Wednesday Dec 15, 2010

Oracle Office - for the desktop and for the cloud

Oracle just announced Oracle Open Office 3.3 and Oracle Cloud Office.

Oracle Open Office is Oracle's professional distribution of The differences are explained in the FAQs for Oracle Open Office.

Oracle Cloud Office is our brand new Web and mobile office suite!

Friday Mar 19, 2010

The Sun ODF Plugin for Microsoft Office and the Excel issue after uninstalling or upgrading the Plugin

Many people complain about an issue they have with Excel after uninstalling or upgrading the Sun ODF Plugin for Microsoft Office: When starting Excel, Excel complains that the Add-In odfaddin.xla can't be found: 'C:\\Program Files\\Sun\\Sun ODF Plugin for Microsoft Office <old version>\\converter\\odfaddin.xla' could not be found. (...)

I would like to point out that this is not an issue from the ODF Plugin installer, but in Excel itself:

The ODF Plugin installer writes some HKEY_LOCAL_MACHINE entries into the registry to activate the Plugin, and these entries are removed when uninstalling the Plugin, or point to the correct version when doing an upgrade installation. But for some reason, Excel will put a reference to the Add-In file odfaddin.xla into the user's configuration (HKEY_CURRENT_USER) when starting Excel after the ODF Plugin installation. This entry - of course - won't be removed from the installer when uninstalling the ODF Plugin.

So to get rid of the annoying error message, you need to remove that reference yourself:

In Office 2007, use Microsoft Office Button => Excel Options => Add-Ins => Manage Excel Add-ins (Go...) => uncheck "Odfaddin". In older versions, use Tools => Add-Ins => uncheck "Odfaddin"

If it doesn't work (which seems to happen at least in Office 2007 after upgrading the ODF Plugin), remove the reference to the old Add-In in the registry directly: HKEY_CURRENT_USER\\Microsoft\\Office\\<version>\\Excel\\Options => "OPEN"="\\"C:\\\\Program Files\\\\Sun\\\\Sun ODF Plugin for Microsoft Office <old version>\\\\converter\\\\odfaddin.xla\\""

In more detail - this happens in the different phases when installing the ODF Plugin, running Excel and then uninstalling or upgrading the ODF Plugin:

Step 1: Installing the ODF Plugin:


  + [HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{16A1C170-D2C8-423B-AEC6-BAD7A26F1828}\\InprocServer32]
  + @="C:\\\\Program Files\\\\Sun\\\\Sun ODF Plugin for Microsoft Office 3.1\\\\converter\\\\odfaddin.dll"

  + [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Office\\Excel\\Addins\\ODFAddIn.Connect]
  + "Description"="Load and save files in OASIS OpenDocument format"
  + "FriendlyName"="ODF Add-in"
  + "LoadBehavior"=dword:00000003 
Step 2: Starting Excel (now Excel creates the entry that leads to the problem):


  + [HKEY_CURRENT_USER\\Microsoft\\Office\\12.0\\Excel\\Options]
  + "OPEN"="\\"C:\\\\Program Files\\\\Sun\\\\Sun ODF Plugin for Microsoft Office 3.1\\\\converter\\\\odfaddin.xla\\""
Step 3a: Uninstalling the ODF Plugin (all entries written by the installer are being removed): 


  - [HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{16A1C170-D2C8-423B-AEC6-BAD7A26F1828}\\InprocServer32]
  - @="C:\\\\Program Files\\\\Sun\\\\Sun ODF Plugin for Microsoft Office 3.1\\\\converter\\\\odfaddin.dll"

  - [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Office\\Excel\\Addins\\ODFAddIn.Connect]
  - "Description"="Load and save files in OASIS OpenDocument format"
  - "FriendlyName"="ODF Add-in"
  - "LoadBehavior"=dword:00000003

  still there (of course!):
  "OPEN"="\\"C:\\\\Program Files\\\\Sun\\\\Sun ODF Plugin for Microsoft Office 3.1\\\\converter\\\\odfaddin.xla\\""
Step 3b: Upgrading the ODF Plugin, instead of uninstalling:

