decoration decoration
Stories

GROKLAW
When you want to know more...
decoration
For layout only
Home
Archives
Site Map
Search
About Groklaw
Awards
Legal Research
Timelines
ApplevSamsung
ApplevSamsung p.2
ArchiveExplorer
Autozone
Bilski
Cases
Cast: Lawyers
Comes v. MS
Contracts/Documents
Courts
DRM
Gordon v MS
GPL
Grokdoc
HTML How To
IPI v RH
IV v. Google
Legal Docs
Lodsys
MS Litigations
MSvB&N
News Picks
Novell v. MS
Novell-MS Deal
ODF/OOXML
OOXML Appeals
OraclevGoogle
Patents
ProjectMonterey
Psystar
Quote Database
Red Hat v SCO
Salus Book
SCEA v Hotz
SCO Appeals
SCO Bankruptcy
SCO Financials
SCO Overview
SCO v IBM
SCO v Novell
SCO:Soup2Nuts
SCOsource
Sean Daly
Software Patents
Switch to Linux
Transcripts
Unix Books

Gear

Groklaw Gear

Click here to send an email to the editor of this weblog.


You won't find me on Facebook


Donate

Donate Paypal


No Legal Advice

The information on Groklaw is not intended to constitute legal advice. While Mark is a lawyer and he has asked other lawyers and law students to contribute articles, all of these articles are offered to help educate, not to provide specific legal advice. They are not your lawyers.

Here's Groklaw's comments policy.


What's New

STORIES
No new stories

COMMENTS last 48 hrs
No new comments


Sponsors

Hosting:
hosted by ibiblio

On servers donated to ibiblio by AMD.

Webmaster
MA:Full Steam Ahead on ODF & a Q About Security
Friday, January 06 2006 @ 01:56 PM EST

There is a new acting CIO for the Commonwealth of Massachusetts, Bethann Pepoli, and a new statement of support for ODF from the Governor's office. Here's Andy Updegrove's coverage, and Martin LaMonica's article on CNET, and also you can read an article on TMCnet:
Massachusetts has named an acting chief information officer, and the state is "on track" to use OpenDocument-based desktop software next year, a spokesman for the commonwealth's governor said Thursday.

LaMonica provides the statement from Eric Fehrnstrom, communications director at Gov. Mitt Romney's office:

"There have been no changes in the commonwealth's published OpenDocument rules, and we are still on track for a January 2007 implementation," Fehrnstrom said.

The search for a permanent replacement is ongoing. But to all the cynics and depressed souls who thought Microsoft had muscled its way to "victory," I did tell you that it wasn't so, did I not? This is the second public statement of support for Quinn's decision to go with ODF, and from all I know, which is a fair amount, it's solid.

Updegrove asks another question about security and MS XML in the light of the recent WMF security hole. It's an important question.

Here's his question:

One interesting email that I've received in light of the latest Microsoft security breach (here's one of the many articles on that topic from FT.com) asks whether any other product that supports the eventual XML Reference Schema will be at risk of painting a hacking target on their back, given how tightly Microsoft's Ecma submissions is locked on Office? In other words, if a hacker finds a back door that's required by the Ecma standard, would you have stepped into the same mess simply by complying, as required, with to the specification?

Of course, that could theoretically happen with any specification, but the more granular the spec, the higher the likelihood. But the XML Reference Schema, as I understand it, is more detailed than ODF, in order to ensure backward compatibility and to otherwise serve the needs of existing Office users. And, of course, XMLRS is based upon a product of the most popular hacker target around.

We'll be talking more about this in the future. And for those of you who have been wondering where Apple stands on this issue, since it seems to have a foot on both sides of the aisle, you may get some insight by following the discussion that begins here.


  


MA:Full Steam Ahead on ODF & a Q About Security | 115 comments | Create New Account
Comments belong to whoever posts them. Please notify us of inappropriate comments.
Off-topic here!
Authored by: freeio on Friday, January 06 2006 @ 02:03 PM EST
You know the drill

---
Tux et bona et fortuna est.

