"[O]n Nov. 26 it was publicly revealed that a widely deployed open-source Node.js programming language module known as event-stream had been injected with malicious code that looked to steal cryptocurrency wallets," reports eWeek, adding "The event-stream library has over two million downloads."

An anonymous reader quotes Ars Technica: The backdoor came to light [November 20th] with this report from Github user Ayrton Sparling. Officials with the NPM, the open source project manager that hosted event-stream, didn't issue an advisory until six days later.... "This compromise was not targeting module developers in general or really even developers," an NPM official told Ars in an email. "It targeted a select few developers at a company, Copay, that had a very specific development environment set up. Even then, the payload itself didn't run on those developers' computers; rather, it would be packaged into a consumer-facing app when the developers built a release. The goal was to steal Bitcoin from this application's end users...."

According to the Github discussion that exposed the backdoor, the longtime event-stream developer no longer had time to provide updates. So several months ago, he accepted the help of an unknown developer. The new developer took care to keep the backdoor from being discovered. Besides being gradually implemented in stages, it also narrowly targeted only the Copay wallet app. The malicious code was also hard to spot because the flatmap-stream module was encrypted. The attack is the latest to exploit weaknesses in a widely used supply chain to target downstream end users... The supply-chain attacks show one of the weaknesses of open source code. Because of its openness and the lack of funds of many of its hobbyist developers and users, open source code can be subject to malicious modifications that often escape notice.
"The time has come," concludes Ars Technica, "for maintainers and users of open source software to devise new measures to better police the millions of packages being used all around us." Sophos' security blog also asks why so many developers "immediately and blindly trusted the new maintainer," and shared a concerned comment from developer named Chris Northwood.

"Nothing's stopping this happening again, and it's terrifying."

"2019 just might be the Year of Linux -- the year in which Linux is fully recognized as the powerhouse it has become," writes Network World's "Unix dweeb." The fact is that most people today are using Linux without ever knowing it -- whether on their phones, online when using Google, Facebook, Twitter, GPS devices, and maybe even in their cars, or when using cloud storage for personal or business use. While the presence of Linux on all of these systems may go largely unnoticed by consumers, the role that Linux plays in this market is a sign of how critical it has become. Most IoT and embedded devices -- those small, limited functionality devices that require good security and a small footprint and fill so many niches in our technology-driven lives -- run some variety of Linux, and this isn't likely to change. Instead, we'll just be seeing more devices and a continued reliance on open source to drive them.

According to the Cloud Industry Forum, for the first time, businesses are spending more on cloud than on internal infrastructure. The cloud is taking over the role that data centers used to play, and it's largely Linux that's making the transition so advantageous. Even on Microsoft's Azure, the most popular operating system is Linux. In its first Voice of the Enterprise survey, 451 Research predicted that 60 percent of nearly 1,000 IT leaders surveyed plan to run the majority of their IT off premises by 2019. That equates to a lot of IT efforts relying on Linux. Gartner states that 80 percent of internally developed software is now either cloud-enabled or cloud-native.
The article also cites Linux's use in AI, data lakes, and in the Sierra supercomputer that monitors America's nuclear stockpile, concluding that "In its domination of IoT, cloud technology, supercomputing and AI, Linux is heading into 2019 with a lot of momentum."

And there's even a long list of upcoming Linux conferences...

"The Linux Foundation and RISC-V Foundation announced yesterday a joint collaboration project to promote open source development and commercial adoption of the RISC-V instruction set architecture (ISA)," reports TechRepublic: Though some devices that integrate RISC-V will use real-time operating systems rather than Linux, the use of Linux in development will be instrumental as existing tools are being extended to support the RISC-V ISA when developing software on traditional computers. "This joint collaboration with the Linux Foundation will enable the RISC-V Foundation to offer more robust support and educational tools for the active RISC-V community, and enable operating systems, hardware implementations and development tools to scale faster," said Rick O'Connor, executive director of the RISC-V Foundation, in a press release.

