maintain our webmail page

    The Free Software Foundation (FSF) needs your help! We are looking for several reliable volunteers to keep our Free Software Webmail Systems page up to date, and respond to community questions about webmail programs as they come in. Between 1,000 and 2,000 visitors check out this resource every month, and we want to make sure our recommendations are accurate! If you're interested, please contact us at campaigns@fsf.org. Our Free Software Webmail Systems page is used to share resources for people interested in using their email over the Web without compromising their freedom. Many webmail systems meet at least some of our standards for respecting users, including compliance with GNU LibreJS standards, but they're constantly changing, and new services are popping up every day. When sites listed on this page change their services for the better or the worse, they don't tend to notify us, which means that some vigilance is required to make sure that this resource stays useful.

  • Parsing PAN-OS logs using syslog-ng

    Version 3.29 of syslog-ng was released recently including a user-contributed feature: the panos-parser(). It is parsing log messages from PAN-OS (Palo Alto Networks Operating System). Unlike some other networking devices, the message headers of PAN-OS syslog messages are standards-compliant. However, if you want to act on your messages (filtering, alerting), you still need to parse the message part. The panos-parser() helps you create name-value pairs from the message part of the logs. From this blog you can learn why it is useful to parse PAN-OS log messages and how to use the panos-parser().

  • Intel Releases HAXM 7.6.5 Execution Manager

    Intel has debuted a new version of HAXM, its Hardware-Accelerated Execution Manager that serves as an accelerator for the Android Emulator and QEMU via Intel VT enabled CPUs.

  • Update devices remotely with this open source tool

    The ability to access, connect, and manage multiple devices remotely through a single account is important. Going a step further, being able to completely update devices remotely is another way for sysadmins to reduce effort and minimize headaches. UpdateHub is an open source solution that allows you to do complete device updates, including firmware and bootloaders, remotely. Its goal is to make it easier to do device updates and reduce rework and risk, whether you're updating thousands of devices or managing small deployments. UpdateHub handles all aspects of over-the-air (OTA) updates, including package integrity and authenticity, while you take care of your other work.

  • Daniel Stenberg: My first 15,000 curl commits

    I’ve long maintained that persistence is one of the main qualities you need in order to succeed with your (software) project. In order to manage to ship a product that truly conquers the world. By continuously and never-ending keeping at it: polishing away flaws and adding good features. On and on and on.

Graphics: Taiwins 0.2, Etnaviv, V3DV, Libre-SOC, X.Org/FreeDesktop.org and More

  • Taiwins 0.2 is out
    Hi all,
    
    A long while ago [1]. I introduced the Taiwins wayland compositor. It was
    built upon libweston. It turned out despite my attempts, I couldn't get my
    patches to merge in libweston. Libweston has quite a few bugs and missing
    features to fit the role of a daily driver.
    
    These past few months, Taiwins was going through a long refactoring process
    in migrating from libweston. Today, taiwins uses a very thin layer of
    wlroots for hardware abstraction, the next release will target on removing
    the reliance of wlroots as well. Today it has the features of:
    
    - dynamic window management.
    - extensible and easy configuration through lua.
    - very efficient GL renderer, updates only the damages.
    - a widget system and you can create widgets through lua as well.
    - built-in shell and application launcher.
    - configurable theme.
    - emacs-like key sequence based binding system.
    - built-in profiler and rendering debugger.
    
    Along the way, I developed Twobjects [2], a backend agnostic wayland object
    implementation for compositors. This library implements basic wayland
    protocols as well as various other wayland protocols like 'xdg-shell' and
    many more. Using twobjects, you can focus on building your own unique
    features for the compositor and let it handle the most tedious protocol
    implementations.It doesn't expose everything as `wl_signals` like wlroots
    does, so you don't need to write additional glue code for it.
    
    Taiwins is still in development but missing features are getting less and
    less, you can check out its website https://taiwins.org or if you would
    like to help, check out the project page https://github.com/taiwins/taiwins
    for getting started.
    
