Slashdot Mirror
Office 2003 Bug Locks Owners Out
I Don't Believe in Imaginary Property writes "A Microsoft Office 2003 bug is locking people out of their own files, specifically those protected with Microsoft's Rights Management Service. Microsoft has a TechNet bulletin on the issue with a fix. It looks like they screwed up and let a certificate expire. There's no information on when the replacement certificate will expire, though, or what will happen when it does."
Actually, it's not really a bug, just the usual friendly reminder from Microsoft that there's a new version out and it's time to ante up again.
"I've got more toys than Teruhisa Kitahara."
Putting that amount of trust in a third party that has the power to lock you out of your own files... It boggles the mind as to why that is acceptable in anything of importance.
Sigs are too short to say anything truly profound so read the above post instead.
I know a LOT of people still using MS Office 2003. Some people dislike the Ribbon System with '07's version. Some people are too cheap to upgrade when the old copy still "works".
That's why there's OpenOffice. An experience that brings you back to the good 'ol days of Office 2003 for free. Actually, it may even bring you back to the days of Office '97.
At least until the next version comes out. Then you have the ribbon too. God, I hope it can be disabled.
There's no place like
Why did you put "works" in quotes? Office 2003 still does, in fact, work. It works just fine.
A lot of people are still using Office 2003 because the number of new features that impact daily usage seems to shrink with every new release. Why upgrade when the version you have does everything you need it to, and the new version doesn't do anything you wish it did?
There's always someone who will benefit from [insert new feature here]. But for the rest of us, Office has suffered from a paucity of innovation since 1995. If anything, things have gotten worse -- e.g. they keep trying to make Microsoft Word "smart," but the result is a program that's too smart to be obedient and too stupid to do what you actually want it to do.
The writing's on the wall for Office. If the folks in Redmond don't figure out something reeeal soon, Office is toast.
What's worse is when Microsoft does not exist anymore at some point in the future. Eventually, the certificates will expire again; then -- without Microsoft to renew them anymore -- you're screwed.
Want to access your important, digitally protected documents? Sorry.
I get your point but this is a little different.
Not having perfect page layout might take you 30 minutes to fix. Worst case, the text is in a zip file and can be pulled out.
Not being able to read encrypted data would be a little bit more serious.
She was like chocolate when she drank... semi-sweet at first and then increasingly bitter.
Microsoft gets people to update by giving their product to the CEOs and "bigwigs". When everybody _else_ in the organization cannot read or use the new format for the documents, they have to keep bouncing transfered documents back to the aforementioned bigwigs. Eventually the bigwigs get tired of the fact that they cannot understand how to use save-as-older-format, and they dislike having their underlings telling them to do things, and they cannot bear to find all the files they saved and re-save them before they downgrade back to the old version... So the entire company naturally has to pay to upgrade everyone.
Repeat that at the border of the company. Every iteration of Little Company that works with and is dependent on Big Company, cannot allow themselves to be seen as unhelpful nor out of date, and they cannot bounce the documents they receive via email etc. without giving that exact impression...
Letting certificates expire is _not_ a Microsoft "strategy", it's an artifact of their adoption of "We don't care. We don't have to. We're The Phone Company" where there is no longer just one phone company, but Microsoft wants to be "The Software Company".
This _is_ egg on their face, but the only ones who will not yell "brilliant omelet" are the people who can connect the "Trusted Computing" dots. Letting the world _again_ see what it means to leave the keys to your property in the hands of any entity that doesn't _have_ to care is just another Microwhoops...
Innocent people shouldn't be forced to pay for inferior software development.
--"Code Complete" Microsoft Press
At least until the next version comes out. Then you have the ribbon too. God, I hope it can be disabled.
Agree. The Ribbon was a tremendous step backwards in user friendliness, all in the name of eye candy. It sucks. Way too long a familiarisation curve. In contrast, I'm having zero trouble -- almost zero thought -- in using the plain vanilla Gnome / Open Office interface to do the stuff I need to do on the home laptop, i.e. load documents, edit them, and store them.