In many ways, RISC-V is a hardware equivalent to the open source principles that guide the Linux project, as the ISA is open source, is not subject to patent encumbrances, and is available under the BSD license. [L]icensing fees for Arm or MIPS ISAs -- both of which are fundamentally RISC in principle -- can be avoided by using RISC-V.... As alternatives like Alpha, SuperH, MIPS, and even Intel's own Itanium processors have fallen by the wayside, organizations using those ISAs in their products have had difficult adjustment periods transitioning away, while patent encumbrances largely prevent third parties from continuing development or providing drop-in replacements for those technologies. RISC-V's open nature prevents these issues, as it is possible for any organization to extend or customize their own implementation, and any organization can produce their own RISC-V processors.
Manufacturers like how RISC-V CPUs aren't restricted to a single manufacturer, according to the article, which points out that NVIDIA and Western Digital have both announced plans to use RISC-V in some upcoming products.

RISC-V is also "gaining popularity in Internet of Things, low-power, and embedded applications," and Western Digital even plans to ultimately transition its annual consumption of processors -- one billion cores per yer -- to RISC-V.

An anonymous reader writes: Alphabet's cybersecurity division Jigsaw has designed a new open source private VPN aimed at journalists and the people sending them data. "Their work makes them more vulnerable to attack," said Santiago Andrigo, Jigsaw's product manager. "It can get really scary when they're outed and you're passing over information."

Unscrupulous VPN providers can steal your identity, peek in on your data, inject their own ads on non-secure pages, or analyze your browsing habits and sell that information to advertisers, says one Jigsaw official. And you can't know for sure whether you can trust them, no matter what they say in the app store. "Journalists should be aware that their online activities might be subject to surveillance either by government agencies, their internet service providers or a hacker with malicious intent," said Laura Tich, technical evangelist for Code for Africa, a resource for African journalists. "As surveillance becomes ubiquitous in today's world, journalists face an increasing challenge in establishing secure communication in the digital space."

The new private VPN, dubbed "Outline", is specifically designed to be resistant to censorship — because it's harder to detect as a VPN (and therefore is less likely to be blocked). Outline uses an encrypted socks5 proxy that looks like normal internet traffic. Once the user chooses a server location, Outline spins up a DigitalOcean server on Ubuntu, installs Docker, and imports an image of the actual server.

It's been named Outline because in places where internet use may be restricted — it gives you a line out.

There's no question that the concept of open-source software has revolutionized the enterprise software world, which spent billions of dollars fighting the mere idea for several years before accepting that a new future had arrived. But more than a few people are starting to wonder if the very nature of open-source software -- the idea that it can be used by pretty much anyone for pretty much anything -- is causing its developers big problems in the era of distributed cloud computing services. From a report: Two prominent open-source software companies have made the decision to alter the licenses under which some of their software is distributed, with the expressed intent of making it harder -- or impossible -- for cloud computing providers to offer a service based around that software.

Two companies do not a make a movement. But as the cloud world packs its bags for Las Vegas and Amazon Web Services' re:Invent 2018 conference next week, underscoring that company's ability to set the agenda for the upcoming year, the intersection between open-source projects and cloud computing services is on many people's minds. "The way that I would think of it, the role that open source plays in creating commercial opportunities has changed," said Abby Kearns, executive director of the open-source Cloud Foundry Foundation. "We're going to see a lot more of this conversation happening than less. I would put it in a very blunt way: for many years we were suckers, and let them take what we developed and make tons of money on this."

Redis Labs CEO Ofer Bengal doesn't mince words. His company, known for its open-source in-memory database (used by American Express, Home Depot, and Dreamworks among others), has been around for eight years, an eternity in the fast-changing world of modern enterprise software. [...] "Ninety-nine percent of the contributions to Redis were made by Redis Labs," Bengal said. There's a longstanding myth in the open-source world that projects are driven by a community of contributors, but in reality, paid developers contribute the bulk of the code in most modern open-source projects, as Puppet founder Luke Kanies explained in our story earlier this year.

At the OpenStack Summit in Berlin last week, Ubuntu Linux founder Mark Shuttleworth said in a keynote that Ubuntu 18.04 Long Term Support (LTS) support lifespan would be extended from five years to 10 years. "I'm delighted to announce that Ubuntu 18.04 will be supported for a full 10 years," said Shuttleworth, "In part because of the very long time horizons in some of industries like financial services and telecommunications but also from IoT where manufacturing lines for example are being deployed that will be in production for at least a decade." ZDNet reports: Ubuntu 18.04 released in April 2018. While the Ubuntu desktop gets most of the ink, most of Canonical's dollars comes from server and cloud customers. It's for these corporate users Canonical first extended Ubuntu 12.04 security support, then Ubuntu 14.04's support, and now, preemptively, Ubuntu 18.04. In an interview after the keynote, Shuttleworth said Ubuntu 16.04, which is scheduled to reach its end of life in April 2021, will also be given a longer support life span.

