Show Sidebar Log in

Ubuntu Forums compromised – 2 mn. email addresses stolen

Ubuntu logoHackers have succeeded in retrieving part of the Ubuntu Forums database by exploiting a security flaw in the Forum Runner extension for vBulletin. Some 2 million user names and associated email and IP addresses were stolen, Le Monde Informatique reports, although the attackers failed to obtain users’ passwords.

Canonical, the company behind Ubuntu Linux, announced the security breach last Friday after it had been alerted by a person claiming he had a copy of the database. An enquiry revealed that the attacker gained access to the records due to a vulnerability.

The SQL code injection flaw was found in the Forum Runner extension for vBulletin, the commercial forum software used by more than 100,000 community websites. The vulnerability was known about, but Canonical’s security team was not able to apply a patch in good time, although the flaw has since been patched.

Waves of spam and phishing attempts expected

Canonical temporarily closed the site as a precaution and to ensure that no malicious code has been left behind after this attack, installed the most recent version of vBulletin on its servers and reset all the system’s passwords.

Although there is no immediate danger for Ubuntu Forum accounts, users could be targeted by spam and phishing trying to get them to visit malicious sites or download malware, as is often the case after attacks of this kind.

Ubuntu’s forums are not the first sites running on vBulletin to have been compromised; this happened with in 2013.

Document editing in Nextcloud with Collabora Online Office

Thanks to a partnership between Nextcloud and Collabora there is now a great solution for self-hosting Online Office. Nextcloud has worked with Collabora to provide an easy-to-use Online Office solution for the first time for home users which is easily integrated into Nextcloud. At the same time, Nextcloud and Collabora have announced the of enterprise standard offerings to their customers, who will be able to access a secure, easy-to-use and integrated Online Office solution in their Nextcloud installation.

“Working with Collabora and the LibreOffice community enables us to provide a great solution for our enterprise customers”, said Frank Karlitschek, Managing Director of Nextcloud. “We’re proud to partner with Collabora, the creators of LibreOffice Online, to enable our community and customers to run their own Online Office suite.”

Collabora Office Online running on Nextcloud

Introducing an integrated open source office suite into Nextcloud with support for popular file formats users has been a key goal for Nextcloud since its inception.

The result of Nextcloud’s collaboration Collabora is that Nextcloud users now have access to a free, and regularly updated LibreOffice Online docker image. Both companies are committed to providing regular updates of this image.

At the same time, enterprise customers can now purchase support contracts for a scalable, more secure version from Collabora and Nextcloud.

Originally posted on the author’s own blog.

Bulk data collection only lawful in serious crime cases, Advocate General rules

online surveillance imageThe Advocate General of the European Court of Justice (ECJ) has ruled that bulk data collection in the UK – as enabled under the Data Retention and Investigatory Powers Act (Dripa) 2014 is illegal, except in the fight against serious crime, yesterday’s Guardian reports.

The case had been brought by Labour deputy leader Tom Watson and Conservative David Davis (when he was a backbencher; he has since been elevated to Minister for Brexit following the EU referendum. Ed.). The plaintiffs were supported by Liberty, the Law Society, the Open Rights Group and Privacy International.

The case ended up before the ECJ after the government appealed against the original High Court ruling in the plaintiffs’ favour.

In his preliminary ruling, Advocate General Henrik Saugmandsgaard Øe clarified EU law on data collection, stating:

Solely the fight against serious crime is an objective in the general interest that is capable of justifying a general obligation to retain data, whereas combating ordinary offences and the smooth conduct of proceedings other than criminal proceedings … are not.

The court’s final decision will be delivered in the near future. It is a very rare occurrence that the ECJ does not go along with the Advocate General’s opinion.

Welcoming the preliminary ruling, Tom Watson remarked:

“This legal opinion shows the prime minister was wrong to pass legislation when she was home secretary that allows the state to access huge amounts of personal data without evidence of criminality or wrongdoing.

The Advocate General’s ruling is bound to have an effect on the Investigatory Powers Bill, the latest incarnation of the Snoopers’ Charter, which is currently making its was through Parliament.

Midlands broadband round-up

First the good news.

Yesterday’s Sentinel reports that the north Staffordshire villages of Talke (home of Reginald Mitchell, creator of the Spitfire. Ed.) and Talke Pits will be amongst the next 30 communities to benefit from 200 Mbps ultrafast broadband as part of Virgin Media’s £3 bn. network expansion in the UK.

Commenting on the news, Jo Dutton, Virgin Media’s Midlands Regional Director remarked: “We are delighted to be supercharging these Staffordshire villages, it shows that ultrafast broadband and top-notch TV isn’t just for big cities.”

switches and cabling

Now the bad news.