  - @="C:\\\\Program Files\\\\Sun\\\\Sun ODF Plugin for Microsoft Office 3.1\\\\converter\\\\odfaddin.dll"
  + @="C:\\\\Program Files\\\\Sun\\\\Sun ODF Plugin for Microsoft Office 3.2\\\\converter\\\\odfaddin.dll" 


  still there (of course!):
  "OPEN"="\\"C:\\\\Program Files\\\\Sun\\\\Sun ODF Plugin for Microsoft Office 3.1\\\\converter\\\\odfaddin.xla\\""

So if Excel has a reference to the Add-In, Excel should probably simply disable the Add-In when it doesn't exist anymore, instead of complaining over and over again. Or at least ask the user whether or not to keep the entry...

Wednesday Feb 17, 2010 and Solaris 10 listed in eWEEK's Top 25 Technologies Of The Decade

eWEEK names 25 products, applications and technologies of the last decade that have changed the way we work, play and live.

Among them: and Solaris 10.

Friday Feb 12, 2010 3.2 available - a highly recommended update

Eventually, 3.2 is available for download.

This update is highly recommended, not only because of the many security fixes and security feature improvements, but also because of some noticeable performance improvements.

As always, make sure to only download from trusted sources, like The reason is explained here.

Wednesday Jun 03, 2009

Sun ODF Plugin 3.1 for Microsoft Office

A new version of the ODF Plugin for Microsoft Office is available.

As I wrote in the last ODF Plugin announcement, the Plugin nowadays uses the same version number like the underlying version, so this version is now based on 3.1.

Some people asked for it, so I have added the possibility to disable the update feature and the registration feature.

Since the registration will only be triggered once after installation (and you don't have to register!), and the update feature never executes automatically, disabling these features is probably only interesting/needed in enterprise deployments. See the FAQ for details.

Thursday May 07, 2009 3.1 released - download the genuine and FREE version now!

The final version of 3.1 is available for download now!

A lot of new features and improvements make it really worth updating to this new version.

Important: Make sure to download genuine from a trusted site!

Almost daily, the Security Team receives mails from people who downloaded from commercial sites and had to charge for that in advance, or are asked for some kind of key or serial number when they want to install.

Selling is allowed, and is fine as long as you get some extra service, like a CD, printed handbook or support. Unfortunately, some people and companies try to make easy money with, without providing any extras, and these download sites are often in the first hits when searching for OOo downloads.

If you are not sure whether or not a download site can be trusted, simply use is very easy to remember, and mirrors make sure that you don't have to care about optimal download locations yourself.

Thursday Apr 30, 2009

Using the Sun ODF Plugin for Microsoft Office with Office 2007 SP2

ODF is now nativity supported if MS Office 2007 with Service Pack 2.

Nevertheless, people asked if it would still be possible to use the Sun ODF Plugin also in Office 2007 SP2, because the ODF quality might be better.

I just gave the final version of SP2 a try, but only to verify that the Sun ODF Plugin still can be used. My intention was not to figure out how good the native ODF filters in SP2 are.

OK, I must admit that I couldn't resist to quickly figure out what would happen with tables in presentation, because I know that SP2 only implements ODF 1.0.

Tables in presentations got specified in ODF 1.2, same holds true for formulas in spreadsheets. As expected, you might want to continue using the Sun ODF Plugin if you need these features.

If you want to use the Sun ODF Plugin for ODF documents, instead of he new built-in filters:

  • Don't open documents via the Windows explorer. You must use the file picker in MS Office
  • In Word, make sure to use the filter "ODF Text Document (\*.odt;\*.ott)"
  • In Excel and PowerPoint, use the "Export ODF" menu or tool bar items

In Excel and PowerPoint, using the new built-in filters is more convenient, because you can simply use open/save, instead of the extra UI. But the fact that the filter in Excel doesn't support formulas let me think that this filter is quite unusable for most users... (Don't get fooled when testing it: Formulas written with Excel will work when loading the same ODF file in Excel, because the information about the formulas is preserved with the help of some MS Office specific XML tags, which no other ODF application will recognize)

Alternatively, now that you are interest in ODF, you might want to give a try, in case you not already did so...

Update on my Black Hat 2009 OOo Security comments

I have to correct something that I just wrote in my Black Hat 2009 OOo Security comments.

