Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft's OOXML Formulas Could Be Dangerous

Posted by kdawson on from the who-approved-this-stuff dept.

hill101 writes "According to Rob Weir's blog, Microsoft's 325-page OOXML specification for spreadsheet formulas is deeply flawed. From basic trigonometric functions that forget to specify units, to statistical functions, to critical financial functions — the specification does not contain correct formulas that could possibly be implemented in an interoperable way. Quoting Mr. Weir: 'It has incorrect formulas that, if implemented according to the standard, may cause loss of life, property, and capital... Shame on all those who praised and continue to praise the OOXML formula specification without actually reading it.'"

15 of 360 comments (clear)

  1. EULA? by Anonymous Coward · · Score: 5, Funny

    if implemented according to the standard, may cause loss of life, property, and capital...

    Didn't you read your Office EULA?

    Microsoft specifically disclaims any damage relating to loss of life, property, or capital.

  2. Please No! by mhannibal · · Score: 1, Funny

    Commenting without reading the background information?! Good god - not on /. Please say it ain't so!!

  3. Impartial reviews by KiloByte · · Score: 5, Funny

    Shame on all those who praised and continue to praise the OOXML formula specification without actually reading it.
    To the contrary, they have all carefully read the checks they received.
    --
    The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
    1. Re:Impartial reviews by VirusEqualsVeryYes · · Score: 5, Funny

      Not to be a grammar Nazi, but

      1. "not" should be capitalized;
      2. "nazi", as a proper noun, should be capitalized;
      3. "words" should be singular, as you are referring to one single word, "check";
      4. "im" should be capitalized and spelled with an apostrophe;
      5. there should be a period after "mistake"; and
      6. "cheque" is, if not only the British spelling, interchangeable with "check" -- in an international forum such as the Internet, both are acceptable.

      Please surrender your club card at the next meeting. Have a nice day.

  4. Re:Confused? by Goffee71 · · Score: 2, Funny

    Microsoft to prostitution in ten posts, is that a record?

    --
    If he's the Walrus then can I be a penguin please?
  5. Congress as role-model? by JonTurner · · Score: 5, Funny

    >>How can you possibly fast track a 325 page document, giving the public only a time amount of time to check it, then expect it to be perfect.

    Damned if we know.
    Signed,
    The US Congress

  6. Deeply Flawed Spreadsheet Formulas? by phalse+phace · · Score: 2, Funny

    Billg: "That's the dumbest fucking idea I've heard since I've been at Microsoft."

  7. Re:So? by spottedkangaroo · · Score: 2, Funny

    Every EULA has boilerplate text denying all responsibility

    I can't believe this is still happening... Imagine, for example, that your kitchen range or your kitchen table or your window AC unit came with such a document?

    --
    Imagine if you weren't allowed to use roads because a bus company complained about your driving 3 times. --skunkpussy
  8. Re:Let's not get ahead of ourselves... by CmdrGravy · · Score: 2, Funny

    A simple spreadsheet error in the zoo transportation department commands them to mail a large crocodile to a balcony at the top of a large block of flats. A party of innocent children are walking down the road under the balcony and are all hit and killed by a large falling crocodile.

    The Israeli kidnap and asassination department are looking through their targets spreadsheet where a simple spreadsheet error has flagged your address at the top of their list. Next day you are kidnapped, tortured and killed.

    A simple spreadsheet error in the town planning department lead them to construct an large and elaborate new drain system underneath your house down which your house, your wife and all your belongings are sucked never to be seen again.

  9. Re:Ok, but... by Actually,+I+do+RTFA · · Score: 4, Funny

    Can someone help me? I want to take the sin of a right angle in Excel. Can someone tell me where the pi key on the keyboard is, so I can type in pi/2 radians?

    --
    Your ad here. Ask me how!
  10. now arriving at Dallas-Fort Worth... by rubberglove · · Score: 4, Funny

    Think doctors and malpractice lawsuits. Texas just put a cap on malpractice lawsuit awards and doctors are flooding there, sure to drive health care costs down.
    "Hi everybody!"
    "Hi Doctor Nick!"
  11. Re:Ok, but... by M.+Baranczak · · Score: 3, Funny

    You need to buy a Greek keyboard for that. If you're doing advanced math, it's a worthy investment.

  12. Re:Someone else failed the math class by Lord+Ender · · Score: 2, Funny

    If you must quote Wikipedia, please read it first.
    He did, but I changed it after he posted but before you posted.
    --
    A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.
  13. Re:Huh degrees by janrinok · · Score: 2, Funny

    Are there only 360 days in your year? Don't you find that calendars are difficult to buy?

    --
    Have a look at soylentnews.org for a different view
  14. Re:Guess what? by mgv · · Score: 2, Funny

    Type in =SIN(30 degrees) if you want degrees. I'm sorry, Excel doesn't pander to high school students. In the real world, when the sine of an angle is mentioned, it is SUPPOSED to be radians. Every programming language I know accepts arguments for trig functions as radians.


    But the difference with the microsoft OOXML is that the units are sensed automagically as part of the result computations. The use of radians rather than degrees is specified by a combination of having administrator privileges, the instillation of visual studio, and a low user id on slashdot. In the absence of these features, the units are assumed to be specified in degrees.

    Michael
    --
    There is no cryptographic solution to the problem where the intended receiver and the attacker are the same entity.