Author: William Gathoye

Collabora Online Support – Helping Organisations Make the Most of Open Source

William Gathoye Leave a comment

Why Open Source

Open Source software is now, unquestionably, a critical element in most tech landscapes. In fact, it’s next to impossible to build a significant technology stack without it today.

Apart from the obvious cost/price advantages of Open Source software, it also delivers a host of other business benefits. Being open, users can ‘lift the lid’ and look inside to see how the software works. This level of insight not only better enables them to suggest improvements, but it helps deliver a level of confidence and control that simply isn’t available with proprietary solutions, developed and maintained in private. Try asking Microsoft, or any other big brand software company, to change their solutions to meet your specific requirements?

Open Source software enables flexibility and agility far more effectively than proprietary alternatives. Like us here at Collabora Online, you can choose a vendor that is not afraid of empowering their users to join in with the innovation if they want to.

Open Source in a Commercial Environment

So for ambitious organisations Open Source is a ‘no-brainer?’ Yes, but it needs to be managed and implemented correctly. Professional organisations looking to unlock the benefits of Open Source should also proactively look to minimise risks.

The Log4j software vulnerability is a good example of the potential risk of the widespread introduction of Open Source software into mission-critical infrastructure, without the necessary support.

By its very nature, community built Open Source software has a more informal approach, which on one hand is a great advantage – allowing anyone to participate. On the other hand, it can present a problem should, like Log4j, something go wrong. The lesson to be understood is that any software implemented on critical infrastructure needs be adequately supported. Should an issue arise, it can be addressed in a timely fashion and organisations are not left alone, scrambling to sort it out themselves!

Collabora Online Support – The Enterprise-Ready ‘Wrapper’

Collabora is a dedicated Open Source business. We are passionate about the benefits of Open Source software and we’re committed to helping organisations take full advantage of them. Importantly, though, like many of our customers, we’re also a commercial business so we understand the pressures and imperatives they operate under. So how do we make Open Source software enterprise ready and Collabora Online a safe and reliable alternative to big-brand, proprietary solutions? Enterprise-grade support’s the key.

Simply put, we deliver all of the generic benefits of Open Source software ‘wrapped’ in a commercial, enterprise-grade maintenance and support package. This, effectively, insulates our customers from the more informal elements of Open Source software development, whilst enabling them to confidently enjoy all the obvious advantages.

This commercial ‘wrapper’ is delivered by a full-time team of expert engineers who can be contacted directly via a dedicated support platform. They are focused on maintaining a product that works for our customers, which includes tested security updates, long term supported packages (LTS) and going the ‘extra mile’ to do the boring, routine work to make a reliable commercial product as apposed to a volunteer project. They also help maintain the functionality, security and market relevance of Collabora Online by providing significant long-term technical investment in code review, linting, fuzzing and extensive automated testing from the community.

Most importantly, they help ensure that any problems discovered are easily reported and dealt with quickly, e.g. so when your Operating System auto-upgrades and document standards slide – you have us to help fix it and keep you in business! Users of Collabora Online are never left alone to deal with any problems.

The enterprise-ready benefits of Collabora Online are further strengthened with a range of support packages that are put together to address the varied needs of our customers, and include full and complete technical documentation, comprehensive SLAs and signed security updates.

So any organisation that’s looking for a real alternative to proprietary office solutions, and to free themselves of an over reliance on the big-brand vendors, can be confident that Collabora Online delivers all of the enterprise-grade features they need, combined with the benefits of Open Source in one attractive package.

Read More

Collabora Secure View – The Secure Way to Share Data and Support Productivity

William Gathoye Leave a comment

The ability to easily share data is at the very heart of personal and corporate productivity – it’s what helps develop competitive advantage and success, but, arguably, it’s never been more of a challenge. In a modern distributed work environment, outside of the traditional office setting, it’s vital to closely control the data you share, including where it resides, who can access it and what they can do with it. Collabora Secure View has a unique way to enable you to do this.

How to Share Without Sharing

At a very high level, all businesses want to be able to easily share documents, be they presentations, spreadsheets, new designs, etc., both internally amongst fellow staff members and externally with partners and other valued third-parties. Crucially, though, they don’t want to lose control of these documents, which often contain valuable, mission-critical data. This is a common business challenge that Collabora Secure View solves: stopping your secrets leaking!

