Slashdot Mirror
Microsoft's OOXML Formulas Could Be Dangerous
hill101 writes "According to Rob Weir's blog, Microsoft's 325-page OOXML specification for spreadsheet formulas is deeply flawed. From basic trigonometric functions that forget to specify units, to statistical functions, to critical financial functions — the specification does not contain correct formulas that could possibly be implemented in an interoperable way. Quoting Mr. Weir: 'It has incorrect formulas that, if implemented according to the standard, may cause loss of life, property, and capital... Shame on all those who praised and continue to praise the OOXML formula specification without actually reading it.'"
if implemented according to the standard, may cause loss of life, property, and capital...
Didn't you read your Office EULA?
Microsoft specifically disclaims any damage relating to loss of life, property, or capital.
The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
The trouble is that the politicians standardizing on this spec will look only at its length and declare it to be good. Maybe Microsoft made the specification long with that intent in mind.
I don't know about you, but I view this as being a very GOOD thing.
Because the format was an "open" standard, the serious flaws present in the format were quickly and correctly identified by third parties outside of Microsoft.
If it had been a trade secret, it could have been bundled into a product, and assumed to be reliable by its users. Instead, it's been exposed for what it is.
If anything, this proves that open formats are a good idea.
-- If you try to fail and succeed, which have you done? - Uli's moose
>>How can you possibly fast track a 325 page document, giving the public only a time amount of time to check it, then expect it to be perfect.
Damned if we know.
Signed,
The US Congress
Now that MS are the only ones who are allowed to change the standard, we must
a) wait until MS change the standard
b) then progress it through the "approvals" procedure
c) find out again if there are any problems (and go back to a)
d) implement these changes
And when it comes to WordSpacingLikeWord95 or whatever, how has this being "open" helped? People have asked what it means and been told nothing useful.
Oh, and doesn't this show that if MS had opened up the standard for perusal BEFORE filing it (like ODF did), wouldn't we have avoided this problem?
A user NOT trusting his tools is a very strange thing. If it were some sort of software engineer doubting software tools, that's one thing and it's somewhat expected. But in general:
* We trust all hand tools like wrenches and sockets to be exactly the size on the label
* We trust all of our doctor's opinions whether or not a second opinion is recommended
* We trust our math applications to do math properly
* We trust our spell checkers to check properly
In general, we trust the things we by to work as expected... as advertised. (No, I haven't seen Excel advertised to be accurate, but in a math application, it's implied by its very existence) So to say that you should re-check the results by hand is not just ridiculous, it would never happen.
I remember when the Pentium processor first came out and there was this math error in there somewhere. It was a BIG deal.
But before passing too much judgment on this too quickly, a little verification of the bugs might be helpful and let's mark our calendars to see how fast Microsoft fixes the problem... oh wait, the problem is said to be in the file specification? What does that mean if they update the format specification with regards to their ISO certification?
ODF will define spreadsheet formulas, in the next version. And come on, the "IBM conspiracy" take from MS is really lame since OOXML is the one with proprietary patented extensions. I'll take any open standards company I can get, personally.
> ...in general:
_ 06.asp
l ity-Insurance.html
>
> * We trust all hand tools like wrenches and sockets to be exactly the size on the label
> * We trust all of our doctor's opinions whether or not a second opinion is recommended
> * We trust our math applications to do math properly
> * We trust our spell checkers to check properly
>
> In general, we trust the things we by to work as expected... as advertised.
http://www.oandp.com/edge/issues/articles/2006-08
http://www.brajeshwar.com/finance/insurance/Liabi
These links refer to the concept you're talking about. The second refers to the UK Consumer Protection Act, but the concept is general and fairly well accepted. From the first link:
"...any product that is sold comes with an implied warranty of merchantability and fitness for a particular purpose; and, just by selling a product, a seller is implicitly promising that: (1) the product is merchantable, i.e., fit for the ordinary purposes for which such products are to be used, provided that the seller is in the business of selling products of that kind; and (2) the product is fit for a particular purpose, provided that the seller, at the time of sale, knew the particular purpose for which the product was required, and the buyer relied upon the seller's skill or judgment in selecting a suitable product for that purpose."
This hasn't been successfully applied to software cases like this, but the issue hasn't be ruled out either. But it's hardly a stretch to expect that software such as a spreadsheet comes with an implied warranty that ordinary financial and statistical calculations are properly performed.
Depends what you call mission critical. Excel was used in voting systems in the Scottish and local elections in the UK this year, and Diebold's GEMS system uses Access as a database. High tech indeed.
> From basic trigonometric functions that forget to specify units
Amazing. That's the sort of mistake you'd expect from a First Year Computer Science Major, but not from a Second Year. This isn't the first time Microsoft have done this. Even for the Windows API, the code trumped the documentation. The best way to find out what a feature did was to write test programs to poke at it. Heck. Until recently DirectX needed three pages of goobleydo-gook to start up. These people just don't get APIs, period.
In Microsoft Visual Studio when you press F1 Help it comes up with a list that includes "How to Write Good Code". Yes, by Microsoft. Even in the early hours of the morning, it gets a smirk if not a gufaw or a laugh. Microsoft are not good programmers. Haven't been for a long time. Anyone worth their salt will launch a Start Up, or at least join a company offering reasonable growth and prospects. Microsoft is like a Pyramid Scheme. The people that joined at the start did very well. As for the people that joined late... not a chance. Which makes you wonder about the ones that joined anyway. Read the Book "Microserfs".
