Day: March 1, 2013

LibreOffice is developing a Certification Program! Pretty neat!

LibreOffice Certification Program

“Certification is a key milestone for building the LibreOffice ecosystem, and increase the number of organizations capable of adding value around LibreOffice (and, hopefully, help to spread the adoption over proprietary and open source office suites). Certification is also going to be an additional opportunity for The Document Foundation, at least in the medium to long term, in order to sustain the growth of the ecosystem.

TDF certification model will be different from that of proprietary software companies, as TDF – for instance – cannot leverage discounts over list prices (one of the typical advantages of certified partners). Developing a new certification model is both a challenge and an opportunity, for TDF and for its partners.

TDF (informal) ecosystem already includes the resources for creating this new model of certification program, and to make it interesting for the market (i.e. individuals and companies which are not yet thinking about becoming TDF partners, but have the potential to do so). In any case, TDF certification will not be related to the sheer dimension of the business, although companies able to generate a larger business should also contribute more to the project.

Before starting to outline the certification program, it should be absolutely clear that it is not supposed to become a source of competition for TDF corporate sponsors (today: Canonical, RedHat and SUSE), for TDF partners like Lanedo, and for TDF members who provide VAS (value added services) to the market. On the contrary, it provides a method of regulating the quality of the services provided by these entities and a method of recognising that certain services conform to clear and transparent regulatory criteria. This will help build and sustain the ecosystem.

The main focus of the certification program is the corporate environment, although TDF – in the future – might also create an end user training program as a by-product of the corporate training (although most end users will ask for a basic training program, and possibly for a certification like ECDL, which might become a secondary source of income, based on trainings for the trainers). Although there might be a large request for end user certification, this is not as important as professional certification as it is not going to help building the ecosystem.

Individual Certifications:

Certified Developer

Is able to hack LibreOffice code to develop new features or provide L3 Support to enterprise users, researching and developing solutions to new or unknown issues, designing and developing one or more courses of action, evaluating each of these courses in a test case environment, and implementing the best solution to the problem. Once the solution is verified, it is delivered to the customer and given back to the community. Certified Core Developers need to be present TDF members, and part of their certification is peer review by the Engineering Steering Committee.

Certified Migration Professional

Is able to coordinate the migration process from MS Office to LibreOffice, working with the customer to manage the change in all aspects (integration, development of macros and templates, training and support) in order to have a smooth transition.

Certified Professional Trainer

Is able to teach the use of LibreOffice at basic, intermediate or advanced level.

Certified L1 Support Professional

Is able to handle basic customer issues, gathering the customer’s information and determining the customer’s issue by analyzing the symptoms and figuring out the underlying problem. Technical support specialists in this group typically handle straightforward and simple problems like verifying the proper hardware and software set up, and assisting with application menus. In a corporate environment, the goal for this group is to handle 70%-80% of the user problems before finding it necessary to escalate the issue to L2 support.

Certified L2 Support Professional

Is able to assist L1 support personnel in solving basic technical problems and investigating elevated issues by seeking for known solutions related to these more complex issues. If a problem is new or a solution cannot be determined, is responsible for raising this issue to L3 support. Technical support specialists in this group typically handle complex functional problems. Within a migration project, is able to develop macros and/or templates reproducing those developed for MS Office, in order to offer to end users of the suite the same functionalities they were used to.”

Java is having a bad – quarter! Another Zero Day security issue for Java!

Another Java Zero-Day Found, Dump That Browser Plugin

Researchers have uncovered yet another zero-day vulnerability in Java, and attackers are currently exploiting it in the wild.

The security flaw, if triggered, leads to arbitrary memory read-and-write in the Java Virtual Machine, Darien Kindlund and Yichong Lin, two researchers at FireEye, wrote on the FireEye Malware Intelligence Lab blog Thursday. If successful, the attack code downloads a McRAT dropper and information-stealing Trojan onto the victim’s computer. It is a different type of flaw than some of the others we’ve seen recently.

FireEye said several of its customers saw the attack against browsers with Java enabled. The security flaws are in Java v.1.6 Update 41 and the latest Java v1.7 Update 15, which was just released Feb. 19, according to FireEye. The researchers have already disclosed the vulnerability to Oracle (CVE-2013-1493). No other information is currently available from Oracle.

