LibreOffice created to protect world from anticipated end of OpenOffice

Speaking of righteous fear, you know that Oracle bought Sun Microsystems. Sun sponsored many open source projects, including the #2 office suite on earth Open Office, and the #1 web database engine MySQL. Oracle has never suggested that it likes open source at all, rather they are a high dollar very-for-profit database corporation.

As a matter of caution, the OpenOffice.org software has been forked because of fears that Oracle may stop supporting it as they did Sun Open Solarous Unix. According to an article in eWeek, LibreOffice.org has support from some of the biggest names in technology: Initial supporters include Red Hat, Google, Novell, Free Software Foundation, OASIS, OSI, Canonical and the GNOME foundation. The eWeek article is here.

According to eWeek:

“OpenOffice.org has long been the leading free and open-source alternative to Microsoft Office. The software has set download records on new releases, and estimates suggest it now accounts for about 10 percent of the overall office suite market.”


Popular Security

We have all been burned by it: the web site you must use — your bank, a government site, something else you really want to use. The worst offenders are those where you have no choice: you must use their web site. You go through the whole process of “registering” and then they drop the bombshell on you: you must use a gibberish username or password so complex that there is no reasonable way a human being can remember it, or some other nonsense of equal uselessness.

Yes, you could make up words for each letter of the random garbage password. Sure, you could write it down so you don’t forget it. You could go to http://random.org and have the computer generate you a list, then tape it to your monitor. But really, why are they doing this to us?

Does it improve security? No. It harms security.

First, web sites are not usually hacked because someone used a brute force attack trying to log in — they logged in using information they already had from somewhere else, or they used an exploit to break into an unpatched system. No system needs to fall to brute force attacks — just install DenyHosts or something else like it for free: three bad password attempts and the IP address is banned until the sysop removes it from the hosts.deny list. And don’t get me started on people who allow outside logins with the root account — people learn to login with a normal account and shell. We get hundreds of hack attempts every day and the first login they try is ‘root’ followed by ‘bob’ and some other junk. Read your system security logs for more entertainment.

Second, ridiculous logins and passwords cannot be remembered: they must be written down. The most profitable way banks are broken into is not by breaking doors or threatening physical violence: it is by reading post-it notes bank managers stick to their computer screens with non-memorable passwords written on them.

Third, very few web sites are worthy of their own very special, unique, just-for-them-alone, login and password. And that is where the real security problem exists: the most common security breach is not passwords that are too easy to break by brute force methods or dictionary lookups. The most common security breach is by password reuse.

Password reuse is what we all do for unimportant web sites that we visit, and which demand that we create a login for them, but which we really do not care about. We all visit 10’s if not 100’s of those. Trojan web sites can be used to snarf up logins, then the mafia behind the trojans can use the data to break into popular web sites — sometimes a person will, for example, use the same password on FaceBook, AOL, and her bank. If they enter that same information in a junk web site, then the mafia can also use it to access her bank, FaceBook, and so forth.

Most people are savy enough they do not use ‘password’ as their password. I have several passwords, made of random characters, which I use for different types of web sites. One password goes on garbage sites that I really do not care about — it is simply kept around to satisfy web site owners who think they gain something by forcing everyone to log in. Another password I use for sites I care about, but which are not really very dangerous, and in a very few places — banks, popular social sites, my personal blog sites — I use a special password crafted just for them. I write these passwords down in an administrative journal because these are important web sites, and if I get hit by a truck on the way to work tomorrow, there are people who will need to use those sites in my absence. The garbage sites could vanish tomorrow and the world would never notice, nor mostly, would I.

I have noticed another interesting thing about the security problem: the web sites which degenerate into this counter-productive policy seem to be mostly sites which are using .aspx technology — Microsoft servers. My bank has even gone so far as to require Flash to be installed on my browser to login, with the idea that measuring how fast I type somehow identifies me better than my login or IP address. Honest. The same Flash that was not available in a 64-bit version to fit my 64-bit browsers on my 64-bit quad core Linux system. They actually required me to uninstall my browser and go backwards to the old 32-bit version to access my bank accounts on-line. For a while Flash was not even allowed on Linux. That is over-the-top unreasonable. It is actually written in some banking policy that they must do that. Flash, the technology that has so many crashes and hacks, that spyware installs ‘updates’ to posing as Adobe. Yes, that Flash, is required to login to my bank.

Freedom of the press belongs to those who own one — I said that years ago. It is still true. If you don’t like a web site you are free to vote with your feet. But it is irritating, and unnecessary, and it doesn’t help security, it harms security. And we should never have that situation in cases where a person has no choice but to use the site. If it is that important, then pass out USB ID sticks or RFI chips in cards with readers instead.


Wi-Fi data Collection continues: using YOUR CELL PHONE

According to an article in networkworld, Google is still collecting wi-fi data. After some legal hoopla earlier this year, they stopped using their wi-fi “Street View” cars to log wi-fi locations, but they then switched to using peoples Android phones and location-aware mobile apps to rat out wi-fi sources. Hope they are asking each phone owner for permission first..


FaceBook Virus or Ethics Violation?

FaceBook presently seems to be demanding a cell phone number as a condition of logging on. It could be a virus forwarding mobile phone numbers to China or Siberia for posting unauthorized charges to cell phones to steal money, or it could be FaceBook actually pulling the same stunt themselves for the same reason — to place unauthorized charges on the cell phones. It cannot be to authenticate customers as they are already authenticated through providing a valid non-public (not yahoo, hotmail, msn, etc.) email address.


Using Social Media for Education

We came across a July 1 post by Phil Montero at http://theanywhereoffice.com on how to use Social Media, such as FaceBook to enhance education at K-12, College, and special post secondary educational situations. It was a good find. His link for further information is http://www.theanywhereoffice.com/digital-lifestyle/using-social-media-for-inspired-learning-and-education.htm which points to Fred’s article at http://www.fredshead.info/2010/05/100-inspiring-ways-to-use-social-media.html.

Here is a taste of Fred’s patter:

“Social media may have started out as a fun way to connect with friends, but it has evolved to become a powerful tool for education and business. Sites such as Facebook and Twitter and tools such as Skype are connecting students to learning opportunities in new and exciting ways.”

One interesting aspect of this web site is that it is designed to be accessible to the visually impaired.