Do not mock my vision of impractical footwear
...to handle writing scientific reports on Linux, and AbiWord wasn't up to the job (Note to trolls: please don't bother with shill posts for TeX/LaTex. I'm sure it's very good, but I've got work to do.)
Excuse me but would you also consider someone who tells a carpenter that a hammer is a much better tool for driving nails than a stapler a troll because you can't be bothered taking three seconds to figure out what end of the hammer to hold?
/Mikael
Greylisting is to SMTP as NAT is to IPv4
I'd prefer it to say "The document you are trying to access has been secured by Microsoft Rights Management Service, but the signing certificate has expired. Please see your Administrator regarding updating or renewing your certificate."
Still, I suppose no MS coder had ever considered that a time limited certificate would ever expire.
Finally had enough. Come see us over at https://soylentnews.org/
Every error message that Microsoft has ever written is like this.
Sometimes they think to include a way of getting the full error in proper technical language across - maybe by writing to the event log or having a "click for technical details" option but more often than not they don't. As a Unix admin, it's immensely frustrating dealing with software which goes so far out of its way to be opaque.
I love these kind of messages. Everybody keeps calling me, it says here you know what is going on. WTF? I don't have a clue what you've done, just because I am the system administrator I am not telepathic or having some kind of better error messages mailed to me...
Even better, you are installing something and the dialog pops up: "Contact your system administrator". I am the fucking administrator if I wasn't I wouldn't be logged in as 'administrator'...you haven't told me what the problem is...
Actually, my experience with LaTeX is that if you look at it as HTML with different keywords and keep some decent documentation nearby (there are several good PDF books available for free online) it is easier to use LaTeX if you want sane printable results than it is to use MS Word or another word processor (hell, the reason I started using LaTeX to begin with was because I got fed up with trying to force word processors to give me decent output).
/Mikael
Greylisting is to SMTP as NAT is to IPv4
Code reuse is the more likely problem. The biggest problem is that each component has to assume there is no UI. It could be in a GUI, or commandline, or silent mode, or a service, or whatever else, so it doesn't pop up an error message - it just returns a value.
You tell your handy security library to use the internet library to connect to the microsoft server thingie, and the internet library doesn't have any reason to know about certificates. The security library assumes the certificate will always be valid (or the network will take care of that), so it doesn't have a "bad certificate" return value. Then the app doesn't check the return values (only success/fail), or it's not in the list of things to check.
Detailing your actions makes it easier to disassemble and comprehend, so lots of proprietary coders don't do that. Bubbling up an exception could have a detailed description of why something failed, but proprietary coders don't want end users to see the gory details of what their code is doing. "Confusing error messages" is one of those things Windows users hate, so they generally either detail what you might do to fix it or, if it's too detailed or on a server instead, just skip that part.
It's nothing the user can do anything about, so why bother reporting it? Plus you need to make translations and test cases to ensure your message pops up in all languages when the cert is expired... more work when you could just ship it, and list a known risk that the server team has to keep the cert up to date.
I know, tldr. Black box programming combined with allowing ignorant users peace of mind will result in this type scenario every time. I always chuckle when I see "Table or view does not exist" errors in Oracle SQL when I can see the table in the list of ALL_USER_TABLES or similar. I don't have access to it, and revealing that it exists but I'm, not allowed to read from it might be a security violation the same way "bad username" vs "bad password" gives brute-force people more information to work with so you say "bad username/password combination" and now they don't know if the user exists. Maybe they thought of that, or maybe they tried to select, got 'denied' return code, and translated that into one they do have a text string for.
So many possibilities, of which yours is the least likely. Exceptions can be done well, there just aren't enough good examples out there so it takes a serious debugging headache before someone looks at a better way of doing it. Then Management says the errors are too wordy and you're back to "Unexpected error" meaning everything from "Network down" to "I crapped my pants".