> Ecma
Why didn't Ecma pick it up? These Standard Bodies are in-name only. When a "Member" wants to push something through, it gets pushed through. Then the Member's sales reps can go to the Government body and say "Look! We have an Ecma approved Standard" and t he Government worker ticks the "Uses Industry Standards" box on the tender.
One of the funnier "standards" was a simulation standard called HLA. It was approved before anyone had built a proof of concept. People bet their careers on it and the whole government was ordered to embrace it. The only problem: When they finally built it, it didn't work. *OUCH!*
"Shame on all those who praised and continue to praise the OOXML formula specification without actually reading it."
Reminds me of something I once heard a congressman rationalize in reference to a bill he just voted for containing several lame provisions (many with which he did not even agree): "Do you have any idea what reading a bill like that would entail?" I do. It would entail you doing your fucking job.
Research shows that 67% of those who use the term "research shows", are just making shit up.
It got off to a bad start. Technically that may be correct, but in reality, it is very common and practical to express angles in degrees. So, sin(30) = 0.5 and tan(90) = 1. Memorising the values of sin, cos and tan for 0, 30, 45, 60 and 90 degrees is a de-facto requirement to solve trig. problems in high school. Does Microsoft expect students to relearn all these convenient derievd units in radians, and go mad?
A document standard is a practical necessity to express everyday ideas in a readable format. Not to be technically accurate and practically useless. Try typing HCl + NaOH --> NaCl + H2O in Office, and watch yourself breaking the monitor.
If you keep throwing chairs, one day you'll break windows....
Can someone help me? I want to take the sin of a right angle in Excel. Can someone tell me where the pi key on the keyboard is, so I can type in pi/2 radians?
Your ad here. Ask me how!
1: What is the default argument
2: Is the specification consistent across all functions which use this type of value as an argument
A specification which conforms to neither proper or common usage is worse than no specification at all
This is what Rob Weir was saying.
And ye shall know the truth, and the truth shall make you free.
John 8:32(King James Version)
"Hi everybody!"
"Hi Doctor Nick!"
When other people claim a standard is fully defined, it means that all the standard use cases are defined* - units, expected parameters, optional parameters, etc. In the real world, nobody uses radians. Radians are used by engineers & scientists. Pilots, backyard builders, school children, and the occasional office worker use degrees.
To be honest, nobody cares if OOXML defines SIN(x) to take radians, degrees, gradians, or hyperbian-arc-vectors. What we care about is that someplace in the fully defined standard, OOXML needs to say:
DEFINE: SIN(x[,unit])
- D: Degree - unit of angle defined as 1/360th of a full circle
- R: Radian - defined as the angle at which the length of an arc is the same as the radius of the arc. 1/2Pi of a full circle ~ 57.3 degrees
- G: Gradian - unit of angle defined as 1/400th of a full cicle.
Missing unit parameters are defaulted to Radians. Unknown unit parameters will result in a type error.That's how a proper standard useable for international work in multiple fields is defined. You do not just dump your US help file into the standard & call it done. I have had to deal with a lot of standards, both Military and Industrial, the OOXML standard is well below the grade of the average Mil or Ind standard.
That's before you get to the point of inclusions in the standard like "Must Replicate Office 98 Behaviour for this feature". Now, if there was a reference to another standard that defined Office 98 behaviour, then it's not a problem. However, I don't see a reference included in the OOXML standard. Worse, for dates, OOXML defines the proper behaviour as their broken implimentation of the Gregorian Calendar - a direct conflict to the existing ISO standards.
I don't care who sponsored this standard, it's not a properly writen standard. It has huge holes & it's contradictory to several existing standards. Either one should get it rejected. If MS cleans it up so it meets the actual requirements of a "STANDARD" then they should get approved. If they leave it as the crap heap it is, it should be rejected.
*- if passing sqr(-6) as a unit works in the implimentation, that's not the standards problem. However, if the standard fails to mention the default unit type & the existance of the unit parameter, then there's an issue.
The number 360 isn't arbitrary. It stems from mesopotamia and the need to represent numbers as fractions. People needed a number that could be divided by 2, 3, 4, 10, 12, etc easily in one's head yet big enough to provide small fractions.
From wikipedia:
"The number 360 as the number of 'degrees' (i.e. smallest practical sub-arcs) in a circle, and hence the unit of a degree as a sub-arc of 1360 of the circle, was probably adopted because it approximates the number of days in a year. Its use is often said to originate from the methods of the ancient Babylonians. Ancient astronomers noticed that the stars in the sky, which circle the celestial pole every day, seem to advance in that circle by approximately one-360th of a circle, i.e. one degree, each day. Primitive calendars, such as the Persian Calendar used 360 days for a year. Its application to measuring angles in geometry can possibly be traced to Thales who popularized geometry among the Greeks and lived in Anatolia (modern western Turkey) among people who had dealings with Egypt and Babylon.
Another motivation for choosing the number 360 is that it is readily divisible: 360 has 24 divisors (including 1 and 360), including every number from 1 to 10 except 7. For the number of degrees in a circle to be divisible by every number from 1 to 10, there would need to be 2520 degrees in a circle, which is a much less convenient number.
Divisors of 360: 1, 2, 3, 4, 5, 6, 8, 9, 10, 12, 15, 18, 20, 24, 30, 36, 40, 45, 60, 72, 90, 120, 180, 360"
It is by the juice of the coffee bean that thoughts acquire speed, the teeth acquire stains. The stains become a warning