My colleague who is working on the encryption stuff just pointed me to the fact that we have fixed the bug with macros in encrypted documents sometimes not being encrypted, but that we don't show the warning  that I mentioned. Reason was (again) the compatibility thing.

I am really sorry for my false statement about this, and that the attack described in the paper (replacing encrypted macros with plain text macros) still works in OOo 3.0 and 3.1.

I will do my best that we change this in the upcoming OOo 3.2 version, and show the warning as promised...

Comments on the Black Hat 2009 OOo Security Briefing

Here are my comments on the white paper: OpenOffice v3.x Security Design Weaknesses, Eric Filiol and Jean-Paul Fizaine.

Statements (not quotes) from the article are marked with an italic font. For the original text please refer to the publicly available paper.

Chapter 1 - Introduction

      Some reference to issues described in “In-depth analysis of the viral threats with documents”

The listed GUI manipulations and macros in user space are not in the focus of this new article, so I just want to point to to my comments on that article in my blog.

      Unencrypted, plain documents don't have integrity control, files can be added, including executable (macro) code

Well, ODF is an open standard, so any kind of integrity check would also be well documented. Other ODF application must be able to implement them, so also malicious software knows how the checks look like. And: (proprietary) binary file formats are no more secure - they just make it more difficult (security by obscurity).

In the end, it doesn't matter: If someone adds a macro, OOo will warn, and ask if the user really wants to execute it (which he shouldn't do with documents he can't trust). If the extra content is some executable, it doesn't matter for OOo, since it will be ignored.

      Encrypted documents: Macros can be added, replaced or removed

In OOo 3.0, it's no longer possible to add or replace macros in encrypted documents. When a document is encrypted, all content streams must be encrypted, all with the same key.

Unfortunately OOo only shows a warning for not encrypted streams for ODF 1.2 documents. For compatibility/legacy reasons it's not shown for older documents. We already work on changing this for OOo 3.2, since we recognized that security should have had a higher priority over compatibility here.

[UPDATE: I was mistaken that we actually would show this warning. It's still possible to replace encrypted macros with plain text macros.]

Macros can still be removed in encrypted documents. This can't do any harm, but I agree that this might look a little bit strange for the user, since he believes this shouldn't be possible in an encrypted document.

In the team that is working on OOo 3.2 security improvements, we discussed possible solutions here. I understand that Mr. Filiol is in favor of encrypting the manifest.xml, but this can't be done, because the used encryption/hash algorithms are described there, and the ODF application need to be able to read that. (You should also recognize that ODF 1.2 will allow for using different encryption algorithms, because different countries or companies might have different accepted/allowed/approved algorithms).

Our current idea is to create a hash of the manifest.xml in a separate stream, which is encrypted with the same key like the rest of the document. OOo would then warn when the hash is broken or doesn't exist. This need some more discussion on how to explain the warning to the user, because OOo would warn for all older (encrypted) documents, and documents written with other ODF applications. The user probably will need an option to disable this warning for old documents.

Additionally, we plan to warn when some stream in the archive is not listed in the manifest.xml. The ODF specification already states that only content listed in the manifest.xml is relevant for the ODF document, so this should be fine (in opposite to the encrypted hash value of manifest.xml, which probably needs to be specified there).

      It's possible to remove the digital signature

Fine for me – can be done via OOo GUI as well, and I don't see the issue here.

(In OOo 3.2, it shouldn't be possible anymore with encrypted documents)

Chapter 2 – ODF Format and Security Features

     ZIP and ODF Format and Manipulation Tools

There are many hints on how to prove that ODF files are using zip containers – nobody ever said it would be different. I especially like the hint to the project: “goal is to provide a set of tools to directly and transparently handle and manipulate the OpenDocument format”.

In the context of this paper it sounds like this would become a tool for doing evil things – manipulating ODF documents. Actually, the whole purpose of an open standard is that different kind of tools can make use of it. So it's worth mentioning that the project actually was started from people in our team here in Hamburg. To make ODF adoption easier for other projects.

     Macro location – simple text manipulation of these files would allow to dramatically change the security status of the document

Sure: The intention of macros is that macro authors can do powerful things. Good things as well as evil things. And it doesn't matter which tool I use to create them.

