Slashdot Mirror

← Back to Stories (view on slashdot.org)

Few of OOXML's Flaws Have Been Addressed

Posted by ryuzaki0 on from the digging-under-the-hood dept.

I Don't Believe in Imaginary Property writes "IBM's Rob Weir has done a study on how many flaws were addressed by the OOXML Ballot Resolution Meeting. So far, using a random sampling technique, he has yet to find a flaw that was addressed, making the upper bound a paltry 1.5%. Even so, he's found a number of new flaws, including a security vulnerability: OOXML stores passwords in database connection strings in plain text. At least there were no mistakes on five of the first twenty five random pages he reviewed."

14 of 162 comments (clear)

  1. Corruption. by twitter · · Score: 5, Insightful

    Why fix flaws when you can buy voters?

    --

    Friends don't help friends install M$ junk.

  2. Office 2007 by number6x · · Score: 4, Interesting

    Do any of these flaws exist in Office 2007?

    If not, why are they in the OOXML proposed standard. If the standard does not describe the OOXML format used by Microsoft, then what does it describe?

    Why can't they just document the format that they use and get this over with? Or are they doing all this for show, and there is no real substance in OOXML?

    1. Re:Office 2007 by corsec67 · · Score: 4, Insightful

      Or are they doing all this for show, and there is no real substance in OOXML?

      The reason MS is bothering with ISO is because a few places have started to require that documents be stored in an ISO defined format.

      The problem is that having a true ISO defined format means that you open yourself up to competition, so MS wants to get their format defined as ISO certified without allowing any competition.

      --
      If I have nothing to hide, don't search me
    2. Re:Office 2007 by Basilius · · Score: 5, Insightful

      There are no existing implementations of the proposed OOXML standard, so whether Office 2007 has the same defects or not is sort of irrelevant. MSFT has stated that they will not be implementing the standard as proposed, but will be going a different direction. And, given the nature of parts of the standard, nobody BUT Microsoft can fully implement it.

      The mere fact that there ARE no implementations of OOXML, however, should be a giant, florescent, waving red flag. No standards body should adopt a standard that cannot and will not be implemented by the proposers.

    3. Re:Office 2007 by peragrin · · Score: 4, Insightful

      If MSFT fixed the flaws with OOXML then there wouldn't be a problem.

      it's not that OOXML is bad, it is that OOXML is broken and MSFT is trying to ram it through anyways. there is nothing there that can't be fixed. MSFT however doesn't want it fixed because OOXML 2010 is just around the corner and it won't be the same as OOXML 2007. Also OOXML 2010 becomes a defaco standard even though it isn't ISO certified since it is marketed as OOXML.

      this is how MSFT works if you don't know this then go back and look at the past 30 years of how MSFT treats it's customers, vendors, and slaves.

      --
      i thought once I was found, but it was only a dream.
    4. Re:Office 2007 by TropicalCoder · · Score: 5, Interesting

      You'll remember Stéphane Rodriguez who gave us Microsoft Office XML formats? Defective by design back in August, 2007?

      Since then, in February, 2008 he produced The truth about Microsoft Office compatibility and Typical B.S. in technical articles about OOXML and now Bad surprise in Microsoft Office binary documents : interoperability remains impossible Thursday, March 13, 2008.

      These blogs are at the same level of depth as Rob Weir's latest blog, and demonstrate that Microsoft's policies as detailed below continue to this day.

      From OOXML is defective by design...

      "Mr Bill Gates in person sent in 1998 a memo to the Office product group (led by Steven Sinofsky at the time), memo undisclosed to the public thanks to the IOWA consumer case :"

      From: Bill Gates

      Sent: Saturday, December 5 1998

      To: Bob Muglia, Jon DeVann, Steven Sinofsky

      Subject : Office rendering

      One thing we have got to change in our strategy - allowing Office documents to be rendered very well by other peoples browsers is one of the most destructive things we could do to the company.

      We have to stop putting any effort into this and make sure that Office documents very well depends on PROPRIETARY IE capabilities.

      Anything else is suicide for our platform. This is a case where Office has to avoid doing something to destroy Windows.

      I would be glad to explain at a greater length.

      Likewise this love of DAV in Office/Exchange is a huge problem. I would also like to make sure people understand this as well.

      -----------


      Clearly the word is getting out about the problems in OOXML. Stéphane Rodriguez notes at the bottom of OOXML - Defective by design:

      Update : this article was Slashdotted on Sunday 26 of August.

