Slashdot Mirror
Microsoft's OOXML Formulas Could Be Dangerous
hill101 writes "According to Rob Weir's blog, Microsoft's 325-page OOXML specification for spreadsheet formulas is deeply flawed. From basic trigonometric functions that forget to specify units, to statistical functions, to critical financial functions — the specification does not contain correct formulas that could possibly be implemented in an interoperable way. Quoting Mr. Weir: 'It has incorrect formulas that, if implemented according to the standard, may cause loss of life, property, and capital... Shame on all those who praised and continue to praise the OOXML formula specification without actually reading it.'"
if implemented according to the standard, may cause loss of life, property, and capital...
Didn't you read your Office EULA?
Microsoft specifically disclaims any damage relating to loss of life, property, or capital.
The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
Pffft....as if this has ever been much concern to software manufacturers before.
Every EULA has boilerplate text denying all responsibility , and you'd be mad to trust any results from software implicitly. Double check it yourself , even if it's just a few corner cases.
You are in a twisty maze of processor lines, all alike.
There is a lot of hype here.
The trouble is that the politicians standardizing on this spec will look only at its length and declare it to be good. Maybe Microsoft made the specification long with that intent in mind.
Shame on all those who praised and continue to praise the OOXML formula specification without actually reading it.
What percentage of those who praise ODF specifications actually read it? Or any other specification? I would imagine it is a small percentage.
I doubt anyone is surprised. How can you possibly fast track a 325 page document, giving the public only a time amount of time to check it, then expect it to be perfect.
Man, I really really get annoyed at Microsoft.
I don't know about you, but I view this as being a very GOOD thing.
Because the format was an "open" standard, the serious flaws present in the format were quickly and correctly identified by third parties outside of Microsoft.
If it had been a trade secret, it could have been bundled into a product, and assumed to be reliable by its users. Instead, it's been exposed for what it is.
If anything, this proves that open formats are a good idea.
-- If you try to fail and succeed, which have you done? - Uli's moose
>>How can you possibly fast track a 325 page document, giving the public only a time amount of time to check it, then expect it to be perfect.
Damned if we know.
Signed,
The US Congress
Now that MS are the only ones who are allowed to change the standard, we must
a) wait until MS change the standard
b) then progress it through the "approvals" procedure
c) find out again if there are any problems (and go back to a)
d) implement these changes
And when it comes to WordSpacingLikeWord95 or whatever, how has this being "open" helped? People have asked what it means and been told nothing useful.
Oh, and doesn't this show that if MS had opened up the standard for perusal BEFORE filing it (like ODF did), wouldn't we have avoided this problem?
ODF will define spreadsheet formulas, in the next version. And come on, the "IBM conspiracy" take from MS is really lame since OOXML is the one with proprietary patented extensions. I'll take any open standards company I can get, personally.
Let MS do exactly what they want, they seem quite successful at it, if it bites them in the butt, so be it. I would just like our own software freedoms to be preserved. I have no intention on producing anything with their format, I'm sure I'll eventually have to read it, but the chances that the receiver of a document is liable for inaccurate content within that document seems very low.
What is the motivation, since I'm sure there must be a good one, to do this free work for MS?
"Thanks for all the money you paid to us. We've used it to buy off ISO among other things" -Microsoft
Parroting the party line is promoting the fact that it has formulas as showing it is superior to ODF when the formula specification is next to useless because it wasn't reviewed properly.
If you read the article it isn't a cople of minor mistakes which can be corrected; it's a number of mistakes which have already made it past a review stage.
The problem is that we are talking about a proposed international standard and you are using the phrase "it's goddamn assumed by anyone...". There should ideally be *no* assumptions in a stadard... it needs to be as clear and accurate as humanly possible. Remember that once a standard is published it is translated into many laguages and possibly implemented in different cultures as mentioned in TFA. What you assume to be obvious may or may not be obvious to others.