Rapid Product Feedback & Iteration

Ironically, Collabora Secure View came about as a direct response to a critical business security challenge identified by a leading car manufacturer that approached our partner ownCloud for a solution. This is a real-life example of the value of customer /sales feedback, which, in this case, identified a business-productivity issue – exactly what Collabora Secure View is intended to enable – secure sharing of data that enables reliable and productive collaboration.

Ways Not To Do It?

There are two popular ways to do this wrong.

1. Unreliable, in-browser redaction

Those who adopt this approach use a front end that loads in a browser. They then transmit all of a document’s contents to the browser, often simply by converting it to html, where it is displayed. The main problem here is that in doing this they give the whole content of the document to anyone viewing it, which they can save, modify or pass on – it’s simply not secure!

Often a watermark layer is included on top of the document, but this can be reasonably easy to remove with a little knowledge of how to delete a few html nodes, revealing any restricted or hidden data. This is similar to the horrifying redaction mistakes we’ve seen in the past – and is insecure by design.

2. Hand all your keys to Microsoft

An alternative approach is to use Microsoft’s Digital Rights Management solution, which uses end-to-end encryption. This way of doing it is very secure, but comes with some important business trade-offs!

Firstly, you need to hand over all your document keys to Microsoft; you typically upload your keys onto Microsoft’s Azure Cloud – which provides a central point of failure. Secondly before a device can be given a document key – it is critical to this model to ensure that the end-point is secure and will correctly apply policies such as: “you cannot print this document.” Unfortunately this means that your entire client software stack has to be cryptographically signed from when the PC starts, through to Windows, and all the client software on top – with revocation and other complexity alongside. As a result, you loose control not only of your document keys, but also your entire client software stack, which is then controlled by a single vendor. On top of this, you also need a centralised Cloud infrastructure to share your keys – which seems to be close to the ultimate vendor lock-in.

This approach brings many potential problems, a remote server outage outside your control can loose you access to your most critical documents. Similarly if this is done right, a revocation event can force an immediate upgrade of your client software from the operating system through to the Office suite to regain access to your documents.

When done correctly, this “surrender your keys” scheme can provide the required security benefits, but at some significant expense in flexibility – particularly that you need to share data only with client devices that are fully signed by Microsoft: cutting out Mac, Android, iOS, Linux, etc.

Collabora’s Unique Solution

Secure View, which was developed in partnership with Dell and ownCloud, enables you to securely share all of your valuable data to any un-trusted client via the browser. How can this possibly work?

This high-degree of data security is achieved because your documents never leave your site, staying safe behind whatever security measures you choose, such as firewalls, VPNs and reverse proxys. Collabora Online sends pixels of a document, which can be shown to users on screen, the document itself remains safely in your server room. Only the sections visible on the screen are sent, and even then it’s only the rendered pixels, never the original document. This guarantees that no amount of trickery can extract your documents against your policy. Should the worst happen and a document view ends up where it shouldn’t, there is no way for the unintended recipient to extract the document.

Obviously, for ultimate security we wouldn’t even share the pixels with the client – but this tends to make the document a little hard to read. Having said that – it’s important to avoid even screenshots of the latest product plans being shared so we secure the pixels by including watermarks often with the viewers’ name in them on the server side. This ensures that accountability is obvious to the viewer and stops them getting over-excited about sharing the wonderful new product features, etc. prematurely.

Watermarked Image Using Collabora Secure View

Partners can apply arbitrarily powerful policy rules on top of our granular per-user access controls, customising watermarks and permissions, including the ability to edit, print, share or download. In addition server-side logging can trace who accessed what and when.

Robust Federated Sharing

Each server provides security by keeping the documents on your site – but how can we capture the benefit of a centralised solution when to comes to sharing? Many of our partners, such as Nextcloud and ownCloud, have already solved this problem with an ad-hoc standard. Their interoperable federated sharing allows you to mount file shares from friendly remote servers, in effect creating a custom Cloud of partner Clouds. This means that you can easily create direct share links with other users across your partner and even subsidiary ecosystem as well as to external third parties.

A Real Alternative That Gives You Control

Collabora Secure View provides easy-to-use secure data management functionality that allows you to control who can access a document, what they can see and what they can do with it. Importantly, this is done using your own infrastructure so you can protect digital sovereignty.

“Collabora Online is built with security in mind. We implement a robust, layered approach that helps give our customers the confidence in our products and the peace of mind they demand,” said Michael Meeks, General Manager, Collabora Productivity. “We love to work closely with partners to enrich our products with great new security features that meet their customers needs – it’s what we do.”