In neighbouring Shropshire, Shropshire Council has today claimed that BT is failing to deliver fast broadband to rural Shropshire despite having the technology available, according to today’s Shropshire Star.

The council has accused BT of investing in urban areas but letting down rural areas like Shropshire that are “geographically challenged”, adding that suppliers should see rural communities as a high potential ‘take up’ market (particularly as farmers now have to complete all their returns to central government online and often suffer from speeds barely higher than in the bad old days of dail-up; and then what about rural businesses? Ed.).

Shropshire Council’s criticism of BT comes just one day after the House of Commons Culture, Media and Sport Committee published a scathing report on BT, concluding that BT is “significantly under investing” in Openreach, its infrastructure subsidiary, and must get its house in order or risk being split up.

“Superfast” broadband coming to more S. Gloucs. villages

image of optical fibre cableSome 2,000 homes and businesses in South Gloucestershire are set to benefit from an investment of £1.49 mn. in so-called “superfast” broadband up to 2017.

The South Gloucestershire villages are likely to benefit from this cash injection include Tytherington, Dyrham, Hinton, Littleton-upon-Severn, Oldbury-on-Severn, Cromhall, Elberton, Codrington and Little Sodbury, although surveys will need to be undertaken to confirm exactly where the network upgrade work will be carried out, yesterday’s Bristol Post reports.

The new investment will take superfast broadband coverage from 93% to 95% across the unitary authority area by the end of 2017, whilst the partnership between South Gloucestershire Council, BDUK and BT in charge of the project is reported to have made faster fibre broadband available to over 18,000 homes and businesses already since it began in 2013.

This latest cash injection has been made possible for a number of reasons, including savings from the first phase of the roll-out, investment from BT triggered by high take-up of the service and additional funding that South Gloucestershire has secured through the Government’s Broadband Delivery UK (BDUK) programme and the West of England Local Enterprise Partnership (LEP).

New money and new management for ownCloud

owncloud logoGerman company ownCloud GmbH is receiving new money and taking over the business of ownCloud Inc. in the USA, German IT news site heise reports. In addition, there will also be management changes due to the financing deal.

A group of investors featuring the Frankfurt-based entrepreneur Tobias Gerlinger will be providing ownCloud GmbH with “growth capital”. By doing so, it is therefore acquiring the majority of the company behind the open source suite of client-server software for creating and using file hosting services, according to the ownCloud blog. Tobias Gerlinger is taking over management of the company with immediate effect in the fields of finance, marketing and distribution.

Takeover of the overall business

Holger Dyroff, who was previous responsible for those field is pleased that the future focus can be on product strategy. Marcus Rex, another founder member of ownCloud will be leaving the company’s management. In addition to the personnel changes, ownCloud GmbH also announced it would be taking over the business of the US-based ownCloud Inc., which is having to close down on account of the launch of the competing Nextcloud product, which forked from ownCloud recently (news passim).

Earlier this year version 9 of ownCloud was released.

Telford to apply for EU funding for better business broadband

modemTelford & Wrekin Council’s cabinet is set to approve a scheme to apply for European funding to provide better broadband for business, today’s Shropshire Star reports.

If the bid is successful, the funding will be used to give eligible businesses grants for fibre optic broadband through the Marches Broadband Grant project.

Telford & Wrekin Council is seeking £237,818 from the European Regional Development Fund, which will need to be matched by additional funding of £158,545, with the full amount allowing grants for up to 124 local businesses, which will receive between £7,000 and £25,000 each for faster connectivity.

Telford & Wrekin Council’s cabinet member for customer and neighbourhood services Cllr. Angela McClements, said: “The priority is the delivery of Superfast Telford which is still in the early stages of delivery.

“However, the Marches Broadband Grant scheme opens up the availability of fibre broadband to businesses that might not be covered by Superfast Telford.”

The decision on the matched funding arrangement, which will involve neighbouring Shropshire Council and nearby Herefordshire Council, will be made by the local authority’s cabinet on 21st July.

This news comes less than one week after Shropshire Council announced changes to its approach to the provision of better broadband in the county, which the Star reported would result in delays in better connectivity for between 12,000 and 20,000 homes.

Somerset to receive £40 mn. investment in broadband

image of fibre optic cableBroadband network providers are expected to bid for six contracts worth a total of £39.5 mn. to improve broadband connections in Somerset and Devon, yesterday’s Somerset Live (formerly the Western Daily Press. Ed.) reports.

The investment will provide broadband services between 30 Mbps (sometimes termed “superfast”) and “ultrafast” 100 Mbps to customers, mostly to rural areas of both counties, with the aim of bringing faster broadband to areas unlikely to benefit from wholly commercial operations, including the Mendips, Quantocks, Exmoor and the Blackdown Hills.