    Thanks,
    Xichen
    
    
  • Taiwins 0.2 Released As Modular Wayland Compositor That Supports Lua Scripting

    Back in May the Taiwins Wayland compositor was announced as a compact compositor based on Libweston while Thursday marked its second release. With Taiwins 0.2 the switch was made from using libweston as a basis for the compositor to now using Sway's WLROOTS library. Libweston was dropped over open bugs and other issues and in part the ability to get patches easily merged back into upstream libweston. So with the shortcomings of the Weston library, Taiwins 0.2 is now running on WLROOTS. However, by the next release they hope to have their thin layer over WLROOTS removed so that library isn't needed either.

  • Etnaviv Gallium3D Adds On-Disk Shader Cache Support

    Etnaviv as the open-source, reverse-engineered OpenGL graphics driver for Vivante graphics IP now has support for an on-disk shader cache.

  • V3DV Developers Lay Out Plans For Upstreaming The Raspberry Pi 4 Vulkan Driver In Mesa

    Building off the V3DV driver talk at XDC2020 about this open-source Vulkan driver for the Raspberry Pi 4 driver, the Igalia developers responsible for this creation have laid out their plans on getting this driver upstream within Mesa. In a mailing list post today they note they are down to just 18 test cases failing for the Vulkan CTS while 106,776 tests are passing for this Vulkan Conformance Test Suite. Vulkan games like the respun versions of Quake 1-3 and OpenArena are working along with various game emulators. Various Vulkan demos also run well too.

  • Libre-SOC Still Persevering To Be A Hybrid CPU/GPU That's 100% Open-Source

    The project that started off as Libre-RISC-V with aims to be a Vulkan accelerator but then decided on the OpenPOWER ISA rather than RISC-V is still moving ahead under the "Libre-SOC" branding. Libre-SOC continues to be led by Luke Kenneth Casson Leighton and this week he presented both at the OpenPOWER Summit and X.Org Developers' Conference (XDC2020) on his Libre-SOC dreams of having a 100% fully open SoC on both the software and hardware sides while being a hybrid CPU/GPU. Similar to the original plans when targeting RISC-V that it would effectively be a SoC but with new vector instructions optimized for graphics workloads, that's still the plan albeit now using OpenPOWER as a base.

  • X.Org Is Getting Their Cloud / Continuous Integration Costs Under Control

    You may recall from earlier this year that the X.Org/FreeDesktop.org cloud costs were growing out of control primarily due to their continuous integration setup. They were seeking sponsorships to help out with these costs but ultimately they've attracted new sponsors while also better configuring/optimizing their CI configuration in order to get those costs back at more manageable levels.

  • Intel Submits More Graphics Driver Updates For Linux 5.10

    Building off their earlier Intel graphics driver pull request of new material queuing ahead of the Linux 5.10 cycle, another round of updates were submitted on Friday.

  • Mike Blumenkrantz: Long Week

    Once again, I ended up not blogging for most of the week. When this happens, there’s one of two possibilities: I’m either taking a break or I’m so deep into some code that I’ve forgotten about everything else in my life including sleep. This time was the latter. I delved into the deepest parts of zink and discovered that the driver is, in fact, functioning only through a combination of sheer luck and a truly unbelievable amount of driver stalls that provide enough forced synchronization and slow things down enough that we don’t explode into a flaming mess every other frame. Oops. I’ve fixed all of the crazy things I found, and, in the process, made some sizable performance gains that I’m planning to spend a while blogging about in considerable depth next week. And when I say sizable, I’m talking in the range of 50-100% fps gains.