Secure View represents a practical and straightforward way of sharing important data that protects data sovereignty, security and integrity.

Read More

Recent Contributions from Collabora to LibreOffice

William Gathoye 1 Comment

We’re continually contributing improvements to the LibreOffice code-base as a member of the community (Collabora Online Forum). Here are a few highlights of the last week’s work on behalf of our customers.

“Collabora is a commercial organisation; of course we serve the needs of our paying customers, but it is a real pleasure to be able to contribute alongside the development community to LibreOffice,” said Michael Meeks, General Manager of Collabora Productivity. “It, not only, helps us offer our customers business values and benefits other companies can’t, but it provides us with an incredibly robust development and support resource.”

There’s a lot going on in the community and here are few current projects that demonstrate what people are hacking.

Enabling Calc support for 16384 columns by default

Over the last couple of weeks Luboš Luňák (Llunak) has been working for Collabora on the 16k columns support in Calc. There’s been a lot of work on this already by Noel Grandin and others, but so far this has been hidden behind the experimental option, and normally documents open only with the “normal” 1024 columns support. The goal of this work is to finish the 16k support stable enough for it to be the default, so that people who need this many columns can finally get them without any complications.

If all goes well, and so far Luboš doesn’t see why it shouldn’t, LibreOffice 7.4 will ship with 16k columns being the default. Calc users will then be able to get a lot more columns to work with.

This work is funded/sponsored by DEVxDAO as part of its mission to support Open Source and transparent research and development of emerging technologies and frameworks. Interestingly finishing this work was also a project that was proposed by to be funded by TDF, and ranked as one of the top requested features, it is great that this budget can now be re-applied to another task.

If you have ever been bitten by the “too many columns” dialog box then, why not find out more about what Luboš is working on.

Word-style border fixes in Writer: pages, tables and paragraphs

Miklos Vajna (vmiklos) has been looking at Writer and how it can better render Word-style borders around pages, tables and paragraphs.

Word users expect to able to import their documents to Writer and experience high-fidelity rendering. This means Writer has to support the way page / table / paragraph borders are painted according to the OOXML model as well. This is all done conditionally, so existing ODF documents are left unchanged.

As a result of this work, Writer now has a set of improvements to better render Word-style borders around pages, tables and paragraphs.

Thanks must go to Docmosis and TUBITAK that have made this work by Collabora possible.

Find out more and take a look at some of the improvements that have been made.

Sparklines in Calc

Sparklines are mini charts available in OOXML (XLSX) documents that up to now were not supported by LibreOffice Calc.

Tomaz Vajngerl explained that to add support in LibreOffice for sparklines, they first needed to be read into the LibreOffice data model, but the data model for sparklines didn’t exist, so it first needed to be created. Once the data model was ready we could render the sparklines in the cell area.

Currently the code for this is in a feature branch (feature/sparklines), but it’s in the process of being up-streamed to master. The feature will be available in LibreOffice 7.4.

Thanks to the funding of NGI and the European Union, this missing feature is now being implemented. This project has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 871498.

Find out more about the work going into the development of sparklines in Calc.

These are just a sample of the good work going on to support and develop LibreOffice for the next release. If you’d like to find out more about what Collabora is doing or, perhaps, you’d like to get involved then please visit the Collabora Online User Forum.

Read More

Log4j – When Business Choices Undermine Technology

William Gathoye Leave a comment


Late in 2021, the Log4j software vulnerability hit the news. This was, and remains, a widespread security risk that impacted Government institutions and commercial organisations that knowingly or unknowingly installed this free piece of software distributed by the non-profit Apache Software Foundation.

Log4j seems not to be the best advertisement for Open Source as this incident has exposed some of the downsides of a more informal approach to software delivery and maintenance. Having said that, it’s well worth reflecting on the large number of derelict and unsupported systems out there in active use in many companies. From Windows XP, to obsolete or unsupported enterprise systems.

Michael Meeks, General Manager of Collabora Productivity, said:

“Organisations deploy solutions that use off-the shelf Open-Source components all the time, which is fine, but they often fail to get the necessary maintenance and support for them. The Log4j vulnerability is a stark reminder of the issues that can arise when this happens and organisations are left to sort out a major problem with little, if any, formal support.”

Open Source and Corporate Responsibility?

In the case of Log4j, the damaging bit of software is supported by a group of Apache volunteers. They are all well meaning and have worked hard to try address the root cause, but when it comes to important or even critical infrastructure, is it really appropriate to rely on software with such informal, part-time support?

