Jeremy Allison On Microsoft, OOXML and Standards

An anonymous reader writes "OOXML is already Microsoft's "de facto" standard as implemented in Office 2007, so when would any changes arising from the Comments Resolution meeting in February 2008 be put in place? According to Jeremy Allison's latest column, when last minute changes were suggested for the CIFS standard, which Samba exists to disentangle, "the response came back from Microsoft that although the fixes were valid, unfortunately the code was already written and was going to be shipped in the next service pack. End of discussion. It wasn't even in a shipping product yet, but the specification was determined to be unchangeable as they didn't want to change their existing code.""

Where does that leave the standardization process?

[GreatBunzinni]

Correct me if I'm wrong but isn't it that in order for a file format to be accepted as an ISO standard there has to be at least a couple of independent working implementations? If Microsoft's OOXML is amended but the only piece of software which implements OOXML doesn't even follow the standard presented to ISO, where does that leave the OOXML's standardization?

Money Quote

[Mateo_LeFou]

"My own favorites were Cuba voting "yes" to the fast-tracking of OOXML, even though Microsoft is prohibited by the US Government from selling any software on the island that might even be able to read and write the new format, and Azerbaijan's "yes" vote, even though OOXML as defined isn't able to express a Web URL address in Azeri, their official language."

Why does it need Microsoft to say yes?

[BasilBrush]

If this is supposed to be a standard, supposedly in the hands of a standards body, then why would it need Microsoft's permission to change the things that are broken in it. The standards body should change the spec to fix some of the worst deficiencies highlighted by the comments. And then if Microsoft doesn't change their code match, then point out that Microsoft's implementation is in breach of the standard.

Re:Why does it need Microsoft to say yes?

[nine-times]

Why should the standards body bother to try to fix Microsoft's broken spec at all? Why not just reject it, and say, "Sorry, Microsoft, but here's a list of things you have to fix before we'll look at it again."

Re:Why does it need Microsoft to say yes?

[Locutus]

yes, there is a problem here isn't there? For one, an open spec is usually accepted and governed by an industry organization. So ISO, after years of working with industry partners on ODF, maintains the ODF formats/specs. But the Microsoft spec, well that is and EMCA spec and ECMA allows proprietary IP in their spec and allows the charging of licensing fees. Also, MS OOXML was created be and is controlled by Microsoft. They effectively purchased their way into the ECMA standards process with their sole ownership of the product. It was intended that they would use a special "fast-track" mechanism the ECMA and ISO have, and use it to quickly sidetrack much of the public forums an ISO spec goes through.

But back to the point of who manages an open spec. So ISO has a spec they are managing and it's called ODF. Now, Microsoft wants them to also spend their time/efforts on the MS OOXML spec and it would be ISO's job to maintain both specs. The thing to realize here is that never has Microsoft intended to do this for open access to their file formats. This whole thing has been devised as a scheme to block acceptance of ODF and is a reaction to ODF. Remember, ODF took years to get through the process. Not to mention that Microsoft has been fooling the public+dog with it's open XML talk for over 10 years now. It is all bull shit. It is Microsoft. Need I say more?

LoB

Re:where is the problem?

[QuietLagoon]

if they don't change it, then don't approve it as standard

The problem is that Microsoft (in an implicit admission that its software is sub-standard) is using the profits from its cash-generating Windows monopoly to buy votes in favor of its submission.

In other words, to paraphrase Ballmer, Microsoft could submit a ham and cheese sandwich for ratifcation, and it would be approved.

Rarely Asked Questions

[jkrise]

I think Microsoft and even Slashdot must replace the FAQ section with a RAQ section, where questions of the "Emperor's New Clothes" type can be asked and answered. This bit in the original article is very thoughtful, and one I've been asking myself:

"...after analysis by some of the experts on the list we discovered that there were some theoretical holes to the new signing protocol, which needed a few trivial changes in order to fix and improve the security. After these proposals were submitted, the response came back from Microsoft that although the fixes were valid, unfortunately the code was already written and was going to be shipped in the next service pack. End of discussion. It wasn't even in a shipping product yet, but the specification was determined to be unchangeable as they didn't want to change their existing code...." I think Mr. Jeremy Allison and Microsoft have different views on security. Any layman would think that security means 'of the product' or 'of the user'... but Microsoft seems to think about its own financial security; which in turn seems to be based on the INSECURITY of its products, services and service packs!

Microsoft has laboured hard to create an impression that a 'secure' system is one that needs daily patching, and must be 'closed' and 'proprietary'. Allison & co. KNOW FULLY WELL that an open, documented and properly implemented system provides true security.