      Update2 : this article is taking 300,000 hits a day, and is making it all around the world in all kinds of sites. My web host provider was so angry at the peak in traffic that he threatened to cut me off, so I had to redirect to a blog site such as Google's blogger to host the article.

      Update3 : wednesday august 29, added a new section on Document security

      Update4 : friday august 31, added more content to sections US English and Windows dates

      Update5 : sunday september 2, added a quick comparison between ODF and ECMA 376

  3. Re:Whatever by Anonymous Coward · · Score: 5, Funny

    Ballmer is that you?

  4. huh? by trybywrench · · Score: 4, Interesting

    This may be off topic but why exactly are there database connection strings in a document format?

    --
    I came to the datacenter drunk with a fake ID, don't you want to be just like me?
    1. Re:huh? by Shados · · Score: 4, Informative

      Because people actually do work with Office Suites, and they are an integral part of the workflow and ecosystem of significant companies IT.

      For example, a spreadsheet is often the favored client for an OLAP system, and complex spreadsheets will get reused a lot, so connection strings may be part of the overall "application" that the document has become.

      People like me and (probably) you tend to use documents as just that: documents. But in the big boy's world, they're far more important than that.

  5. enough is enough by BroadbandBradley · · Score: 4, Interesting

    how long will it take people to shrug off this death grip of MS and realize that it's costing billions in productivity? I received an XLS file of contacts yesterday and I figured I'd try using Outlook to import it into an address book so I could then sync to other things like Gmail. Outlook choked and recommended assigning values to the columns using another MS product - MS Excel. SO, I saved the file as CSV, and imported using Thunderbird which gave me an easy dialog to match up name,email, phone, website..and so on. Worked great! then I used thunderbird to open the second file and it remembered the previous adjustments and everything was already lined up! Awesome stuff and I wasn't prompted to buy any other products!

    I'm seriously considering wiping all the PC's in my office and advising the staff to just learn Ubuntu to avoid this whole MS deathgrip. None of the staff are advanced users except my web guy who codes in a text editor anyhow. FMS.

    --
    "The Most Fun Possible on 4 wheels" is at SunBuggy in Las Vegas
  6. Re:Small bias? by cyxs · · Score: 5, Insightful

    Everyone has a bias but if he gives you the information that he used to form his opinion about something then you can read what he says and what he did and form your own opinions. He is giving detailed examples of what he found. He isn't just say "Everything is fine" or "They have WMD", he is giving how he comes to his opinion and showing you the facts.

    Yes his company maybe bias in not wanting the format approved, but does that make what he says less true? The facts speak the truth.

  7. Re:Whatever by el+cisne · · Score: 4, Funny

    "Does the poster have a chair?"

    Not any more.....

  8. Re:What's the point? Who is going to follow this? by MLCT · · Score: 4, Insightful

    MS doesn't care about anyone following it (since even they themselves aren't going to). All they are doing it for is so they can claim that MS Office uses an open ISO standard, OOXML (even though it won't use the ISO passed standard) so that governments, businesses and buyers are not scared away from their products.

    As with everything MS does it is all about control and money. They have observed the fights that took/are taking place at various governmental and state levels over the mandatory use of an open standard - and they see that it is a threat to their monopoly, hence they have strategised to nullify the problem without giving up any of their control. The whole thing is a rate 10 sham. And if anyone ever wants to know why a lot of people don't trust MS then this is a perfect example of it - the process and the mockery they are making of it is frankly satirical.

  9. Who else? by Tony · · Score: 5, Insightful

    Riiight. We should have one of the few people willing and able to examine the standard for flaws just not do it. That's an excellent idea.

    At what point has IBM been dishonest? Rob Weir is an employee of IBM. They have a distinct interest in making sure that whatever format is approved, they are able to implement it. Therefore, it is in their best interest to make sure it is a good standard. As they have determined that it isn't a good standard, what should they do? Not talk about it?

    The fact that his bias is out in the open is perfectly fine, as is the example you give from Peter Torr. That allows people to judge their statements, and account for possible bias.

    The problem with Weir recusing himself is this: nobody else seems to be doing this. Nobody else is standing up to a corrupted process, where the intended and stated results are sidelined for political expediency. If it takes one corrupt company to stand up to another corrupt company, then so be it. At least they are standing up to a corrupt company. (Yes, I'd prefer if neither were corrupt.)

    --
    Microsoft is to software what Budweiser is to beer.