Michael Meeks, commented:

“Open Source is unquestionably a force for good. It’s next to impossible to build a significant technology stack without it today. Nevertheless, the Apache Log4j incident calls into question the relationship between Open Source and commercial users and how they can safely unlock the huge business benefits offered by Open Source software deployment.”

“The point remains that when dealing with important infrastructure all software deployed in the enterprise should be supported by a team of dedicated, full-time experts, who can pro-actively engage with risks, and swiftly respond to users’ needs and any problems that may occur. That should create a positive, contributing linkage between between the end-user and the Open Source project.”

Collabora Online Support and Security

In the light of Log4j and the wide-spread problems this has caused, it’s important to emphasise that Collabora Online, which is based on the LibreOffice technology core, benefits not only from paid maintenance and support, but also a significant long term technical investment in code review, linting, fuzzing and extensive automated testing from the community that all end-users should demand of their software applications, combined with the obvious benefits of scrutiny of Open Source code.

Collabora Online is fully supported by a full-time team. Should any problems be discovered they can be easily reported, and dealt with. This includes a support platform and direct contact with engineers. This is further enhanced with a full and complete range of technical documentation, comprehensive SLAs and signed security updates. Users of Collabora Online are never left alone to deal with any problems.

Security is a critical factor in design. Not only does Collabora Online ensure end users can collaborate securely, confident that only those permitted can access documents, but because it can be easily implemented onto an end user’s own infrastructure they have full control over network access and the servers it is hosted on, further protecting data sovereignty.

“All complex software has problems and, despite our best efforts, there are always more to find,” said Michael Meeks. “Having a supplier who is continuously engaged with the community in identifying, fixing, designing around and keeping their customers safe should be a key part of all enterprises open source procurement.”

Read More

Collabora Online – A Real Alternative

William Gathoye Leave a comment

Managing Change

As humans we’re bad at change; we much prefer what we know and actively protect the status quo. Like it or not, the uncertainty we’ve all experienced over the last two years has forced change upon us. This has challenged organisations to find real alternative solutions to new operational challenges, such as homeworking, and question many of the norms that had previously been ‘set in stone.’

For most organisations, office document functionality underpins their productivity. We’ve all relied on it for years without giving it much thought – it was ‘set in stone.’ Yes, software updates and improvements in functionality have been introduced over the years, but the basic environment has remained familiar, which has helped maintain productivity.

As its name suggests, office document software has been optimised for a traditional office environment. For most organisations pre-pandemic this meant manageable, predictable office buildings in which their staff gathered together to work. The need to enable and support widespread homeworking changed all of this.

What Had Been Relied On No Longer Worked So Well

Practically overnight, many organisations found that the office document software they had relied on for so long was not as suitable when used in a distributed, less-controllable, homeworking environment. In fact, many simply found it too difficult or too expensive to make it work! As a result, many needed to find an affordable solution that was quick and easy to implement, but, importantly, was familiar to their staff.

Commenting, Michael Meeks, General Manager of Collabora Productivity, said:

“Familiarity is so important when it comes to maintaining productivity. Staff in many organisations were already unsettled by their new homeworking reality so the introduction of a new look and feel to learn would have simply added to their uncertainty, and further undermined productivity.”

Collabora Online – A Real Alternative

Unlike many other reduced functionality office document solutions, Collabora Online provides a feature rich and familiar look and feel. Built on the Open Source LibreOffice Technology core, Collabora Online offers a real alternative for organisations experiencing problems with their existing office document solution. In addition to its  familiar look and feel, Collabora Online provides tried and tested collaboration functionality ideally suited to the demands of a homeworking environment.

Tip of the Spear

Migration away from any well-established application is never completely straightforward. After all, we don’t like change. But when faced with specific operational challenges, many organisations are finding that the introduction of Collabora Online is both straightforward and affordable. As such, it can represent the ‘tip of the spear’ for those looking to start or progress a wider migration strategy that enables them to address vendor lock-in, give greater control over data sovereignty as well as to protect data security, within a distributed working environment that looks here to stay.

Michael Meeks concluded:

“Reliance on a small number of dominant vendors is not inevitable! Office document migration is a realistic first step to prove the wider strategy and can help secure some important early wins, such as improved collaboration, better productivity and much greater control over distributed data. This is the best place to start getting your data back under your control.”

Read More