People never should run macros if they are not sure that they can trust them. Full stop.

     Document encryption: It is very surprising to notice that the manifest.xml file is not encrypted

Well, I don't find this surprising, because, as I wrote earlier in this article, it contains necessary information for the ODF application about how to handle the encryption.

And as I also stated there, that we think about introducing an encrypted hash value for the manifest.xml, so it can't be manipulated anymore. The other information contained in manifest.xml is not worth hiding, because that information (mainly the stream names) is also contained in the Zip header itself.

     Digital Signatures of documents

     The information with respect to the signature are located in an additional file which is not the manifest.xml

Actually the signature stream is listed in the manifest.xml. Or was this statement about the signature not being stored in the manifest.xml directly?

     It is worth mentioning that the META-INF/manifest.xml and META-INF/- documentsignatures.xml themselves are not signed

Signing the manifest.xml is on our list for OOo 3.2. Please note that this will introduce the limitation that macro signatures can't be introduced after the document was signed, because this would need manipulation of the (then) signed manifest.xml.

I am not sure about the part with regard to signing the signature file itself. Signing the full file wouldn't be possible, because additional signatures would be stored in the same file, breaking the first signature. Needs more thinking/discussions.

     The digital signature relies on the XML-DSIG norm. However, it is itself not standardized in the OpenDocument format release 1.2 (at the present time no more information is available and the only reference is the version 1.1) yet

Please note the the specification for digital signatures has been integrated into OpenDocument-v1.2-draft6.odt (September 2007). The most current version of the ODF 1.2 specification is the Committee Draft 01-rev06.

     All the aspects related to signature (see page 31 in the paper) could be interesting for any malware which would operate directly in memory and could thus manipulate the signature during its production

Well, if you already have suspicious code running in memory, your system is already compromised and you can't rely on anything in your system anymore. You can read about my opinion about the primo infection issue here.

     Digital signatures combined with encryption: The signature file itself it not encrypted

I recently discussed this with different people. There are advantages and disadvantages in encrypting this file. It depends on your use case. In the end, this can become a privacy issue, but from my point of view, not a security or integrity issue.

     Signature and macros: The document signatures includes all streams, while the macro signature doesn't include the document streams. The document is not protected, being a major design weakness

I strongly disagree, since this works exactly as designed! Companies tend to do a lot of complex things with macros. Very often, these macros reside in templates. People use the templates and fill in some data into the document. If the macro signatures would include the document content, macro signatures would become invalid in the moment the user enters some data. With the current approach, the macro signatures will stay valid in this case. You should also notice that macro signatures have a different meaning than document signatures. They explicitly only sign the macros, not the document, and the document will not show up as a signed document. The macro signatures make sure that macros are not altered, and can be used for macro trust decisions.

     With document signatures, the whole document content is signed, including existing macros. This is a significant evolution since in OpenOffice 2.x, macros themselves were not signed. As a consequence, attacks identified earlier are no longer working, at least directly

Right. It was a wrong decision to only sign the document content with the document signature. Now the macro streams (and all other streams in the zip archive except in META-INF folder) are part of the signature. Please note that this is only for integrity checks – the macros signed with a document signature are not handled as signed macros.

Chapter 3 – Viral Attacks Through Plain OpenOffice Documents

     Simple archive manipulations (using zip/unzip utility and a simple text editor) enable to perform a lot of attacks. If we intend to modify the document payload itself (the document visible text), the principle consists in modifying the information contained within the suitable tags

Well....yes? I really wonder why people should be confused about this.

The ODF standard is defined as an open standard – not bound to certain applications. This means any application is eligible to implement ODF. Most users will use authoring tools like for creating ODF documents. But it's totally OK to use scripts which do automatic ODF/XML processing, or even using stone old VI, where the ODF logic needs to be in the authors head, because VI can only help in plain text file manipulation.

So the scenario described above is absolutely valid and welcome.

     Since no integrity check is performed, the modification remains unnoticed by the user

All kind of integrity checks would rely on hashes. Since the calculation of the hashes would be well documented in the ODF specification, and algorithms would be implemented in many open source projects, it wouldn't make it much harder for malicious code to do not recognized document manipulations. Hashes only help when you can encrypt them – this is exactly what digital signatures are good for.

