08.28.07
OOXML: Security Flaw Found, Microsoft Lies About It Again, African Revolt Against It, and ISO in Great Danger
It is not looking good for OOXML. Even if it passes the September 2nd test, the wrecks it will leave behind it will be highly damaging not only to Microsoft, but also to those that surround Microsoft.
OOXML Means… Deception
Microsoft systematically lies about OOXML. It does it deliberately. To use a few recent examples, consider this batch [1, 2, 3, 4, 5]. There are many more examples to be found, but they are not quite as ‘fresh’. If you thought Microsoft ran out of lies, then get a load of this.
Of course, Microsoft already knows all this, and no doubt that is why they are working so hard to urge NB’s to vote “Approval, with comments” with promises that their comments will be addressed at the BRM, a BRM that might not even occur. In fact, if everyone listened to Microsoft and followed their advice then that would almost guarantee that no BRM would be held and no NB’s comments would be adopted.
This is another disgraceful case of deception. Microsoft hopes to have its victims razzled and dazzled until it’s too later to change the mind.
OOXML Means… Not Secure
In the past, for a variety of reasons, OOXML was said to be unsafe. It’s unsafe because of poor digital preservation. It is unsafe because life is in jeopardy. It is unsafe because of untrusted binary macros. It is unsafe because it depends on the existence and direction of one single company. The list could go on and on, but there’s a theme here. OOXML is not a safe route for storing one’s (potentially vital) documents, history, and work.
If you thought you had seen it all, be aware that an XML-related flaw has just been discovered in Excel 2007.
Bradley Mountford, a digital forensics expert, today discovered a security vulnerability in Microsoft Office Excel 2007 regarding login information of external data sources.
Need anyone be woken up by a louder warning signal? Inelegant formats are bound to become susceptible to abuse. Without reuse, there is plenty of room for mistakes. OOXML is not just buggy, but it is also risky.
OOXML Means… Imperialism
Recall our very recent post about OOXML in the African continent. Reciting some key information:
In response they [Microsoft] have apparently been sending PR teams around to national Standards boards all over the world(Ghana for a fact) to lobby for votes for OOXML under the guise of talking about ‘Open XML Standards’.
Bear in mind that Ghona is actively pursuing Free software, but it’s also an easy target for the notorious “exchange of favours/money”.
The minister also said that “Ghana’s legislators, of which I am a member, use Linux to support the computing facilities at Parliament House”.
Here is where the news comes in. It follows the articles (some of which were cited in our previous Africa-tagged post) about Microsoft’s abuse through lock-in. Right now, the African civil society is actually courageous enough to warn Microsoft. To paraphrase Pamela Jones (in a different context), Africa is not as ignorant as Microsoft needs it to be.
African Civil Society Organisations (CSOs) may be spoiling for war with the global software giant, Microsoft Corporation, over its bid to have its DIS 29500 ‘Office Open Extensible Markup Language (OOXML)’ endorsed by the International Standard Organisation (ISO).
Miscellany: OOXML Means… The End of Standards
It wasn’t long ago that the OOXML petition site posted and posed the 5 famous questions about OOXML.
Here are some 5 simple questions you should get an answer from your Standardisation Body, from ECMA, or from Microsoft…
These questions make it evident that OOXML becoming a standard would be absurd, to say the very least. The Web is filled with new comments about OOXML’s progress and here is one that caught my eye:
MS threatens legitimacy of ISO
Microsoft whines they are following the rules. Well, it’s also within the rules to fire a competent and cooperative single mother of 4 children and replace her with your drinking buddy. Some rules.
ISO will commit suicide if OOXML becomes a standard as it is now. But maybe that’s what Microsoft wants.
Closing a loop here, in reference to the issue of OOXML and safety, have another look at what Rob Wier said last week. It’s the conclusion in an essay whose title was “Is it [OOXML] safe?” (highlight in the quoted text is ours):
The tragedy of this is that for so many NB’s, with talented technical committees, the discussion of OOXML has failed to be a technical evaluation, but has quickly become a political game, where committees are stuffed, governments are pressured, billionaires call in favors, competitors blocked from participation, voting rules ignored or modified at whim, etc. All we can do is stand by and watch as Microsoft takes over JTC1. The cost to Microsoft will be great, but so much greater is the cost to JTC1. What will it mean for JTC1’s future to be known as a body that does not follow its own rules, does not evaluate proposals on technical merits, but has procedures so weak and poorly written that it allows itself to be taken over by a single company? Quis custodiet ipsos custodes?
Highlight: Novell was the first to acknowledge that Microsoft FUD tactics had substance. Novell then used anti-Linux FUD to market itself. 
Highlight: Xandros let Microsoft make patent claims and brag about (paid-for) OOXML support. 
Highlight: Linspire's CEO not only fell into Microsoft arms, but he also assisted the company's attack on GNU/Linux. 
Highlight: Microsoft craves pseudo (proprietary) standards and gets its way using proxies and influence which it buys. 
Highlight: The invasion into the open source world is intended to leave Linux companies neglected, due to financial incentives from Microsoft. 
Analysis: Xen, an open source hypervisor, possibly fell victim to Microsoft's aggressive (and stealthy) acquisition-by-proxy strategy.