  • Watch the ACO shader compiler and Vulkan Ray Tracing talks from XDC 2020

    With XDC 2020 (X.Org Developers Conference) in full swing, we've been going over the various presentations to gather some interesting bits for you. Here's more on the ACO shader compiler and Vulkan Ray Tracing. You can find more info on XDC 2020 in the previous article, and be sure not to miss our round-up of Valve developer Pierre-Loup Griffais talk about Gamescope. More talks were done across yesterday, with the first one we're mentioning here being from Timur Kristóf who is currently a contractor for Valve who talked about ACO (the newer Mesa shader compiler for AMD graphics). The idea behind ACO which Valve announced back in 2019, for those not aware, is to give a smoother Linux gaming experience with less (or no) stuttering with Vulkan with faster compile times for shaders. Kristóf goes over lots of intricate details from being in the experimental stages to eventually the default in Mesa with it now having support across 5 different generations of AMD GPUs.

Security Leftovers

  • Zerologon – hacking Windows servers with a bunch of zeros

    The big, bad bug of the week is called Zerologon. As you can probably tell from the name, it involves Windows – everyone else talks about logging in, but on Windows you’ve always very definitely logged on – and it is an authentication bypass, because it lets you get away with using a zero-length password. You’ll also see it referred to as CVE-2020-1472, and the good news is that it was patched in Microsoft’s August 2020 update.

  • Rethinking Security on Linux: evaluating Antivirus & Password Manager solutions

    Recently I had an experience that let me re-evaluate my approach to Security on Linux. I had updated my Desktop computer to the latest openSUSE Leap (15.2) version. I also installed the proprietary Nvidia drivers. At random points during the day I experienced a freeze of my KDE desktop. I cannot move my mouse or type on my keyboard. It probably involves Firefox, because I always have Firefox open during these moments. So for a couple of days, I try to see in my logs what is going on. In /var/log/messages (there is a very nice YaST module for that) you can see the latest messages. Suddenly I see messages that I cannot explain. Below, I have copied some sample log lines that give you an impression of what was happening. I have excluded the lines with personal information. But to give you an impression: I could read line for line the names, surnames, addresses and e-mail addresses of all my family members in the /var/log/messsages file. [...] I needed to find out what was happening. I needed to know if a trojan / mallware was trying to steal my personal information. So I tried searching for the ZIP archive which was referenced. This might still be stored somewhere on my PC. I used KFind to lookup all files which were created in the last 8 hours. And then I found a lot of thumbnail files which were created by… Gwenview. Stored in a temp folder. I started to realize that it might not be a hack, but something that was rendering previews, just like in Gwenview. I checked Dolphin and detected that I had the preview function enabled. I checked the log files again. Indeed, whenever I had opened a folder with Dolphin, all Word and Excel files in that folder were ‘processed’. I browsed several folders after deleting Calligra and there were no more log lines added. I re-installed the Calligra suite and noticed the calligra-extras-dolphin package. I browsed the same folders and indeed, the log lines started appearing all over again. I had found the culprit. It wasn’t a hack.

  • New vulnerabilities allow hackers to bypass MFA for Microsoft 365

    Critical vulnerabilities in multi-factor authentication (MFA) implementation in cloud environments where WS-Trust is enabled could allow attackers to bypass MFA and access cloud applications such as Microsoft 365 which use the protocol according to new research from Proofpoint. As a result of the way Microsoft 365 session login is designed, an attacker could gain full access to a target's account including their mail, files, contacts, data and more. At the same time though, these vulnerabilities could also be leveraged to gain access to other cloud services from Microsoft including production and development environments such as Azure and Visual Studio. Proofpoint first disclosed the these vulnerabilities publicly at its virtual user conference Proofpoint Protect but they have like existed for years. The firm's researchers tested several Identity Provider (IDP) solutions, identified those that were susceptible and resolved the security issues.

  • NIST Password Guidelines

    The National Institute of Standards and Technology (NIST) defines security parameters for Government Institutions. NIST assists organizations for consistent administrative necessities. In recent years, NIST has revised the password guidelines. Account Takeover (ATO) attacks have become a rewarding business for cybercriminals. One of the members of the top management of NIST expressed his views about traditional guidelines, in an interview “producing passwords that are easy to guess for bad guys are hard to guess for legitimate users.” (https://spycloud.com/new-nist-guidelines). This implies that the art of picking the most secure passwords involves a number of human and psychological factors. NIST has developed the Cybersecurity Framework (CSF) to manage and overcome security risks more effectively.

