|
MA:Full Steam Ahead on ODF & a Q About Security |
|
Friday, January 06 2006 @ 01:56 PM EST
|
There is a new acting CIO for the Commonwealth of Massachusetts, Bethann Pepoli, and a new statement of support for ODF from the Governor's office.
Here's Andy Updegrove's coverage, and Martin LaMonica's article on CNET, and also you can read an article on TMCnet: Massachusetts has named an acting chief information officer, and the state is "on track" to use OpenDocument-based desktop software next year, a spokesman for the commonwealth's governor said Thursday. LaMonica provides the statement from Eric Fehrnstrom, communications director at Gov. Mitt Romney's office: "There have been no changes in the commonwealth's published OpenDocument rules, and we are still on track for a January 2007 implementation," Fehrnstrom said. The search for a permanent replacement is ongoing. But to all the cynics and depressed souls who thought Microsoft had muscled its way to "victory," I did tell you that it wasn't so, did I not? This is the second public statement of support for Quinn's decision to go with ODF, and from all I know, which is a fair amount, it's solid. Updegrove asks another question about security and MS XML in the light of the recent WMF security hole. It's an important question.
Here's his question: One interesting email that I've received in light of the latest Microsoft security breach (here's one of the many articles on that topic from FT.com) asks whether any other product that supports the eventual XML Reference Schema will be at risk of painting a hacking target on their back, given how tightly Microsoft's Ecma submissions is locked on Office? In other words, if a hacker finds a back door that's required by the Ecma standard, would you have stepped into the same mess simply by complying, as required, with to the specification?
Of course, that could theoretically happen with any specification, but the more granular the spec, the higher the likelihood. But the XML Reference Schema, as I understand it, is more detailed than ODF, in order to ensure backward compatibility and to otherwise serve the needs of existing Office users. And, of course, XMLRS is based upon a product of the most popular hacker target around. We'll be talking more about this in the future. And for those of you who have been wondering where Apple stands on this issue, since it seems to have a foot on both sides of the aisle, you may get some insight by following the discussion that begins here.
|
|
Authored by: freeio on Friday, January 06 2006 @ 02:03 PM EST |
You know the drill
---
Tux et bona et fortuna est.[ Reply to This | # ]
|
- "US$100 laptops will be produced in Shanghai" - Authored by: Anonymous on Friday, January 06 2006 @ 02:08 PM EST
- Bethann Popoli - Authored by: Peter H. Salus on Friday, January 06 2006 @ 02:58 PM EST
- Chat Room Chatter Draws Lawsuit v. AOL-MY OPINION - Authored by: Anonymous on Friday, January 06 2006 @ 04:16 PM EST
- Teclos fees - Authored by: Anonymous on Friday, January 06 2006 @ 04:24 PM EST
- More from CES: "INQUIRER wins Charity PC race " - Authored by: Anonymous on Friday, January 06 2006 @ 04:25 PM EST
- Sony/BMG xcp CD's on shelf at Wal-Mart - Authored by: martinm on Friday, January 06 2006 @ 05:44 PM EST
- Googlepot: "Google Packs Apps to the Desktop" - Authored by: Anonymous on Friday, January 06 2006 @ 07:02 PM EST
- "Oracle and Sun alliance in the works" - Authored by: Anonymous on Friday, January 06 2006 @ 07:10 PM EST
- Virgin Mobile EULA Madness - Authored by: kawabago on Friday, January 06 2006 @ 09:18 PM EST
- Portable OpenOffice - Excellent! - Authored by: rjh on Friday, January 06 2006 @ 11:28 PM EST
- WMF victim report - Authored by: lordshipmayhem on Saturday, January 07 2006 @ 12:45 AM EST
- WMF victim report - Authored by: Anonymous on Saturday, January 07 2006 @ 04:22 AM EST
- Wisconsin voting machine code will be open-source - Authored by: John_Doe#1 on Saturday, January 07 2006 @ 03:00 AM EST
- KDE 3.5 on SUSE 10 in VMWare Player - Authored by: TerryC on Saturday, January 07 2006 @ 06:09 AM EST
- Quick, Watson! The Indictiment! - Authored by: TheBlueSkyRanger on Saturday, January 07 2006 @ 09:49 AM EST
- Dogbert on religion - Authored by: Anonymous on Saturday, January 07 2006 @ 10:36 AM EST
- Google Plea - Authored by: Anonymous on Saturday, January 07 2006 @ 08:25 PM EST
|
Authored by: Anonymous on Friday, January 06 2006 @ 02:04 PM EST |
If you have interesting "other" comments
[ Reply to This | # ]
|
|
Authored by: Anonymous on Friday, January 06 2006 @ 02:21 PM EST |
Any document specification that DEFINES a way of inserting (or invoking)
arbitrary computer code isn't going to be at all "portable", is it?