When it comes to OpenStack, Shuttleworth promised again to support versions of OpenStack dating back to 2014's IceHouse. Shuttleworth said, "What matters isn't day two, what matters is day 1,500." He also doubled-down on Canonical's promise to easily enable OpenStack customers to migrate from one version of OpenStack to another. Generally speaking, upgrading from one version of OpenStack is like a root canal: Long and painful but necessary. With Canonical OpenStack, you can step up all the way from the oldest supported version to the newest one with no more than a second of downtime.

At the 2018 Uber Open Summit, Uber announced it was joining the Linux Foundation as a Gold Member, making a firm commitment to using and contributing to open source tools. TechCrunch reports: Uber CTO Thuan Pham sees the Linux Foundation as a place for companies like his to nurture and develop open source projects. "Open source technology is the backbone of many of Uber's core services and as we continue to mature, these solutions will become ever more important," he said in a blog post announcing the partnership. "Uber has made significant investments in shared software development and community collaboration through open source over the years, including contributing the popular open source project Jaeger, a distributed tracing system, to the Linux Foundation's Cloud Native Computing Foundation in 2017," an Uber spokesperson told TechCrunch. As the report mentions, it took the ride-hailing service a long time for them to join the Linux Foundation. "Uber has been long known for making use of open source in its core tools working on over 320 open source projects and repositories from 1500 contributors involving over 70,000 commits, according to data provided by the company," reports TechCrunch.

"We recently published a number of updates to our licensing materials," the Free Software Foundation announced Thursday, adding that "While we generally post individual announcements for these types of important changes, there were so many in such a short span that we needed to combine them all in one place." We added the Commons Clause to our list of nonfree licenses. Not a stand-alone license in and of itself, it is meant to be added to an existing free license to prevent using the work commercially, rendering the work nonfree. It's particularly nasty given that the name, and the fact that it is attached to pre-existing free licenses, may make it seem as if the work is still free software.

If a previously existing project that was under a free license adds the Commons Clause, users should work to fork that program and continue using it under the free license. If it isn't worth forking, users should simply avoid the package. We are glad to see that in the case of Redis modules using the Commons Clause, people are stepping up to maintain free versions.
There's also a new addition to their GNU Licenses FAQ which explains what the GNU GPL says about translating code into another programming language. ("If the original program carries a free license, that license gives permission to translate it. How you can use and license the translated program is determined by that license. If the original program is licensed under certain versions of the GNU GPL, the translated program must be covered by the same versions of the GNU GPL...") And they've also clarified how to handle projects that combine code under multiple compatible licenses.

The FSF has also updated a document commenting on various licenses, clarifying that the Fraunhofer FDK AAC free software license "is incompatible with any version of the GNU GPL. It has a special danger in the form of a term expressly stating it does not grant you any patent licenses, with an enticement to buy some.

"Because of this, and because the license author is a known patent aggressor, we encourage you to be careful about using or redistributing any software under this license..."

TechCrunch is reporting that GraphQL, the Facebook-incubated data query language, is moving into its own open-source foundation. "Like so many other similar open-source foundations, the aptly named GraphQL Foundation will be hosted by the Linux Foundation." From the report: Facebook announced GraphQL back in 2012 and open sourced it in 2015. Today, it's being used by companies that range from Airbnb to Audi, GitHub, Netflix, Shopify, Twitter and The New York Times . At Facebook itself, the GraphQL API powers billions of API calls every day. At its core, GraphQL is basically a language for querying databases from client-side applications and a set of specifications for how the API on the backend should present this data to the client. It presents an alternative to REST-based APIs and promises to offer developers more flexibility and the ability to write faster and more secure applications. Virtually every major programming language now supports it through a variety of libraries.

"GraphQL has redefined how developers work with APIs and client-server interactions. We look forward to working with the GraphQL community to become an independent foundation, draft their governance and continue to foster the growth and adoption of GraphQL," said Chris Aniszczyk, vice president of Developer Relations at the Linux Foundation. As Aniszczyk noted, the new foundation will have an open governance model, similar to that of other Linux Foundation projects. The exact details are still a work in progress, though. The list of founding members is also still in flux, but for now, it includes Airbnb, Apollo, Coursera, Elementl, Facebook, GitHub, Hasura, Prisma, Shopify and Twitter.