[ Reply to This | # ]

OT here please
Authored by: Anonymous on Friday, January 06 2006 @ 02:04 PM EST
If you have interesting "other" comments

[ Reply to This | # ]

Risk? What Risk?
Authored by: Anonymous on Friday, January 06 2006 @ 02:21 PM EST
Any document specification that DEFINES a way of inserting (or invoking)
arbitrary computer code isn't going to be at all "portable", is it?
Like, as soon as MS comes out with the next imcompatible Operating System, ...
at BEST all those old documents are going to be broken, and ... at WORST
(remember MediaMax DRM on VISTA?) the whole new SYSTEM will be broken.

There is no risk here, no risk at all. There is an absolute certainty that this
will completely prevent portability, and will completely open systems to
malicious code execution.

[ Reply to This | # ]

Corrections here please
Authored by: Minsk on Friday, January 06 2006 @ 02:24 PM EST
Might as well contribute it, as we have two OT's at the moment.

And before someone corrects it, "simply by complying, as required, with to
the specification" is from Updegrove's original.

[ Reply to This | # ]

Security Holes
Authored by: dcs on Friday, January 06 2006 @ 02:57 PM EST
Frankly, the security hole issue is mostly irrelevant. That's because security
holes are hardly ever mandated by design, and even when they do it's pretty
simple to just close that door (at the loss of functionality, granted).

Security holes most often belong not to the format, but to the implementation.
So there's no intrinsic hole in JPEG, for instance, but there were many
implementations with security holes in them.

Also, the holes are almost always not format-compliant. Instead, they take
advantage of what happens when one does _not_ follow the
format/protocol/whatever.


---
Daniel C. Sobral

[ Reply to This | # ]

MA:Full Steam Ahead on ODF & a Q About Security
Authored by: Anonymous on Friday, January 06 2006 @ 03:04 PM EST
Am I the only person who has NEVER been able to get ANYTHING to load at
consortiuminfo.com? I'd love to read all these articles PJ and LinuxToday keep
pointing to.

[ Reply to This | # ]

MA:Full Steam Ahead on ODF & a Q About Security
Authored by: Anonymous on Friday, January 06 2006 @ 05:50 PM EST
The answer to your question is illustrated here: *nix running WINE vulnerable to WMF exploit

[ Reply to This | # ]

Apple and data formats
Authored by: Anonymous on Saturday, January 07 2006 @ 08:00 AM EST
link

'The XML Schema for Keynote 1.0 was not actually developed in house; rather it was designed by a set of highly knowledgeable contractors.For the second round of applications (including Keynote 2.0), the XML Schemas were brought in house to Apple and this is where the headaches started.'

...

'To sum up: the second round of file formats were constructed by amateurs.'

--

MadScientist

[ Reply to This | # ]

"Editor, compiler and linker are to hackers ...
Authored by: Anonymous on Saturday, January 07 2006 @ 08:50 AM EST
... what ponies, stirrups, and archery sets were to the Mongols."

A collection of essays that everyone should read are in the zip file downloads (all text files) are at this

link

--

MadScientist

[ Reply to This | # ]

I was one of those cynics. What has changed?
Authored by: Anonymous on Saturday, January 07 2006 @ 09:05 AM EST
Would it really be true that people are getting fed up enough with M$ to finally
do something about it?

While there's still ample stupidity around, I noticed, e.g., that here in
Finland the newspapers reported the _Windows_ WMF vulnerability, not a
_computer_ vulnerability. One could of course explain this as an increase in
general distrust of America due to Bush, but I don't think so: this comes from
the international news wires.

I hope this weather holds ;-)

Reading PJ in the morning always makes me feel better, precisely because
cynicism just seems not to get to her, no matter how depressing the news.

[ Reply to This | # ]

Groklaw © Copyright 2003-2013 Pamela Jones.
All trademarks and copyrights on this page are owned by their respective owners.
Comments are owned by the individual posters.

PJ's articles are licensed under a Creative Commons License. ( Details )