Slashdot Mirror

← Back to Stories (view on slashdot.org)

Few of OOXML's Flaws Have Been Addressed

Posted by ryuzaki0 on from the digging-under-the-hood dept.

I Don't Believe in Imaginary Property writes "IBM's Rob Weir has done a study on how many flaws were addressed by the OOXML Ballot Resolution Meeting. So far, using a random sampling technique, he has yet to find a flaw that was addressed, making the upper bound a paltry 1.5%. Even so, he's found a number of new flaws, including a security vulnerability: OOXML stores passwords in database connection strings in plain text. At least there were no mistakes on five of the first twenty five random pages he reviewed."

8 of 162 comments (clear)

  1. Office 2007 by number6x · · Score: 4, Interesting

    Do any of these flaws exist in Office 2007?

    If not, why are they in the OOXML proposed standard. If the standard does not describe the OOXML format used by Microsoft, then what does it describe?

    Why can't they just document the format that they use and get this over with? Or are they doing all this for show, and there is no real substance in OOXML?

    1. Re:Office 2007 by TropicalCoder · · Score: 5, Interesting

      You'll remember Stéphane Rodriguez who gave us Microsoft Office XML formats? Defective by design back in August, 2007?

      Since then, in February, 2008 he produced The truth about Microsoft Office compatibility and Typical B.S. in technical articles about OOXML and now Bad surprise in Microsoft Office binary documents : interoperability remains impossible Thursday, March 13, 2008.

      These blogs are at the same level of depth as Rob Weir's latest blog, and demonstrate that Microsoft's policies as detailed below continue to this day.

      From OOXML is defective by design...

      "Mr Bill Gates in person sent in 1998 a memo to the Office product group (led by Steven Sinofsky at the time), memo undisclosed to the public thanks to the IOWA consumer case :"

      From: Bill Gates

      Sent: Saturday, December 5 1998

      To: Bob Muglia, Jon DeVann, Steven Sinofsky

      Subject : Office rendering

      One thing we have got to change in our strategy - allowing Office documents to be rendered very well by other peoples browsers is one of the most destructive things we could do to the company.

      We have to stop putting any effort into this and make sure that Office documents very well depends on PROPRIETARY IE capabilities.

      Anything else is suicide for our platform. This is a case where Office has to avoid doing something to destroy Windows.

      I would be glad to explain at a greater length.

      Likewise this love of DAV in Office/Exchange is a huge problem. I would also like to make sure people understand this as well.

      -----------


      Clearly the word is getting out about the problems in OOXML. Stéphane Rodriguez notes at the bottom of OOXML - Defective by design:

      Update : this article was Slashdotted on Sunday 26 of August.

      Update2 : this article is taking 300,000 hits a day, and is making it all around the world in all kinds of sites. My web host provider was so angry at the peak in traffic that he threatened to cut me off, so I had to redirect to a blog site such as Google's blogger to host the article.

      Update3 : wednesday august 29, added a new section on Document security

      Update4 : friday august 31, added more content to sections US English and Windows dates

      Update5 : sunday september 2, added a quick comparison between ODF and ECMA 376

  2. huh? by trybywrench · · Score: 4, Interesting

    This may be off topic but why exactly are there database connection strings in a document format?

    --
    I came to the datacenter drunk with a fake ID, don't you want to be just like me?
    1. Re:huh? by RobBebop · · Score: 2, Interesting

      This also violates the (good) Model/View/Controller software architectural model by kludging the view and controller together in the same product.

      No, not really. Think a simple mailmerge with data from the database. There is no Controller, only a model (the DB) and the View (the document). You fetch the data from the database and mailmerge it.

      Yes, I have read that a compelling reason to stick to Microsoft Office is the ability to Mailmerge, which is fine. I have never gone through the hoops to perform a Mailmerge, so bare with me. My belief is that the whole purpose to send the date (in the database) through the document (which is the controller) to a printer (where it can be viewed). This simple/trivial application actually does separate Data/View/Controller.

      Saying there is no controller is like saying there is no spoon. Just because it is disguised amongst the cruft of a larger, more complicated application doesn't mean it isn't there.

      --
      Support the 30 Hour Work Week!!!
  3. enough is enough by BroadbandBradley · · Score: 4, Interesting

    how long will it take people to shrug off this death grip of MS and realize that it's costing billions in productivity? I received an XLS file of contacts yesterday and I figured I'd try using Outlook to import it into an address book so I could then sync to other things like Gmail. Outlook choked and recommended assigning values to the columns using another MS product - MS Excel. SO, I saved the file as CSV, and imported using Thunderbird which gave me an easy dialog to match up name,email, phone, website..and so on. Worked great! then I used thunderbird to open the second file and it remembered the previous adjustments and everything was already lined up! Awesome stuff and I wasn't prompted to buy any other products!

    I'm seriously considering wiping all the PC's in my office and advising the staff to just learn Ubuntu to avoid this whole MS deathgrip. None of the staff are advanced users except my web guy who codes in a text editor anyhow. FMS.

    --
    "The Most Fun Possible on 4 wheels" is at SunBuggy in Las Vegas
  4. Re: ad hominem by ozbird · · Score: 2, Interesting

    You mean like the slur made by a Microsoft employee against a Standards New Zealand representative?

  5. Re:Um, this is a perfect example of "ad hominem".. by Skrapion · · Score: 2, Interesting

    Here's the difference, though. You're assuming the OP said:

    "Rob Weir can't be trusted because it's in his best interest for OOXML to fail."

    But the spirit of what the OP said was actually closer to this:

    "I don't trust Rob Weir, because it's in his best interest for OOXML to fail."

    It's actually a pretty big difference. The first statement is a logical fallacy, but the second one is just explaining his personal bias. And keep in mind that the OP specifically stated that Rob Weir "might well be right".

    --
    The details are trivial and useless; The reasons, as always, purely human ones.
  6. Re:What's the point? Who is going to follow this? by johannesg · · Score: 3, Interesting

    You are absolutely spot on, and what's worse, we can also confidently predict the next step: governments and organisations will be falling over themselves to proclaim their support for OOXML, since it is "an ISO standard". Then they will happily sign their soul over to Microsoft because they have a product that implements this standard, while at the same time disallowing OpenOffice and other office packets because they are not fully compatible with MS Office.

    Then we will tell them that Microsoft is actually not implementing their own damn standard correctly, and we will be laughed away - after all, Microsoft *IS* the standard, so how could it be incorrect?

    And it will all be business as usual...

    The whole thing makes me intensely sad. By the way, we had some articles about the Dutch government requiring open formats a while ago. I professed severe scepticism at the time. Let me give you a little update on that one, then: as it is, the new desktops are required to support a very wide range of technologies that can ONLY be fullfilled by having MS Office on MS Windows. So although the government requires open standards, it also requires Active Directory, for example. And guess what they are buying? Yes, that's right: MS Office on MS Windows. But, we are told, in the next round (in 2011 or so), there will definitely be an opportunity for Linux "because in this round we are already ensuring compatibility".

    As I said, business as usual.