Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft's OOXML Formulas Could Be Dangerous

Posted by kdawson on from the who-approved-this-stuff dept.

hill101 writes "According to Rob Weir's blog, Microsoft's 325-page OOXML specification for spreadsheet formulas is deeply flawed. From basic trigonometric functions that forget to specify units, to statistical functions, to critical financial functions — the specification does not contain correct formulas that could possibly be implemented in an interoperable way. Quoting Mr. Weir: 'It has incorrect formulas that, if implemented according to the standard, may cause loss of life, property, and capital... Shame on all those who praised and continue to praise the OOXML formula specification without actually reading it.'"

10 of 360 comments (clear)

  1. EULA? by Anonymous Coward · · Score: 5, Funny

    if implemented according to the standard, may cause loss of life, property, and capital...

    Didn't you read your Office EULA?

    Microsoft specifically disclaims any damage relating to loss of life, property, or capital.

  2. Impartial reviews by KiloByte · · Score: 5, Funny

    Shame on all those who praised and continue to praise the OOXML formula specification without actually reading it.
    To the contrary, they have all carefully read the checks they received.
    --
    The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
    1. Re:Impartial reviews by VirusEqualsVeryYes · · Score: 5, Funny

      Not to be a grammar Nazi, but

      1. "not" should be capitalized;
      2. "nazi", as a proper noun, should be capitalized;
      3. "words" should be singular, as you are referring to one single word, "check";
      4. "im" should be capitalized and spelled with an apostrophe;
      5. there should be a period after "mistake"; and
      6. "cheque" is, if not only the British spelling, interchangeable with "check" -- in an international forum such as the Internet, both are acceptable.

      Please surrender your club card at the next meeting. Have a nice day.

  3. Proof that open formats are a good idea? by moosesocks · · Score: 5, Interesting

    I don't know about you, but I view this as being a very GOOD thing.

    Because the format was an "open" standard, the serious flaws present in the format were quickly and correctly identified by third parties outside of Microsoft.

    If it had been a trade secret, it could have been bundled into a product, and assumed to be reliable by its users. Instead, it's been exposed for what it is.

    If anything, this proves that open formats are a good idea.

    --
    -- If you try to fail and succeed, which have you done? - Uli's moose
  4. Congress as role-model? by JonTurner · · Score: 5, Funny

    >>How can you possibly fast track a 325 page document, giving the public only a time amount of time to check it, then expect it to be perfect.

    Damned if we know.
    Signed,
    The US Congress

  5. Re:Yeah, I'm sure this guy is objective by january05 · · Score: 5, Insightful

    ODF will define spreadsheet formulas, in the next version. And come on, the "IBM conspiracy" take from MS is really lame since OOXML is the one with proprietary patented extensions. I'll take any open standards company I can get, personally.

  6. Implied warranty - fit for the purpose by QuestorTapes · · Score: 5, Interesting

    > ...in general:
    >
    > * We trust all hand tools like wrenches and sockets to be exactly the size on the label
    > * We trust all of our doctor's opinions whether or not a second opinion is recommended
    > * We trust our math applications to do math properly
    > * We trust our spell checkers to check properly
    >
    > In general, we trust the things we by to work as expected... as advertised.

    http://www.oandp.com/edge/issues/articles/2006-08_ 06.asp

    http://www.brajeshwar.com/finance/insurance/Liabil ity-Insurance.html

    These links refer to the concept you're talking about. The second refers to the UK Consumer Protection Act, but the concept is general and fairly well accepted. From the first link:

    "...any product that is sold comes with an implied warranty of merchantability and fitness for a particular purpose; and, just by selling a product, a seller is implicitly promising that: (1) the product is merchantable, i.e., fit for the ordinary purposes for which such products are to be used, provided that the seller is in the business of selling products of that kind; and (2) the product is fit for a particular purpose, provided that the seller, at the time of sale, knew the particular purpose for which the product was required, and the buyer relied upon the seller's skill or judgment in selecting a suitable product for that purpose."

    This hasn't been successfully applied to software cases like this, but the issue hasn't be ruled out either. But it's hardly a stretch to expect that software such as a spreadsheet comes with an implied warranty that ordinary financial and statistical calculations are properly performed.

  7. Shame?! by krygny · · Score: 5, Insightful

    "Shame on all those who praised and continue to praise the OOXML formula specification without actually reading it."

    Reminds me of something I once heard a congressman rationalize in reference to a bill he just voted for containing several lame provisions (many with which he did not even agree): "Do you have any idea what reading a bill like that would entail?" I do. It would entail you doing your fucking job.

    --
    Research shows that 67% of those who use the term "research shows", are just making shit up.
  8. Re:Guess what? by azrider · · Score: 5, Informative

    Touche on the high school part, forgot about that. :) The main customers are of course still enterprises. I still think the default argument should be radians.
    Who cares whether the default argument is degrees or radians. Two things are missing from the quoted "specification" document:

    1: What is the default argument

    2: Is the specification consistent across all functions which use this type of value as an argument

    A specification which conforms to neither proper or common usage is worse than no specification at all

    This is what Rob Weir was saying.

    --
    And ye shall know the truth, and the truth shall make you free.
    John 8:32(King James Version)
  9. MS claims this is a FULLY DEFINED STANDARD by tinkerghost · · Score: 5, Informative

    When other people claim a standard is fully defined, it means that all the standard use cases are defined* - units, expected parameters, optional parameters, etc. In the real world, nobody uses radians. Radians are used by engineers & scientists. Pilots, backyard builders, school children, and the occasional office worker use degrees.

    To be honest, nobody cares if OOXML defines SIN(x) to take radians, degrees, gradians, or hyperbian-arc-vectors. What we care about is that someplace in the fully defined standard, OOXML needs to say:

    DEFINE: SIN(x[,unit])

    • SIN: geometric function dictating the height of a right triange with a hypotonous of 1 and an angle of x.
    • x: parameter describing the angle to be operated on by the sin function
    • unit - optional: one of a predescribed list of standard descriptors for angle:
      1. D: Degree - unit of angle defined as 1/360th of a full circle
      2. R: Radian - defined as the angle at which the length of an arc is the same as the radius of the arc. 1/2Pi of a full circle ~ 57.3 degrees
      3. G: Gradian - unit of angle defined as 1/400th of a full cicle.
      Missing unit parameters are defaulted to Radians. Unknown unit parameters will result in a type error.

    That's how a proper standard useable for international work in multiple fields is defined. You do not just dump your US help file into the standard & call it done. I have had to deal with a lot of standards, both Military and Industrial, the OOXML standard is well below the grade of the average Mil or Ind standard.

    That's before you get to the point of inclusions in the standard like "Must Replicate Office 98 Behaviour for this feature". Now, if there was a reference to another standard that defined Office 98 behaviour, then it's not a problem. However, I don't see a reference included in the OOXML standard. Worse, for dates, OOXML defines the proper behaviour as their broken implimentation of the Gregorian Calendar - a direct conflict to the existing ISO standards.

    I don't care who sponsored this standard, it's not a properly writen standard. It has huge holes & it's contradictory to several existing standards. Either one should get it rejected. If MS cleans it up so it meets the actual requirements of a "STANDARD" then they should get approved. If they leave it as the crap heap it is, it should be rejected.

    *- if passing sqr(-6) as a unit works in the implimentation, that's not the standards problem. However, if the standard fails to mention the default unit type & the existance of the unit parameter, then there's an issue.