Onlyoffice uses chromium embedded framework. Upon learning about this, I immediately visited their github and guess what, they use a several years old version. Their V8 is from early 2021.
Still not certain how greatly does this impact it, security wise though.
This is extremely common with anything that uses CEF or Electron.
iirc Steam is often 10+ major CEF versions behind and they even explicitly disable the sandbox too.
3 Likes
*laughs in libreoffice
1 Like
Yeah, this is the point of this post. When I asked a group of people about the most secure option between libreoffice and onlyoffice, the answer was onlyoffice because it’s maintained by a corp, but reality is different
2 Likes
From my understanding, LibreOffice has a security benefit because it does not use a web-based component like CEF/V8, and so it doesn’t contain web-related threats such as drive-by attacks. But that does not mean it is “safer” as it’s still vulnerable to bad/corrupt documents or old libraries, and its huge codebase likely could have latent bugs. OnlyOffice’s older CEF/V8 is probably more vulnerable since unpatched exploits are well-known four years after the fact.
1 Like
I don’t think this is true. But when you run into compatibility issues and steamwebhelper fails to launch, they give you the option to disable browser sandboxing.
@asanyan
hm, just checked, it seems regular steam does default it on now, but the flatpak version still default disables it
I did also check the version used and it appears to be based on Chromium 126, which is currently 9 major versions behind.
edit: it directly matches the version published in their November changelog, it was already 4+ months outdated when they first shipped it: Steam News - Steam Client Update, November 5th - Steam News
2 Likes
Steam’s only official package is the .deb on their site. The community may or may not maintain the flatpak propperly.
why use only/libre/collobara office, when you can just use:
Even if they activate the Electron sandbox, they will have to take care of IPC, which can make the sandbox useless. According to Justin Schuh, that’s a big problem with Electron apps.
It seems SoftMaker is closed source subscription software.
Libre & OnlyOffice are FOSS.
1 Like
i personally sometimes don’t get this obsession with FOSS.
good software is good software, if they are respecting your privacy, FLOSS doesn:'t imply privacy nor security.
1 Like
It’s still possible to buy perpetual license, but it’s hidden, and there’s only Professional version left. And it looks like they might go subscription-only in future
Download SoftMaker Office 2024
I have bought Standard 2021 on discount some time ago, just to have it as alternative. It’s ok office suite, but I still ended up using LibreOffice and OnlyOffice more. And now I don’t even have upgrade option (I don’t care about Professional only features).
the main feature for me is the version control, so I csn just backup to cryptomator or something and have all the log/history of my edits.
some people value their freedom
I personally love being able to see something wrong or that I don’t like or that I’m curious about and being able to git clone and grep to exactly it within minutes and change it as I desire. can’t do that with proprietary software
9 Likes
When you purchase a house, do you not desire to make any & all modifications to it, regardless of whether it requires professional help or not? For instance, raise a compound wall or put blinders up for your privacy? Even when stuff’s ready-made to your preferences (at a rented place), is there any guarantee the landlord won’t turn to invasive measures at a later date, with or without your knowledge/consent? If you protest, will it be effective? If not, wouldn’t you be forced to move to a better place?
What’s the equivalent for it in the digital world?
3 Likes
About LibreOffice’s areas for improvement, this is really obvious (and may make me sound like a broken record), but it’s also written in C++.
libreoffice draw is the greatest software for pdf editing ngl. but evrrything else in the suite is meh.