  • Steps of the cyber kill chain

    The cyber kill chain (CKC) is a traditional security model that describes an old-school scenario, an external attacker taking steps to penetrate a network and steal its data-breaking down the attack steps to help organizations prepare. CKC is developed by a team known as the computer security response team. The cyber kill chain describes an attack by an external attacker trying to get access to data within the perimeter of the security Each stage of the cyber kill chain shows a specific goal along with that of the attacker Way. Design your Cyber Model killing chain surveillance and response plan is an effective method, as it focuses on how the attacks happen. Stages include,

  • Security updates for Friday

    Security updates have been issued by Arch Linux (chromium and netbeans), Oracle (mysql:8.0 and thunderbird), SUSE (rubygem-rack and samba), and Ubuntu (apng2gif, gnupg2, libemail-address-list-perl, libproxy, pulseaudio, pure-ftpd, samba, and xawtv).

  • The new BLESA Bluetooth security flaw can keep billions of devices vulnerable

    Billions of smartphones, tablets, laptops, and Linux-based IoT devices are now using Bluetooth software stacks that are potentially susceptible a new security flaw. Titled as BLESA (Bluetooth Low Energy Spoofing Attack), the vulnerability impacts devices running the Bluetooth Low Energy (BLE) protocol.

  • Are you backing up ransomware with your data?
  •              
  • German Hospital Hacked, Patient Taken to Another City Dies
                     
                       

    German authorities said Thursday that what appears to have been a misdirected hacker attack caused the failure of IT systems at a major hospital in Duesseldorf, and a woman who needed urgent admission died after she had to be taken to another city for treatment.

  •  
  • Woman dies during a ransomware attack on a German hospital [iophk: Windows kills]
                     
                       

    The cyberattack was not intended for the hospital, according to a report from the German news outlet RTL. The ransom note was addressed to a nearby university. The attackers stopped the attack after authorities told them it had actually shut down a hospital.

  •                
  • Windows Exploit Released For Microsoft ‘Zerologon’ Flaw
                     
                       

    Proof-of-concept (PoC) exploit code has been released for a Windows flaw, which could allow attackers to infiltrate enterprises by gaining administrative privileges, giving them access to companies’ Active Directory domain controllers (DCs).

                       

    The vulnerability, dubbed “Zerologon,” is a privilege-escalation glitch (CVE-2020-1472) with a CVSS score of 10 out of 10, making it critical in severity. The flaw was addressed in Microsoft’s August 2020 security updates. However, this week at least four public PoC exploits for the flaw were released on Github, and on Friday, researchers with Secura (who discovered the flaw) published technical details of the vulnerability.

Linux Kernel and Linux Foundation

  • Preparing for the realtime future

    Unlike many of the previous gatherings of the Linux realtime developers, their microconference at the virtual 2020 Linux Plumbers Conference had a different feel about it. Instead of being about when and how to get the feature into the mainline, the microconference had two sessions that looked at what happens after the realtime patches are upstream. That has not quite happened yet, but is likely for the 5.10 kernel, so the developers were looking to the future of the stable realtime trees and, relatedly, plans for continuous-integration (CI) testing for realtime kernels.