This is second phase of a superfast broadband scheme for Somerset which has been launched this week by Connecting Devon and Somerset (CDS).

Potential suppliers will have to present plans to connect as many people as possible by the end of 2017.

As part of its efforts to improve broadband access so all premises have “broadband” speeds of at least 2 Mbps, CDS has recently launched a voucher scheme. To date 1,400 applications have been received and 1,000 vouchers for up to £500 redeemed.

Inria announces Software Heritage

Yesterday Inria, the French National Institute for computer science and applied mathematics, announced (French press release. Ed.) the launch of Software Heritage, an initiative collect, organise, preserve and make easily accessible the source code of all software that is publicly available.

Screenshot of Software Heritage website
Screenshot of Software Heritage website

Sending messages to family and friends, paying bills, purchasing goods, accessing entertainment, interacting with central and local government, finding information, booking travels: nowadays almost every act of our daily life relies on computers and software.

However, that is just the tip of the iceberg. Software controls the electronic equipment embedded in the machines we use to travel, communicate, trade and exchange. Software lies at the heart of medical equipment and devices; it ensures proper operation of the energy, transport and telecommunication networks; it powers the banks and financial institutions; software is crucial for the working of large public and private organisations of all sizes, be that on mobile devices or in the cloud.

In summary, software is a key enabler for all aspects of our modern world: our industry, our science, our lifestyle; all of our society depends on software.

The challenge

The goal of the Software Heritage project is to build a modern “Library of Alexandria” featuring software, which will form a unique reference database of all source code, a tool for new software projects and a research instrument for computer science.

Software Heritage is an essential building block for preserving, enhancing and sharing the scientific and technical knowledge that is embedded to an ever-greater extent in software; it also contributes to our ability to access all the information stored in digital form.

Software Heritage will adopt a distributed infrastructure in order to ensure the long-term availability and reliability of its archive.

Software Heritage will provide a reference knowledge base for all open source software used in industry, thus enabling better lifecycle management and long term preservation of industrial software. Once live update capabilities are enabled, Software Heritage is bound to become the reference archive for all industrial users, helping software developers of new software projects find, re-use and archive new source code.

Software Heritage is the foundation on which we can build a unique research instrument for studying all the software source code, enabling significant advances in all domains of computer science and leading to better quality, security and safety in the software on which we depend in our daily lives.

As of yesterday when the project was announced, Software Heritage had already collected more than 20 million software projects, archiving more than 2.5 billion unique source files, along with all their development history. Software Heritage therefore represents the richest collection of source code on the planet.

Antoine Petit, INRIA’s CEO, remarked: “We decided to start working on Software Heritage more than a year ago and we have now shown its feasibility. In order to scale up worldwide, the time has now come to open it up to the widest, national and international contributions.”

Two early partners have already committed their support to Software Heritage and will help it grow. They are Microsoft, (which really needs no introduction. Ed.) and DANS, an institution of the Royal Academy of the Arts and Sciences and the Netherlands Organisation for Scientific Research, dedicated to preserving and promoting sustained access to digital research data.

Inria is now calling all stakeholders worldwide to assist the project in tasks such as, for example, helping to identify the thousands of different sites where the world’s software heritage is now spread around and contributing to the infrastructure. As regards the latter, the project’s own source code is shortly going to be released to the world and developers that share the project’s vision and want to help in this mission will be welcome.

FSFE support

The announcement of the project has been welcomed by the Free Software Foundation Europe (FSFE), which has released a statement of support.

The FSFE highlights a vital reason for supporting the project, i.e. that software is prone to disappear, either because it stops being profitable, or projects get cancelled, or the code is deemed obsolete and gets erased, or is left to fade on storage that physically degrades over time.

Tickets for London CiviCon 2016 now available

The largest CiviCRM meet-up in Europe will be taking place in London on 6th and 7th October 2016.

This year’s CiviCon promises to be packed with great presentations, interactive workshops, expert speakers and panels that highlight people putting CiviCRM, the leading open source CRM software for the voluntary and community sector, to use within their organisations.

CiviCon publicity

The conference venue is Resource for London and CiviCon will be celebrating its 12th birthday.

More details.

New this year – One or Two day tickets

This year CiviCon is introducing one day tickets for BOTH days and group save, all with 30% off until the end of July. One day tickets (£140) for 7th and 8th can be used by new and potential users to evaluate CiviCRM – and for users to bring along their colleagues! The new Group ticket covers 4 people from a single organisation for the price of 3 full tickets.

In addition to the conference, other CiviCRM events planned for London in October include training (Tuesday 4th October – Wednesday 5th October 2016) and a sprint (Monday 10th October to Friday 15th October 2016).

One of CiviCon’s sponsors is Bristol’s own Circle Interactive. Other prospective sponsors are also being sought.