     Attacker can add non declared file (in particular one or more malicious macros)

With OOo 3.2, the files will need to be declared in the manifest.xml, but that doesn't change much. For macros this is not really an issue, since they are not signed then, and shouldn't be trusted/executed. OOo will show a warning when loading the document.

Interesting is the part “It is possible to insert stolen data into an file”. (Side note: Why do people call them OOo files so often?! Please recognize that they are ODF files, and there are many ODF capable applications out there).

It's true that you could put any (stolen) content into the document's zip container, but you also can do it by attaching the data to PDF documents, where nobody would expect anything like this when forwarding the file to other people. And you probably can do the same thing with many many other file formats.

The issue here is – again, not the file format or the application, but the circumstance that you already have malicious code running on your system! This code can do anything with the current user's access rights, and there are many more interesting/efficient attacks than controlling an office application.

For the part “attackers can do macro substitution (replace macros with other malicious macros)”:

As I already said – macros which are not signed shouldn't be trusted/executed.

     Any XML compliant modification will remain undetected...

I guess this is already answered...

Chapter 4 – Viral Attacks Through Encrypted OpenOffice Documents

I must admit that I don't understand what chapter 4.1 is trying to demonstrate. The text doesn't mention what kind of document/macro manipulations has been done in the “successful case”. The differences they list (directory names in the zip header) don't mean anything to ODF and the signatures. I can only assume that they used some old documents in their tests. As I stated earlier, some checks are currently only done for ODF 1.2 documents (for compatibility reasons), and starting with OOo 3.2 we plan to do the same tests and warnings also for older documents.

     Let us consider then the case which consists in replacing an encrypted macro with a plaintext (malicious) macro.

This attack doesn't work anymore with OOo 3.0 and ODF 1.2 documents. Again – same checks for older documents to be introduced in OOo 3.2. I am really sorry we didn't do it from the beginning, “just” for document compatibility reasons.

Chapter 5 – Viral Attacks Through Digitally Signed OpenOffice Documents

     Since critical files are not encrypted and especially there is no external secure management of digital signature keys and certificate (use of PKI), it is dramatically easy to forge fake X509 certificate and play man-in-the-middle attacks.

First, I would like to clarify that OOo actually makes use of PKI.

On Windows, the Microsoft Cryptography API is used, and the certificate management and tools are the same like for all other Windows applications. On other platforms, OOo relies on NSS, which means that the certificates are managed via Mozilla Thunderbird, Firefox or Mozilla/SeaMonkey.

In the paper we see an example that someone could collect personal data of “Alice” somehow, and create a self signed certificate using most of the data, to make it look “genuine”. Bob then receives a document which seems to be signed by Alice, and Bob doesn't understand PKI and lets himself being fooled by simply reading the Name “Alice”. He is not checking the public key...

I agree that there are probably many people out there who don't know much about public key certificates and PKI. They don't understand that self signed certificates are worth almost nothing, and that they would need to check the public key somehow.

But actually, OOo 3.0 tells the user when a certificate can't be validated, which is always the case with self signed certificates. It seems that the screen shots in the paper have been done with an old version of OOo. OOo 3.x versions would show an exclamation mark in the signature sign. In the status bar as well as in the certificate dialogs.

Screen shots to show how it looks like in OOo 3.x:

- using a self signed certificate, document window
- using a self signed certificate, signatures dialog
- using a self signed certificate, certificate viewer, general page
- using a self signed certificate, certificate viewer, certification path

Please note that the document is not marked as “(Signed)” in the document window caption, and also note the exclamation mark in all symbols. All dialogs tell the user that the certificate could not be validated. So people should be aware that something could be very wrong.

Instead, they should only trust in certificates signed by some certificate authorities, with corresponding root and intermediate certificates existing in their system:

- using a good certificate, document window
- using a good certificate, signatures dialog
- using a good certificate, certificate viewer, general page
- using a good certificate, certificate viewer, certification path

Looks much more trustworthy to the user, doesn't it?

Chapter 6 – Conclusion: Enhancing OpenOffice Security

My conclusion is that OOo/ODF security doesn't look that bad like stated in the paper.