  • Profile-guided optimization for the kernel

    One of the many unfortunate consequences of the Covid-19 pandemic was the cancellation of the 2020 GNU Tools Cauldron. That loss turned out to be a gain for the Linux Plumbers Conference, which was able to add a GNU Tools track to host many of the discussions that would have otherwise occurred at Cauldron. In that track, Ian Bearman presented his group's work using profile-guided optimization with the Linux kernel. This technique, which he often referred to as "pogo", is not straightforward to apply to the kernel, but the benefits would appear to justify the effort. Bearman is the leader of Microsoft's GNU/Linux development-tools team, which is charged with supporting those tools for the rest of the company. The team's responsibilities include ensuring the correctness, performance, and security of those tools (and the programs generated by them). Once upon a time, the idea of Microsoft having a GNU tools team would have raised eyebrows. Now, he said, about half of the instances in the Microsoft cloud are running Linux, making Linux a big deal for the company; it is thus not surprising that the company's cloud group is his team's biggest customer. There was recently, he said, an internal customer working on a new Linux-based service that asked his team for performance help. After some brainstorming, the group concluded that this would be a good opportunity to use profile-guided optimization; the customer would have control of the whole machine running the service and was willing to build a custom kernel, making it possible to chase performance gains at any level of the system. But there was a small problem in that the customer was unable to provide any code to allow workload-specific testing.

  • Conventions for extensible system calls

    The kernel does not have just one system call to rename a file; instead, there are three of them: rename(), renameat(), and renameat2(). Each was added when the previous one proved unable to support a new feature. A similar story has played out with a number of system calls: a feature is needed that doesn't fit into the existing interfaces, so a new one is created — again. At the 2020 Linux Plumbers Conference, Christian Brauner and Aleksa Sarai ran a pair of sessions focused on the creation of future-proof system calls that can be extended when the need for new features arises. Brauner started by noting that the problem of system-call extensibility has been discussed repeatedly on the mailing lists. The same arguments tend to come up for each new system call. Usually, developers try to follow one of two patterns: a full-blown multiplexer that handles multiple functions behind a single system call, or creating a range of new, single-purpose system calls. We have burned ourselves and user space with both, he said. There are no good guidelines to follow; it would be better to establish some conventions and come to an agreement on how future kernel APIs should be designed. The requirements for system calls should be stronger, and they should be well documented. There should be a minimal level of extensibility built into every new call, so that there is never again a need to create a renameat2(). The baseline, he said, is a flags argument; that convention is arguably observed for new system calls today. This led to a brief side discussion on why the type of the flags parameter should be unsigned int; in short, signed types can be sign extended, possibly leading to the setting of a lot of unintended flags. Sarai took over to discuss the various ways that exist now to deal with system-call extensions. One of those is to add a new system call, which works, but it puts a big burden on user-space code, which must change to make use of this call. That includes checking to see whether the new call is supported at all on the current system and falling back to some other solution in its absence. The other extreme, he said, is multiplexers, which have significant problems of their own.

  • Lua in the kernel?

    BPF is, of course, the language used for network (and other) customization in the Linux kernel, but some people have been using the Lua language for the networking side of that equation. Two developers from Ring-0 Networks, Lourival Vieira Neto and Victor Nogueira, came to the virtual Netdev 0x14 to present that work. It consists of a framework to allow the injection of Lua scripts into the running kernel as well as two projects aimed at routers, one of which is deployed on 20 million devices. Neto introduced the talk by saying that it was also based on work from Ana Lúcia de Moura and Roberto Ierusalimschy of the Pontifical Catholic University of Rio de Janeiro (PUC-Rio), which is the home organization of the Lua language. They have been working on kernel scripting since 2008, Neto said, developing the Lunatik framework for Linux. It allows kernel developers to make their subsystems scriptable with Lua and also allows users to load and run their Lua scripts in the kernel.

  • OpenZFS 2.0-RC2 Released With Dozens Of Fixes

    Nearly one month ago OpenZFS 2.0 saw its first release candidate while now it's been succeeded by another test candidate in time for some weekend exposure. OpenZFS 2.0 is a huge update for this open-source ZFS file-system implementation in that it mainlines FreeBSD support alongside Linux, there is Zstd compression support, many performance optimizations, fast clone deletion, sequential resilvering, and a lot of other improvements and new features.