More Zero-Days
FireEye researchers summed up the prevailing sentiment well in the post’s title, ‘YAJ0: Yet Another Java 0-Day.’ While Java has been a popular attack target for a long time, there seems to be an exploision of Java zero-days being exploited in the wild over the past two months. It’s the same cat-and-mouse game we’ve seen with other companies. A zero-day is found, the company patches it, a new zero-day is found. Wash, rinse, and repeat.

Oracle, the company well-known for its reluctance to release patches out-of-schedule, has released several emergency updates in the past year because the bugs have been so serious. The company released a scheduled update Feb. 19, but it is likely this bug will spur yet another emergency patch.

Turn It Off, Or Limit It
Are you tired of the whole merry-go-round and want a way to jump off? Turn off Java in the browser. Disable the plugin. We show you how to disable Java. Are you one of the many, many, people who need Java for work and school purposes and can’t turn off Java in the browser?

Here is what you can do. You disable Java in your default, primary browser. The browser you use the most should not have Java at all. And then you install the browser you don’t use all that often—most people generally have more than one browser installed on their computers, anyway—and enable Java in that. The important thing here, though, is that you don’t, never ever, absolutely never, use that browser to go to any site other than that handful of sites you need to run Java on. You need to use Blackboard? You fire up the Java-browser. You need to look up something that was mentioned during the Blackboard session? Instead of clicking, copy the link, fire-up your default browser, and paste it in.

It adds a lot of extra steps, and I can tell you that it is tremendously annoying. But I feel safer knowing that I am reducing my chances of getting hit with a watering hole attack. Think about all those mobile developers at Facebook, Twitter, Microsoft, and Apple. They visited a iOS developer Web site (probably a site they visited with regularity, considering their jobs) with browsers that had Java enabled, and were compromised.

If you are annoyed enough, you will do the next step, which is pressure the company to stop using Java. ‘There is no longer any reason for Websites to be using Java applets,’ Chester Wisniewski, of Sophos, told me at the RSA Conference this week. You can pressure IT to start switching to a different product. As customers, you can tell the vendor to come up with a non-Java alternative, or when it comes time to renew the subscription or contract, you will cancel and go to a different product. Money talks.

Wisniewski said he didn’t make the decision to recommend turning off Java lightly. He considered the ramifications carefully and came to the conclusion that at the moment, it was the safest thing to do.”

And, I still want one!

The Raspberry Pi: One year since launch, one million sold

“The folks who built the Raspberry Pi knew they had a great idea, but they probably didn’t anticipate just how successful it would be. The Raspberry Pi Foundation today is celebrating the computer’s first birthday, a million devices sold, and countless DIY and programming projects completed.

The credit card-sized, ARM-based computer was released on Feb. 29, 2012 and can be purchased for $25 or $35 depending on the model. In a blog post titled ‘Happy birthday to us!’ foundation community manager Liz Upton wrote that today is ‘as near as we can get [to the anniversary date]; we launched on a leap day last year. We’re going to have a really great party in 2016.’

‘We never thought we’d find ourselves in the position we’re in today, with a million Pis sold, a sprawling community, real evidence that kids are picking the Pi up and learning with it, and new friends from all over the world,’ she also wrote.

Numerous people involved in the Pi’s development shared their thoughts. Among them was Gordon Hollingworth, who left a job at Broadcom to become head of software at the Pi foundation. ‘I remember [Raspberry Pi creator] Eben [Upton] telling me about the Foundation’s plan to create the hardware based on BCM2835 (a chip I had a lot of involvement in creating), and him saying that he thought 10K was a good number to start with!’

The Raspberry Pi is so popular that supply was often unable to meet demand over its first year. If you’re looking to buy one, they can be found at Element14, RS, and Allied Electronics.

The Pi has been used as a tool to teach and learn programming, and users have produced all sorts of cool stuff, including arcade cabinets, robots, and wearable computers. If you want to see some of the best projects from the Pi’s first year, check out our feature ’10 Raspberry Pi creations that show how amazing the tiny PC can be.'”