The recent unwarranted update of Windws Update is a case in point. Users who would trust only themselves, and who use Windows only to run their applications, would not like to destabilise their environments by introducing new untested undocumented additions. If it works, they reason, no need to touch it.

In Microsoft's view, their present proprietary document formats have been an enormous cash cow, they will not break that by opening up the formats and inviting needless competition. Which is why, even if the OOXML spec undergoes lots of changes and lengthy explanations; there will not be a single faithful implementation. Including in Office 2007.

Can someone ask this "Rarely Asked Question" to responsible folks at Redmond, and see how they respond?

Re:Where does that leave the standardization proce

[jkrise]

isn't it that in order for a file format to be accepted as an ISO standard there has to be at least a couple of independent working implementations?

Actually I thought so too myself, but apparently this is forbidden by the ISO! However the spec itself must be complete, self-contained and authoritative... this bit I am quoting from a related link from a Groklaw article, in the comments section of Mr. Alex Brown's blog:
http://www.adjb.net/comments.php?y=07&m=09&entry=entry070909-104641
and the Groklaw article is here:
http://www.groklaw.net/article.php?story=20070910110639612

The relevant answer:

ISO rules forbid reference implementations. The thinking is that the text must itself by complete, self-contained, and authoritative; a reference implementation opens the possibility of deviation from the text, thereby creating uncertainty about which is "right".

That said, in SC34, we follow the practice of informally requiring that our "home-grown" standards (RELAX NG, NVDL, Schematron etc) are proved efficiently implementable during standardisation. If my time wasn't so taken up with DIS 29500 I would be working on an implementation of DTLL in Java to accompany the draft standard, for example!

Re:I must have missed something HUGE

The number of servers metric is close to useless anyway. We have nearly 500 exchange servers plus another 200 domain controllers (100k employees worldwide) and only one Linux machine... However, the Linux system is on three of the most expensive pieces of hardware you can even imagine, backed up by an immense SAN, and serves apps and data to every user in the company concurrently.

That's where it gets political.

[khasim]

If OOXML is accepted as an ISO standard then Microsoft's implementation of that "standard" will be the "de facto" standard implementation of it. Not exactly a "reference implementation" but effectively accepted as such.

Even if Microsoft's implementation doesn't follow any of the published "standard".

Just as IE was the "standard" when you were designing a web page. Sure, you could follow the official WWW standards, but if IE couldn't render it, it was considered "broken" by the general public.

Re:I must have missed something HUGE

Don't forget bot-nets... Those are servers too.

Re:Where does that leave the standardization proce

[jkrise]

Wait a minute, doesn't that make the spec inherently unacceptable due to the large number of "do this like this previous version of our software did, but we're not going to tell you how" parts?

Nice question. 3 answers:

1. Technical answer: Yes, the spec as currently documented, would be technically unacceptable, unless detailed explanations are provided over the next few months; covering all 'proprietary' and legacy behaviour.

2. Viable answer: A half-hearted attempt will be made to explain these 'quirks' and resubmitted for consideration.

3. Financial answer: The Office market is worth billions to Microsoft. Countries like Ruritania, Fuckmenistan, Utopitamia, Timbucktoo etc. are available for a few millions. If not the earth, even places on the moon can be declared independent nations for ISO purposes... a trip to the Moon is just a few millions; while a trillion dollars are at stake. These new P-members will pee on the sanctity of the ISO processes, and the OOXML will be on a fast track to nowhere.

Next question?

Re:Where does that leave the standardization proce

[marcosdumay]

Requiring implementations is different from requiring "reference implementations". Since their network standard, ISO changed its procedures to encourage people to ask for functional implementations (from different vendors) of the standards they create.

But a reference implementation is "do it like Office 2007". ISO doesn't accept that, the specification should be on a document, not a software.

Re:where is the problem?

[m2943]

In other words, to paraphrase Ballmer, Microsoft could submit a ham and cheese sandwich for ratifcation, and it would be approved.

That sounds like a much better standard than OOXML, and it's much easier to implement for everybody. And if Microsoft tries to sneak bits of a 10 year old ham and cheese sandwich in there, like they did with OOXML, people will know the second they bite into it.

they have no intention of making an open standard

[Locutus]

don't fool yourself, Microsoft has no intention of letting other compete and/or have open access to its application file formats. Microsoft Office generates over 30% of Microsoft's profits, yes profits, and they will not give that up.

All this stuff about openness is about keeping Open Office and its ODF fileformat from being chosen as a government standard.

So don't kid yourself an believe there is any other motive or that they would consider implementing those comments to clean up the spec. Hey, there's nothing in their history to suggest they want to compete in this sector. They own it now, it's worth billions in profit annually, and they will not give it up. So let's stop fooling ourselves into thinking it is anything else.

LoB