> ...in general:
_ 06.asp
l ity-Insurance.html
>
> * We trust all hand tools like wrenches and sockets to be exactly the size on the label
> * We trust all of our doctor's opinions whether or not a second opinion is recommended
> * We trust our math applications to do math properly
> * We trust our spell checkers to check properly
>
> In general, we trust the things we by to work as expected... as advertised.
http://www.oandp.com/edge/issues/articles/2006-08
http://www.brajeshwar.com/finance/insurance/Liabi
These links refer to the concept you're talking about. The second refers to the UK Consumer Protection Act, but the concept is general and fairly well accepted. From the first link:
"...any product that is sold comes with an implied warranty of merchantability and fitness for a particular purpose; and, just by selling a product, a seller is implicitly promising that: (1) the product is merchantable, i.e., fit for the ordinary purposes for which such products are to be used, provided that the seller is in the business of selling products of that kind; and (2) the product is fit for a particular purpose, provided that the seller, at the time of sale, knew the particular purpose for which the product was required, and the buyer relied upon the seller's skill or judgment in selecting a suitable product for that purpose."
This hasn't been successfully applied to software cases like this, but the issue hasn't be ruled out either. But it's hardly a stretch to expect that software such as a spreadsheet comes with an implied warranty that ordinary financial and statistical calculations are properly performed.
Depends what you call mission critical. Excel was used in voting systems in the Scottish and local elections in the UK this year, and Diebold's GEMS system uses Access as a database. High tech indeed.
> From basic trigonometric functions that forget to specify units
Amazing. That's the sort of mistake you'd expect from a First Year Computer Science Major, but not from a Second Year. This isn't the first time Microsoft have done this. Even for the Windows API, the code trumped the documentation. The best way to find out what a feature did was to write test programs to poke at it. Heck. Until recently DirectX needed three pages of goobleydo-gook to start up. These people just don't get APIs, period.
In Microsoft Visual Studio when you press F1 Help it comes up with a list that includes "How to Write Good Code". Yes, by Microsoft. Even in the early hours of the morning, it gets a smirk if not a gufaw or a laugh. Microsoft are not good programmers. Haven't been for a long time. Anyone worth their salt will launch a Start Up, or at least join a company offering reasonable growth and prospects. Microsoft is like a Pyramid Scheme. The people that joined at the start did very well. As for the people that joined late... not a chance. Which makes you wonder about the ones that joined anyway. Read the Book "Microserfs".
> Ecma
Why didn't Ecma pick it up? These Standard Bodies are in-name only. When a "Member" wants to push something through, it gets pushed through. Then the Member's sales reps can go to the Government body and say "Look! We have an Ecma approved Standard" and t he Government worker ticks the "Uses Industry Standards" box on the tender.
One of the funnier "standards" was a simulation standard called HLA. It was approved before anyone had built a proof of concept. People bet their careers on it and the whole government was ordered to embrace it. The only problem: When they finally built it, it didn't work. *OUCH!*
"Shame on all those who praised and continue to praise the OOXML formula specification without actually reading it."
Reminds me of something I once heard a congressman rationalize in reference to a bill he just voted for containing several lame provisions (many with which he did not even agree): "Do you have any idea what reading a bill like that would entail?" I do. It would entail you doing your fucking job.
Research shows that 67% of those who use the term "research shows", are just making shit up.
It got off to a bad start. Technically that may be correct, but in reality, it is very common and practical to express angles in degrees. So, sin(30) = 0.5 and tan(90) = 1. Memorising the values of sin, cos and tan for 0, 30, 45, 60 and 90 degrees is a de-facto requirement to solve trig. problems in high school. Does Microsoft expect students to relearn all these convenient derievd units in radians, and go mad?
A document standard is a practical necessity to express everyday ideas in a readable format. Not to be technically accurate and practically useless. Try typing HCl + NaOH --> NaCl + H2O in Office, and watch yourself breaking the monitor.
If you keep throwing chairs, one day you'll break windows....