Like, as soon as MS comes out with the next imcompatible Operating System, ...
at BEST all those old documents are going to be broken, and ... at WORST
(remember MediaMax DRM on VISTA?) the whole new SYSTEM will be broken.
There is no risk here, no risk at all. There is an absolute certainty that this
will completely prevent portability, and will completely open systems to
malicious code execution.[ Reply to This | # ]
|
- Risk? What Risk? - Authored by: Anonymous on Friday, January 06 2006 @ 02:55 PM EST
- Risk? What Risk? - Authored by: Anonymous on Saturday, January 07 2006 @ 02:12 AM EST
|
Authored by: Minsk on Friday, January 06 2006 @ 02:24 PM EST |
Might as well contribute it, as we have two OT's at the moment.
And before someone corrects it, "simply by complying, as required, with to
the specification" is from Updegrove's original.[ Reply to This | # ]
|
|
Authored by: dcs on Friday, January 06 2006 @ 02:57 PM EST |
Frankly, the security hole issue is mostly irrelevant. That's because security
holes are hardly ever mandated by design, and even when they do it's pretty
simple to just close that door (at the loss of functionality, granted).
Security holes most often belong not to the format, but to the implementation.
So there's no intrinsic hole in JPEG, for instance, but there were many
implementations with security holes in them.
Also, the holes are almost always not format-compliant. Instead, they take
advantage of what happens when one does _not_ follow the
format/protocol/whatever.
---
Daniel C. Sobral
[ Reply to This | # ]
|
|
Authored by: Anonymous on Friday, January 06 2006 @ 03:04 PM EST |
Am I the only person who has NEVER been able to get ANYTHING to load at
consortiuminfo.com? I'd love to read all these articles PJ and LinuxToday keep
pointing to.[ Reply to This | # ]
|
|
Authored by: Anonymous on Friday, January 06 2006 @ 05:50 PM EST |
The answer to your question is illustrated here:
*nix running WINE vulnerable to
WMF exploit
[ Reply to This | # ]
|
|
Authored by: Anonymous on Saturday, January 07 2006 @ 08:00 AM EST |
link
'The XML Schema for Keynote 1.0 was not actually developed in house;
rather it was designed by a set of highly knowledgeable contractors.For the
second round of applications (including Keynote 2.0), the XML Schemas were
brought in house to Apple and this is where the headaches
started.'
...
'To sum up: the second round of file formats were
constructed by amateurs.'
--
MadScientist [ Reply to This | # ]
|
|
Authored by: Anonymous on Saturday, January 07 2006 @ 08:50 AM EST |
... what ponies, stirrups, and archery sets were to the Mongols."
A
collection of essays that everyone should read are in the zip file downloads
(all text files) are at this
link
--
MadScientist [ Reply to This | # ]
|
|
Authored by: Anonymous on Saturday, January 07 2006 @ 09:05 AM EST |
Would it really be true that people are getting fed up enough with M$ to finally
do something about it?
While there's still ample stupidity around, I noticed, e.g., that here in
Finland the newspapers reported the _Windows_ WMF vulnerability, not a
_computer_ vulnerability. One could of course explain this as an increase in
general distrust of America due to Bush, but I don't think so: this comes from
the international news wires.
I hope this weather holds ;-)
Reading PJ in the morning always makes me feel better, precisely because
cynicism just seems not to get to her, no matter how depressing the news.
[ Reply to This | # ]
|
|
|
|
|