And with OOo 3.2 there should be some more improvements, as mentioned in different places in this article. Please note that I can't make promises about what things will really make it into OOo 3.2. We are working on it...

The idea in the paper about a special OOo version (“Trusted OOo”) is interesting, but would mean to create an isle. That special version would warn every time you load a document which was created/modified with vanilla OOo or any other ODF application. The extra information in the documents would be lost once edited with some other application.

With regard to allowing administrators to configure security options: This is already possible. Simply change the configuration in the office installation fitting your needs, and mark the configuration items as final. Then the user can't change or overwrite them in the user configuration via UI or direct XML manipulation. And of course you need to make sure that normal users can't write to the location where OOo is installed.

I think I don't have to comment on “closing (security related) parts of OOo”. Beside the fact that it's not an option, would proprietary software make attacks only more difficult, but not impossible.

Comments welcome...

ODF support in MS Office 2007 with Service Pack 2

Service Pack 2 for MS Office 2007 is now publicly available.

The biggest improvement from my point of view: Support for the Open Document Format (ODF).

It's a native Filter in Word, Excel and PowerPoint, so you can use ODF as your new default file format there!

Of course Microsoft only did it for business reasons, because otherwise they could not continue selling Office to governments or companies where ODF is mandatory nowadays.

But in the and it doesn't matter why they did it - more important is that they did it, and that this is another step in ODF becoming the open standard file format for Office documents.

I didn't test the filters, so I don't know how good the quality is. But if people start to consequently use ODF now, I am sure the filters will be improved constantly, as well as the ODF specification in case that something is missing what is needed to store certain Office features...

Monday Apr 20, 2009

Oracle to buy Sun

Well, I always believed that Sun would be able to survive without being bought by another company.

We have great products, hardware as well as software, and we only have done poorly in making money with the products, or with service contracts for our (open source) software products...

Now it seems I will never figure it out, since Oracle will by Sun.

We have just been informed about this some hours ago, and its in all news now.

Right now, I don't know enough about Oracle to make me a picture whether or not this is (for me) better than IBM buying us. IBM is interested in, so probably also in Sun's OOo team here in Hamburg.

What about Oracle?

Friday Feb 13, 2009

About the update feature in the Sun ODF Plugin for Microsoft Office

One of the questions I receive quite frequently is whether or not it would be possible to disable the update feature from the Sun ODF Plugin.

Well - from my point of view, this wouldn't change much, because the update feature doesn't look for updates on it's own, nor would it download or install anything itself.

I tried to explain that in the FAQ, but it seems someone decided my explanation would be too long or too technical, and shortened the item in the FAQ.

For those who want it explained a little bit more, here is my original FAQ item:

Q: Can I disable the auto update feature?

A: No. The auto update feature just checks whether or not a newer
version is available, but it doesn't download or update anything on it's
own. Also the check is never done automatically, but the user has to
select it manually. When a newer version is available, the same download
web site will be presented to the user like when he would look up for a
new version there. Download and installation is the same procedure like
for users who don't use the Sun ODF Plugin for Microsoft Office yet, so
there are no additional other mechanisms involved which a system 
administrator might want to restrict.

Makes sense?



Friday Feb 06, 2009

Sun ODF Plugin 3.0 for Microsoft Office

Finally, a new version of the ODF Plugin for Microsoft Office is available!

It's been a while that we have released version 1.2 - but hey, why is it called 3.0? Did I miss version 2.0?

Well, the answer is very simple. I thought it would be a good idea to give it the same version number like the underlying version of

This way, people know exactly which versions of the conversion filters are used.

The conversion between ODP/PPT and between ODS/XLS is exactly the same like in the equivalent version of

The conversion between ODT/DOC is basically the same, but might differ in some case because the Word Filter API is based on RTF, so there is an additional conversion involved.

This version of the plugin supports ODF 1.2 and loading ODF template files. The conversion filters have been further improved.

Monday Nov 17, 2008

StarOffice 9 arrived

Finally, StarOffice 9 is available.

Basically it's almost the same as the recently released 3.0.