Linus Torvalds "has shown already for the new Linux 4.20~5.0 cycle he isn't relaxing his standards but is communicating better when it comes to bringing up coding," reports Phoronix, adding "So far it looks like Linus' brief retreat is paying off with still addressing code quality issues -- and not blatantly accepting new code into the kernel as some feared -- but in doing so in a professional manner compared to his past manner of exclaiming himself over capitalized sentences and profanity that at time put him at odds with some in the Linux kernel community."

AmiMoJo quotes their report: Last Saturday he took issue with the HID pull request and its introduction of the BigBen game controller driver that was introduced: the developer enabled this new driver by default. Linus Torvalds has always frowned upon random new drivers being enabled by default in the kernel configuration driver. [H]e still voiced his opinion over this driver's default "Y" build configuration, but did so in a more professional manner than he has done in the past:

We do *not* enable new random drivers by default. And we most *definitely* don't do it when they are odd-ball ones that most people have never heard of.

Yet the new "BigBen Interactive" driver that was added this merge window did exactly that.

Just don't do it.

Yes, yes, every developer always thinks that _their_ driver is so special and so magically important that it should be enabled by default. But no. When we have thousands of drivers, we don't randomly pick one new driver to be enabled by default just because some developer thinks it is special. It's not.... Please don't do things like this.
Phoronix also describes another "kernel oops" testing Torvalds' patience, in which Linus responded tactfully that "What makes me *very* unhappy about this is that if I'm right, I think it means that code was literally not tested at all by anybody who didn't have one of the entries in that list."

Donald Fischer, who served as a product manager for Red Hat Enterprise Linux during its creation and early years of growth, writes: Red Hat saw, earlier than most, that the ascendance of open source made the need to pay for code go away, but the need for support and maintenance grew larger than ever. Thus Red Hat was never in the business of selling software, rather it was in the business of addressing the practical challenges that have always come along for the ride with software. [...] As an open source developer, you created that software. You can keep your package secure, legally documented, and maintained; who could possibly do it better? So why does Red Hat make the fat profits, and not you? Unfortunately, doing business with large companies requires a lot of bureaucratic toil. That's doubly true for organizations that require security, legal, and operational standards for every product they bring in the door. Working with these organizations requires a sales and marketing team, a customer support organization, a finance back-office, and lots of other "business stuff" in addition to technology. Red Hat has had that stuff, but you haven't.

And just like you don't have time to sell to large companies, they don't have time to buy from you alongside a thousand other open source creators, one at a time. Sure, big companies know how to install and use your software. (And good news! They already do.) But they can't afford to put each of 1100 npm packages through a procurement process that costs $20k per iteration. Red Hat solved this problem for one corner of open source by collecting 2,000+ open source projects together, adding assurances on top, and selling it as one subscription product. That worked for them, to the tune of billions. But did you get paid for your contributions?

ekimd writes: Fedora 29 is released today. Among the new features are the ability to allow parallel installation of packages such as Node.js. Fedora 29 also supports ZRAM (formerly called compcache) for ARMv7 and v8. In addition to the more efficient use of RAM, it also increases the lifespan of microSD cards on the Raspberry Pi as well as other SBCs.

"Additionally, UEFI for ARMv7 is now supported in Fedora 29, which also benefits Raspberry Pi users," reports TechRepublic. "Fedora already supported UEFI on 64-bit ARM devices."

Jeffrey M. Perkel, writing for Nature: Perched atop the Cerro Pachon ridge in the Chilean Andes is a building site that will eventually become the Large Synoptic Survey Telescope (LSST). When it comes online in 2022, the telescope will generate terabytes of data each night as it surveys the southern skies automatically. And to crunch those data, astronomers will use a familiar and increasingly popular tool: the Jupyter notebook. Jupyter is a free, open-source, interactive web tool known as a computational notebook, which researchers can use to combine software code, computational output, explanatory text and multimedia resources in a single document. Computational notebooks have been around for decades, but Jupyter in particular has exploded in popularity over the past couple of years. This rapid uptake has been aided by an enthusiastic community of user-developers and a redesigned architecture that allows the notebook to speak dozens of programming languages -- a fact reflected in its name, which was inspired, according to co-founder Fernando Perez, by the programming languages Julia (Ju), Python (Py) and R.