  • New /dev/random Implementation Hits 35th Revision

    Going on for more than four years now has been creating a new /dev/random implementation and this Friday marks the 35th revision to this big set of patches that aim for better performance and security. The code has been through many changes over the years for this new "Linux Random Number Generator" (LRNG).

  • Linux 5.10 To Support AMD SME Hardware-Enforced Cache Coherency

    Linux 5.10 is set to support a new feature of AMD Secure Memory Encryption (SME) as part of the Secure Encrypted Virtualization (SEV).

  • Linux 5.9 To Allow Controlling Page Lock Unfairness In Addressing Performance Regression

    Following the Linux 5.0 to 5.9 kernel benchmarks on AMD EPYC and it showing the in-development Linux 5.9 kernel regressing in some workloads, bisecting that issue, and that bringing up the issue of the performance regression over page lock fairness a solution for Linux 5.9 has now landed. [...] Long-term Linus Torvalds and other upstream developers will be looking at further improving the page lock behavior, but merged today for Linux 5.9 was a short-term solution. The change is allowing a controlled amount of unfairness in the page lock.

  • Notes from an online free-software conference

    An online event requires an online platform to host it. The Linux Foundation, which supports LPC in a number of ways, offered a handful of possibilities, all of which were proprietary and expensive. One cannot blame the Linux Foundation for this; the events group there was under great pressure with numerous large events going up in flames. In such a situation, one has to grasp at whatever straws present themselves. We, though, had a bit more time and a strong desire to avoid forcing our attendees onto a proprietary platform, even if the alternative required us to build and support a platform ourselves. Research done in those early days concluded that there were two well-established, free-software systems to choose from: Jitsi and BigBlueButton. Either could have been made to work for this purpose. In the end, we chose BigBlueButton for a number of reasons, including better-integrated presentation tools, a more flexible moderation system, and a more capable front-end system (though, as will be seen, we didn't use that part). BigBlueButton worked out well for LPC, but it must be said that this system is not perfect. It's a mixture of highly complex components from different projects glued together under a common interface; its configuration spans literally hundreds of XML files (and some in other formats). It only runs on the ancient Ubuntu 16.04 distribution. Many features are hard to discover, and some are outright footguns: for moderators, the options to exit a meeting (leaving it running) and to end the meeting (thus kicking everybody else out, disposing of the chat session, and more) are adjacent to each other on the menu and look almost identical. Most worryingly, BigBlueButton has a number of built-in scalability limitations. The FAQ says that no BigBlueButton session should have more than 100 users — a limitation that is certain to get the attention of a conference that normally draws around 600 people. A lot of work was done to try to find out what the real limitations of the platform were; these included automated testing and running a couple of "town hall" events ahead of the conference. In the end, we concluded that BigBlueButton would do the job if we took care not to stress it too hard.

  • September 2020 Linux Foundation Newsletter
  •        
  • Open Source Collaboration is a Global Endeavor, Part 2

    The Linux Foundation would like to reiterate its statements and analysis of the application of US Export Control regulations to public, open collaboration projects (for example, open source software, open standards, open hardware, and open data) and the importance of open collaboration in the successful, global development of the world’s most important technologies. Today’s announcement of prohibited transactions by the Department of Commerce regarding WeChat and TikTok in the United States confirms our initial impact analysis for open source collaboration. Nothing in the orders prevents or impacts our communities’ ability to openly collaborate with two valued members of our open source ecosystem, Tencent and ByteDance. From around the world, our members and participants engage in open collaboration because it is open and transparent, and those participants are clear that they desire to continue collaborating with their peers around the world.

  • Linux Foundation Certified IT Administrator Exam To Be Launched Soon
  • Linux Foundation launches new entry-level IT certification

    If you're Linus Torvalds, you don't need a certification to get a job. People know who you are. But most of us trying to get a start in technology need a certification. Now, The Linux Foundation, the nonprofit, open-source powerhouse organization, and Certiverse, a certification testing startup, have announced they're working on a new entry-level IT certification offering: The Linux Foundation Certified IT Associate (LFCA).