The most important differences are indemnification, and up to 3 warranty support calls included in the retail version. Some people also like our hotfixes and patches that we provide for StarOffice only, while you always have to do full installations for new OOo releases.

It's really up to you whether you want to use StarOffice or - in the end we are happy to offer different levels of services contracts for both products.

Tuesday Oct 21, 2008

3000000x3 version 3 is available for 1 week now, and was already downloaded more than 3 million times!

And this is only what we can count - it doesn't include torrents and other ways of distributions.

More information and links in this blog.

Thursday Oct 16, 2008

Review of 3

You might be interested in the Computerworld's review of 3.

"...Given that the full suite is free, this is one of the best deals you'll find in all of computing. It'll do just about anything you expect from an office suite..."

Just one point I would like to clarify: The statement "... It won't, however, work with the newest Office 2007 formats such as .docx..." is not 100% correct. You cannot save as docx, but you can open docx files.

So this gives you the ability to salvage all the documents you created with your pre-installed MS Office 2007 trial version, which only stored your documents in this format and you don't know how to open them now w/o buying MS Office ;)

Beside the review itself,  the blog has many users comments worth reading...

Monday Oct 13, 2008 3 is there... somewhere!

Well, when you try to get it from the official site ( NOW, you probably won't see it because too many people are trying to get it now.

But it's there, and the new release comes with many new exciting features.

The biggest addition probably is the native support for Mac OSX, but there are also many other great new features like a PDF import, import of Office 2007 documents, a multi page view in Writer, native tables in Impress, a Solver in Calc, and much more...

When the web site is fully back to live, you should find a feature guide here

So the new version is absolutely worth updating your old installation, or finally start using at all.

Thursday Jul 17, 2008

StarOffice 9 Beta 2 available!

StarOffice 9 is ready for beta testing.

If you want to give it a try, you can download it here

One of the biggest "features" is the native Mac support. This is something the people really wanted to have for a while now. You can find some interesting blog postings about the efforts on GullFOSS.

Some people might be more interested in the new PDF import, or the nice presenter console.

Writer learned a dual page view and has improved handling of notes.

Impress has native support for tables now, as defined in ODF 1.2.

Calc has some features for collaborative editing, a new solver tool and improved charting functionality.

You see - many improvements worth updating to the new version.

Friday May 30, 2008 3.0 on Mac OSX Accessibility

Our engineers here in Hamburg are spending a lot of efforts into the native port of for the Mac platform.

One part of these efforts is to implement the Mac Accessibility APIs, to make OOo as accessible as possible with AT tools.

My colleague Peter Korn just wrote a very good blog about this, so instead of duplication all the information, I recommend reading that one if you are interested in the details.

Wednesday May 21, 2008

Office 2007 won't support ISO's OOXML

Reading the announcement that Microsoft will implement ODF in Office 2007, it's also interesting to read that they will NOT support the ISO version of OOXML in Office 2007.

Note that, for good reasons, also doesn't claim to support OOXML, but to implement import filters for the MS Office 2007 document formats.

The new filters will become available in 3.0, which is already available as a beta version.



Microsoft to implement ODF in Office 2007

Here are the news!

Sure we can't know how good their ODF support will be, but it's great that they start a native implementation for ODF now, coming with SP2 first half of 2009.

Seems, for now, they only plan to have ODF for Word.

If this is not enough for you, you are still invited to use our free ODF Plugin for MS Office, which gives you high quality ODF support in Word, Excel and PowerPoint.

Monday May 19, 2008

A better Favorites Menu for

Some time ago I posted my solution for a favorites menu in

This worked fine for me, but was somewhat like a quick hack. You had to configure the menu items in a basic Script - no GUI was assisting you in this.

But somebody got aware of it, and started creating a neat bookmark solution with some GUI.

I just gave the Bookmarks Menu Extension a try and decided to get rid of my own script -

Monday May 05, 2008

Sun ODF Plugin 1.2 available now

We have just released version 1.2 of our Sun ODF Plugin for Microsoft Office.

There are many improvements to the filters, especially in Word, so it's  really worth downloading it.

Wednesday Mar 26, 2008

Document Freedom Day

Today is Document Freedom Day

This is great. And because it is about open document standards, it's mainly about ... yes, the Open Document Format (ODF), as you can read at the Document Standards page.


