On Aug 29, 9:12 pm, Roy Schestowitz <newsgro...@xxxxxxxxxxxxxxx>
wrote:
> ____/ alt on Thursday 30 August 2007 01:28 : \____
> > On Wed, 29 Aug 2007 07:09:53 -0700, Rex Ballard wrote:
>
> >> One of the big "features" of OOXML is the ability to include "blobs"
> >> (binary large objects), within the XML message itself. You can wrap an
> >> entire word document in an OOXML wrapper, and be "compliant". You can
> >> also wrap WMA, PPT, XLS, and VSD objects within OOXML, and still be
> >> compliant.
The other issue with this is that this technology or "feature" has
many of the same
"advantages" as ActiveX controls. One can enclose an executable
binary into
an XML file that is not human readable, and use the "worm" to download
spyware, malware, bots, and all of our other favorite forms of
software that
have already been traced back to Trojan Horses such as Internet
Explorer,
Outlook Express, and VBA Macros.
> >> Of course, this pretty much nullifies all of the reasons for using XML in
> >> the first place.
>
> > That's probably the largest reason I am against OOXML. Being able to
> > include a proprietary object within a standard is misleading.
Not to mentian a huge security risk.
It really is amazing to see how many of Microsoft's "enhancements" to
existing
standards such as rarp, dns, ldap, rpc, http, mime, and html have
turned out
to be huge security problems.
The point of open standards and open source is that there is a peer
review process.
This makes it much easier for qualified professionals and intertested
students to
identify even the most "theoretical" security issues, and get them
corrected.
This is one of the reasons that Unix/Linux is so widely used for
communications,
corporate integration, and business-to-business environments, where it
is critical
to share data, but control what data is shared very carefully.
Windows and Microsoft technologies are typically used in environments
where
the information is supposedly "private", such as PERSONAL computers.
The problem is that even a corporate workstation can download and
import
a Trojan designed to breach firewalls. These Trojans can make files
on the CEO
workstation as public as the home page of the corporate web server.
> > And I wouldn't be at all surprised if that's what happens in Office 2010
> > after the ISO "approves" OOXML as a standard.
Which will be out by when, 2013? One of Microsoft's critical gambles
was
that they assumed that releasing Vista and Office 2007 at the same
time
would drive the markets for each other. Instead, the two are killing
each
other's markets. As a result, corporate customers are sticking with
XP,
keeping their current OfficeXP licenses, and "Upgrading" by adding
OpenOffice, FireFox, VMWare Player, and Linux images.
Some software vendors, such as Oracle, IBM, and SAP are now
offering development systems, community editions, and other tools
as VMware Player images based on Linux. In some cases, users
don't even see the Linux admin interface, just application desktops.
> There's a lot more to this:
> * OOXML already has 'extensions'.
Which is exactly why it is irrelevant as a standard. If the standard
isn't complete enough
that it can be implemented by an undergraduate in 3-6 weeks, as a mid-
term project,
it is probably not implementable as a corporate standard at all.
> * MSO07 does not implement OOXML.
I'm not sure that is true. It gives the option to save in OOXML
format, but
may not produce output that adheres to the standard submitted to ISO.
If Microsoft can't comply with, and implement, it's own standard,
the standard is completely irrelevant.
> * OOXML is incomplete in that respect.
That is probably not an accident. Microsoft is using the ISO process
as a "smoke and mirrors" diversion tactic.
It's a bit like when Microsoft announced that they were supporting the
Web -
but introduced ActiveX, which was immediately shown to be a major
security
risk. Microsoft's solution was to get injunctions against the sites
that showed
the risks.
Microsoft announced they were supporting LDAP, but ActiveX thwarted
"Single Sign On" systems used by Linux, Unix, and Mainframe systems.
Microsoft offers a patch to make it compatible, but you have to make
yourself
a target for Microsoft's "aggressive marketing" (extortion, blackmail,
sabotage),
in order to get the patch.
> * Binary enclosures (in line) are part of the spec.
There are many who consider this to be a feature. There is a need to
be able to
some-how package binary elements, such as JPEG, PNG, TIFF, and GIF
objects
into XML. messages Sun's solution was to convert the binary into
RADIX-60 format,
which makes it easy to read the document using normal text editors.
Microsoft's
solution was to embed the raw binary, making it extremely difficult to
use traditional
text viewers and text editors to view the document.
> * OOXML is Windows-only (unless you backward engineer Windows under your O/S of
> choice).
Isn't that the whole point?
> There is more to be said here, but it's a case of repeating old fact that
> Microsoft is hiding.
This is yet another attempt by Microsoft to offer "enhancements" to a
standard that
threatens to open up the market to competitors to Windows.
*nix introduced XWindows - Microsoft introduced Windows
*nix introduced CORBA - Microsoft introduced DCOM
*nix introduced NFS/TCP/IP with RARP - Microsoft introduced NetBIOS/
SMB/DHCP.
*nix introduced HTTP/HTML - Microsoft introduced ActiveX
*nix introduced Java - Microsoft introduced C#
*nix adopted LDAP - Microsoft introduced ActiveDirectory.
*nix adopted XML - Microsoft introduced SOAP.
*nix adopted SOA - Microsoft introduced .NET
*nix introduced Plug-and-Play - Microsoft introduced Plug-n-Play.
In each case, Microsoft's implementation was an attempt to sabotage
the established open standard supported by numerous vendors and
customers.
In each case, Microsoft used it's pure "Muscle" to impose the
"Standard".
As Ballmer Put it "x00 million PCs running Windows - We ARE the
standard".
And of course Microsoft altered the standards with each release.
> ~~ Best of wishes
Rex Ballard
http://www.open4success.org/bio
|
|