Dimensionless or not, in the real world (i.e. not in math class - and you really have to pick one way in math class, too), you have to pick one system of representing it and use that to send to your functions (see sin() as an example).
That Wikipedia page you referred to us using the derived unit of "radians". There are a couple of different ways to represent that number - degrees, radians, grads. Hell, anybody that's ever used a calculator knows you have to use just one of those systems for your particular calculator.
Nice try, but do a little more research before posting and blasting somebody's article with illogical arguments.
Have you ever considered piracy? You'd make a wonderful Dread Pirate Roberts.
Type in =SIN(30 degrees) if you want degrees. I'm sorry, Excel doesn't pander to high school students. In the real world, when the sine of an angle is mentioned, it is SUPPOSED to be radians. Every programming language I know accepts arguments for trig functions as radians.
The article, or at least this part, is FUD.
After all, they did not BUY this from someone else. They came up with it on their own. We all know, Microsoft's best products were purchased from someone else. Excel for example.
45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B2
Other measurement systems use different units for angles, for example degrees.
In short, a thing being dimensionless does not mean no units are used to measure it.
Reduce, reuse, cycle
Absolutely not. A standards specification should stand on its own, or reference other standards. "MS office" is an implementation, not a standard. It can't be used to define a standard any more than the wheelbase of your car can define what a roadway should be.
Further, if ooxml is as "free" as MS would have politicians believe, then referring back to a proprietary product destroys that "freedom". (It's really not free, anyway, but just for the sake of discussion...)
Pavlov wouldn't be so famous if he'd used a can opener instead of a bell.
-Which version of MS Office (including level of Service pack)?
-And who guarantees that the "reference implementation" is still available 5 years from now? (hint: Microsoft tends to discontinue sale of its products after a few years).
C - the footgun of programming languages
Can someone help me? I want to take the sin of a right angle in Excel. Can someone tell me where the pi key on the keyboard is, so I can type in pi/2 radians?
Your ad here. Ask me how!
"Hi everybody!"
"Hi Doctor Nick!"
You need to buy a Greek keyboard for that. If you're doing advanced math, it's a worthy investment.
When other people claim a standard is fully defined, it means that all the standard use cases are defined* - units, expected parameters, optional parameters, etc. In the real world, nobody uses radians. Radians are used by engineers & scientists. Pilots, backyard builders, school children, and the occasional office worker use degrees.
To be honest, nobody cares if OOXML defines SIN(x) to take radians, degrees, gradians, or hyperbian-arc-vectors. What we care about is that someplace in the fully defined standard, OOXML needs to say:
DEFINE: SIN(x[,unit])
- D: Degree - unit of angle defined as 1/360th of a full circle
- R: Radian - defined as the angle at which the length of an arc is the same as the radius of the arc. 1/2Pi of a full circle ~ 57.3 degrees
- G: Gradian - unit of angle defined as 1/400th of a full cicle.
Missing unit parameters are defaulted to Radians. Unknown unit parameters will result in a type error.That's how a proper standard useable for international work in multiple fields is defined. You do not just dump your US help file into the standard & call it done. I have had to deal with a lot of standards, both Military and Industrial, the OOXML standard is well below the grade of the average Mil or Ind standard.
That's before you get to the point of inclusions in the standard like "Must Replicate Office 98 Behaviour for this feature". Now, if there was a reference to another standard that defined Office 98 behaviour, then it's not a problem. However, I don't see a reference included in the OOXML standard. Worse, for dates, OOXML defines the proper behaviour as their broken implimentation of the Gregorian Calendar - a direct conflict to the existing ISO standards.
I don't care who sponsored this standard, it's not a properly writen standard. It has huge holes & it's contradictory to several existing standards. Either one should get it rejected. If MS cleans it up so it meets the actual requirements of a "STANDARD" then they should get approved. If they leave it as the crap heap it is, it should be rejected.
*- if passing sqr(-6) as a unit works in the implimentation, that's not the standards problem. However, if the standard fails to mention the default unit type & the existance of the unit parameter, then there's an issue.