2014-04-25

AOO RC4 Annotated Log

Annotated Log for 1524958..1587478



Usually makes for just-before-I-fall-asleep reading but given that this is RC4 (as in n, n+1....), the issue log is actually kind of interesting.



It also is a rather good way to engage the community. We always need for people to test the application and we, or I, especially want those in enterprise-level settings to do so. AOO, like OOo before it, is favoured by enterprises around the world; these tend to be public sector.



And for them, the application has to be robust enough to meet the high demands put upon it.

2014-04-17

100,000,000 Downloads of Apache OpenOffice

The Apache Software Foundation Announces 100 Million Downloads of Apache™ OpenOffice™ : The Apache Software Foundation Blog



This is an impressive number for a few reasons. One of them is that we actually have taken pains in the quantity. It really is 100M. When I did stats for OpenOffice.org, we lacked the necessary technology to be able to assert, with any real accuracy, just how many total downloads. Towards the end, we were able to claim more confidence, as we had better means of calculating the quantity, and so we could point to anywhere from 250M to 500M. (We could also evaluate how many around the world were using OOo, or ODF, which is the native format for OO: a lot, and somewhere north of 250M, by now, though they also probably use other apps, too.)



The other important point is that this huge number really represents just a sliver of the estimated total. It's also mostly Windows users. Why? Well, one of the most popular Linux distributions, Ubuntu, has sided with LibreOffice and includes it with its installation packages. Putting Apache OpenOffice on it is by no means impossible but it does entail effort, and for the naive Linux user (of which there are some, I am sure), a considerable effort. One also has to know about it, and understand that OpenOffice really is different than LibreOffice.



So those who have downloaded it 100M times (since inception of the project, mind you) are doing it largely on their own recognizance. What about downloads that are then installed in massive enterprises, as we can find in Brazil, for instance, but also in other national and sub-national polities? Those may well be counted as... 1 (one) download.... which is then multiplied a million-fold.



Now, the fun: Does this mean that open source has "arrived" and the desktop (or workspace) is now "free"? Yes and no. For the last 5 years, at least, it's been as free as users want it to be. More to the point, the data suggest that users are able to see beyond the obligatory application choices they have gotten used to.



The next step: let's make a community out of those who have chosen to use the software. We love them. We would also love their input and ideas.




2014-04-14

Heartbleed: Open source's worst hour | ZDNet

Heartbleed: Open source's worst hour | ZDNet



This is actually a very good essay. It is not an attack on open source, not a jeremiad, and it was written by someone who has been reporting on the phenomenon pretty much since it started. Rather, it is a call to attention.



Why, given open source's vaunted transparency to flaws and supposedly eager communities, did this serious flaw go so long unnoticed? Vaughan-Nichols:




I think I know why and I can sum it up with one phrase: "Magical Thinking." We think that because open source code can be more secure, it is more real secure. Wrong!
Everyone just assumed that OpenSSL must be perfectly safe because, well OpenSSL has a reputation for being safe, therefore it was safe. Developers, website developers, security experts, one and all, it seems no one ever thought to actually use those eyeballs that successful open source relies upon to check the code to see if it really was safe.
We were idiots.
We thought that because OpenSSL was open source that everyone was actually using open source methodology to make sure its code was correct. In reality, no one, after that initial approval years ago, ever bothered to check up to see if the code was both right and secure.
The open source method remains as good as ever when used correctly. When it's not, when we simply assume that all the t's have been crossed and the i's dotted, then we're relying upon faith and not testing and that's doesn't work for any program.