Thursday Mar 20, 2008

Back from CSUN

Last week I was attending the CSUN conference - probably the biggest and most exciting Accessibility conference in the world.

The different presentations made it clear: Web Accessibility, ARIA and AJAX are still very hot topics.

For Windows Accessibility, IAccessible2 is still making a lot of progress. Some Screen Readers already have support for it, and I hope we will have it in soon.

I gave a small talk in an IAccessible2 session, my presentation can be found here.

Of course I have used the cool PDF export in, which allows you to create well accessible, tagged PDF. Unfortunately, creating tagged PDF is not the default, because of the increased file size. I hope we will change the default eventually. For now, use the "Export as PDF..." menu item in the file menu, which will give you a dialog where you can check the option to create tagged PDF. The tool bar item skips this dialog.

In parallel to IAccessible2 on Windows, we are also working on support for the Mac OS X Accessibility Framework!

We have shown the latest builds to some AT vendors, and it seems they are very exited about this. From what I heard, not many applications on Mac OS X have good support for this right now.

So with all our Accessibility work going on, I am very confident that 3.x will be very accessible on many different platforms, with native support for the platform specific Accessibility frameworks!




Wednesday Dec 12, 2007

Sun ODF Plugin 1.1 now fully working with Microsoft Office 2007!

I just learned from Brian Jones that Microsoft has fixed a bug with Office 2007 SP1, which hindered the Sun ODF Plugin to work with Word 2007.

I gave SP1 a quick try, and - it's working now! 

If you are interested in the details, just look at my older ODF Plugin FAQ and Brian's comments.

This is really great news, and I am sure Brian took care that this would really be fixed with SP1 - thanks for this!

If you already have the Sun ODF Plugin (and Office 2007) installed, just install SP1 and that's it. If you haven't installed the ODF Plugin yet, you can find it here.

Thursday Oct 04, 2007 Project and Community

Just found this interesting blog entry from Jim Parkinson and wanted to share with you: moves forward!


Tuesday Oct 02, 2007

Sun ODF Plugin 1.1 for Microsoft Office available now!

The newest version of our ODF Plugin for Microsoft Office is available, you can find it here.

We have fixed the installation problem that occurred on some systems, and have made many improvements to the filters.

The biggest difference compared to 1.0 is that we have support for different languages now!

It's still just one package to download and install, but the Plugin will detect the languages from your MS Office and your Windows installation. When support for that language is available, the Plugin UI within MS Office will use you current MS Office language, while the menus and dialogs in the system tray use the language from your operating system. If your language is not supported, the fall back is English.

Thursday Aug 16, 2007

A Favorites Menu in StarOffice /

I wonder if I am the only person missing such a feature.

There are a few documents which I need quite regularly. Unfortunately they are sometimes not in the recent file list when I need them, and it's also nice to have some special bookmarks for them.


 Screenshot of the favorites menu


So why wait for it?! It's easy to extend or customize via macros and extensions, so I created a simple macro to get my favorites menu.

If you are interested, you can find the macro in the Wiki. Simply copy&paste the macro text into the standard library from or StarOffice ( Tools / Macros / Organize Macros / StarOffice Basic => My Macros )

To have the menu automatically all the time, simply go to "Tools / Customize... / Events", and add "InsertFavoritesMenu" to "Start Application". On the bottom of the dialog, make sure to save the information with the application, not with the current document.

This is not the optimal implementation, but it works for me and didn't take much time.

Things to improve:

  • Don't code the documents into the macro, but provide some XML configuration
  • Make it an installable extension, instead of a plain macro
  • Optional: Make the Favorites menu as sub menu of the File menu
  • Optional: Add UI for configuring menu entries

Any volunteers? ;)

Tuesday Aug 14, 2007

StarOffice 8 included in Google Pack now!

Since last weekend, StarOffice 8 is part of the Google Pack!

This means that you get all the licensed 3rd party stuff that is part of StarOffice, but not of These things include high quality fonts, commercial spell checker and thesaurus as well as additional templates. And it comes with our brand new Google Search Bar!

Really a big value add for the Google Pack, IMHO...


Malte Timmermann


« July 2016