[...] For data scientists, Jupyter has emerged as a de facto standard, says Lorena Barba, a mechanical and aeronautical engineer at George Washington University in Washington DC. Mario Juric, an astronomer at the University of Washington in Seattle who coordinates the LSST's data-management team, says: "I've never seen any migration this fast. It's just amazing." Computational notebooks are essentially laboratory notebooks for scientific computing. Instead of pasting, say, DNA gels alongside lab protocols, researchers embed code, data and text to document their computational methods. The result, says Jupyter co-creator Brian Granger at California Polytechnic State University in San Luis Obispo, is a "computational narrative" -- a document that allows researchers to supplement their code and data with analysis, hypotheses and conjecture. For data scientists, that format can drive exploration.

At a time when several companies have grown new interest in open sourcing part of their offerings, Samsung appears to be going the other way. The company has shut down the Samsung Open-Source Group (Samsung OSG), according to a report. Phoronix, which reported the development, offers some background: Samsung's Open-Source Group had been structured within Samsung Research America. Samsung OSG was formed back in 2012 and has employed dozens of developers over the past number of years. Samsung OSG was akin to Intel OTC (Open-Source Technology Center) albeit with not nearly as many developers nor as many original open-source projects brought up by the Intel software crew. The Samsung OSG stated purpose has been to "enhance key open source projects through upstream contributions and active involvement with open source foundations." Samsung OSG has contributed very heavily to the development of Wayland as well as some X.Org components, Cairo, Enlightenment EFL, the LLVM Clang compiler, GStreamer, FFmpeg, the Linux kernel, and other related code-bases that helped benefit Samsung's open-source/Linux needs across their wide portfolio of products from smart watches to refrigerators.

International Business Machines (IBM) is acquiring software maker Red Hat in a deal valued at $34 billion, the companies said Sunday. From a report: The purchase, announced on Sunday afternoon, is the latest competitive step among large business software companies to gain an edge in the fast-growing market for Internet-style cloud computing. In June, Microsoft acquired GitHub, a major code-sharing platform for software developers, for $7.5 billion. IBM said its acquisition of Red Hat was a move to open up software development on computer clouds, in which software developers write applications that run on remote data centers. From a press release: This acquisition brings together the best-in-class hybrid cloud providers and will enable companies to securely move all business applications to the cloud. Companies today are already using multiple clouds. However, research shows that 80 percent of business workloads have yet to move to the cloud, held back by the proprietary nature of today's cloud market. This prevents portability of data and applications across multiple clouds, data security in a multi-cloud environment and consistent cloud management.

IBM and Red Hat will be strongly positioned to address this issue and accelerate hybrid multi-cloud adoption. Together, they will help clients create cloud-native business applications faster, drive greater portability and security of data and applications across multiple public and private clouds, all with consistent cloud management. In doing so, they will draw on their shared leadership in key technologies, such as Linux, containers, Kubernetes, multi-cloud management, and cloud management and automation. IBM's and Red Hat's partnership has spanned 20 years, with IBM serving as an early supporter of Linux, collaborating with Red Hat to help develop and grow enterprise-grade Linux and more recently to bring enterprise Kubernetes and hybrid cloud solutions to customers. These innovations have become core technologies within IBM's $19 billion hybrid cloud business. Between them, IBM and Red Hat have contributed more to the open source community than any other organization.

The Register reports that a new security bug in systemd "can be exploited over the network to, at best, potentially crash a vulnerable Linux machine, or, at worst, execute malicious code on the box" by a malicious host on the same network segment as the victim. According to one Red Hat security engineer, "An attacker could exploit this via malicious DHCP server to corrupt heap memory on client machines, resulting in a denial of service or potential code execution." According to the bug description, systemd-networkd "contains a DHCPv6 client which is written from scratch and can be spawned automatically on managed interfaces when IPv6 router advertisements are received."

OneHundredAndTen shared this article from the Register: In addition to Ubuntu and Red Hat Enterprise Linux, systemd has been adopted as a service manager for Debian, Fedora, CoreOS, Mint, and SUSE Linux Enterprise Server. We're told RHEL 7, at least, does not use the vulnerable component by default.

Systemd creator Leonard Poettering has already published a security fix for the vulnerable component -- this should be weaving its way into distros as we type. If you run a systemd-based Linux system, and rely on systemd-networkd, update your operating system as soon as you can to pick up the fix when available and as necessary.

PolygamousRanchKid shares a report from 9to5Mac: At the Jamf Nation User Conference, IBM has announced that it is open sourcing its Mac@IBM provisioning code. The code being open-sourced offers IT departments the ability to gather additional information about their employees during macOS setup and allows employees to customize their enrollment by selecting apps or bundles of apps to install.

Back in 2015, IBM discussed how it went from zero to 30,000 Macs in six months. In 2016, IBM said Apple products were cheaper to manage when you looked at the entire life cycle: "IBM is saving a minimum of $265 (up to $535 depending on model) per Mac compared to a PC, over a 4-year lifespan. While the upfront workstation investment is lower for PCs, the residual value for Mac is higher The program's success has improved IBM's ability to attract and retain top talent -- a key advantage in today's competitive market."

At Open Source Summit Europe in Edinburgh, Scotland, Linus Torvalds is meeting with Linux's top 40 or so developers at the Maintainers' Summit. This is his first step back in taking over Linux's reins. From a report: A little over a month ago, Torvalds stepped back from running the Linux development community. In a note to the Linux Kernel Mailing List (LKML), Torvalds said, "I need to change some of my behavior, and I want to apologize to the people that my personal behavior hurt and possibly drove away from kernel development entirely. I am going to take time off and get some assistance on how to understand people's emotions and respond appropriately." That time is over. Torvalds is back.

Whether he'll be a kinder and gentler Torvalds remains to be seen. In the Linux 4.19 announcement, Greg Kroah-Hartman, Linux's temporary leader and maintainer of the stable branch, wrote: "Linus, I'm handing the kernel tree back to you. You can have the joy of dealing with the merge window :)"

MongoDB is taking action against cloud giants who are taking its open-source code and offering a hosted commercial version of its database to their users without playing by the open-source rules. The company announced today that it has issued a new software license, the Server Side Public License (SSPL), "that will apply to all new releases of its MongoDB Community Server, as well as all patch fixes for prior versions," reports TechCrunch. From the report: For virtually all regular users who are currently using the community server, nothing changes because the changes to the license don't apply to them. Instead, this is about what MongoDB sees as the misuse of the AGPLv3 license. "MongoDB was previously licensed under the GNU AGPLv3, which meant companies who wanted to run MongoDB as a publicly available service had to open source their software or obtain a commercial license from MongoDB," the company explains. "However, MongoDB's popularity has led some organizations to test the boundaries of the GNU AGPLv3."

So while the SSPL isn't all that different from the GNU GPLv3, with all the usual freedoms to use, modify and redistribute the code (and virtually the same language), the SSPL explicitly states that anybody who wants to offer MongoDB as a service -- or really any other software that uses this license -- needs to either get a commercial license or open source the service to give back the community. "The market is increasingly consuming software as a service, creating an incredible opportunity to foster a new wave of great open source server-side software. Unfortunately, once an open source project becomes interesting, it is too easy for cloud vendors who have not developed the software to capture all of the value but contribute nothing back to the community," said Eliot Horowitz, the CTO and co-founder of MongoDB, in a statement. "We have greatly contributed to -- and benefited from -- open source and we are in a unique position to lead on an issue impacting many organizations. We hope this will help inspire more projects and protect open source innovation."

British IT news outlet The Register looks at the myriad of challenges Apache OpenOffice faces today. From the report: Last year Brett Porter, then chairman of the Apache Software Foundation, contemplated whether a proposed official blog post on the state of Apache OpenOffice (AOO) might discourage people from downloading the software due to lack of activity in the project. No such post from the software's developers surfaced. The languid pace of development at AOO, though, has been an issue since 2011 after Oracle (then patron of the project) got into a fork-fight with The Document Foundation, which created LibreOffice from the OpenOffice codebase, and asked developers backing the split to resign.

Back in 2015, Red Hat developer Christian Schaller called OpenOffice "all but dead." Assertions to that effect have continued since, alongside claims to the contrary. Almost a year ago, Jim Jagielski, a member of the Apache OpenOffice Project Management Committee, insisted things were going well and claimed there was renewed interest in the project. For all the concern about AOO, no issues have been raised recently before the Apache Foundation board to suggest ongoing difficulties. The project is due to provide an update this month, according to a spokesperson for the foundation.