OOXML: Nobody knows (or cares) what it is for or why.

I’ve not penned much on OOXML for quite a while mainly because there really doesn’t seem to be much interest in it outside of a small circle of Microsoft lackeys and puppy dogs. Even MS themselves are making more noise about implementing native ODF support with the just-released SP2 for Office 2007.

Anyway – two blog posts crept on my radar today that are worthy of mention and the cause for my writing at all.

This one from the ever vigilant and articulate Glyn Moody about how no-one seems to be that interested in OOXML any more and some possible reasoning behind the apparent apathy.

The other quite literally had me in hysterics (ROTFL). It’s not the post so much as the comments attached to it. Apparently those few who remain interested in OOXML enjoy nothing more than discussing between themselves what OOXML is for and how various versions of the notorious specification should be augmented/updated or even simply maintained.

The debate is on such things as should the “Transitional” format be forward or backward looking and if the later then it shouldn’t be Transitional but Strict. Hmmm – yes I hear you say gripping stuff. Here’s a snippet from one of the comments just to whet your appetite:

So, ECMA-376 (1ed) is “looking back”, but ISO-29500 Transitional is not simply “looking back”: it is a “mutant”, that is both looking backward and looking forward. ISO 29500 Strict is indeed “looking forward”.

For those readers who “have a life” and missed all the excitement of 2007/8 a brief synopsis of the history goes something like this:

Microsoft implemented OOXML (their XML based file format which is essentially a binary dump of the memory footprint of your document wrapped in an amazingly obscure and illegible XML schema) in Office 2007. You may have even received the odd file with a .docx or .xlsx extension. Then some kind of panic happened in MS and they decided that because Governments and other public bodies were asking for ODF (ISO/IEC 26300 Open Document Format supported by many applications including OpenOffice.org) they’d better get OOXML standardised too. So in a rush job, Microsoft’s specification publicist ECMA took the format used on Office 2007, got the developer documentation and wrote a bit more stuff around it and published it as ECMA 376. It then got submitted to the ISO for “fast tracking”. Oh yes, did I mention the “specification” was over 6000 pages long? Needless to say there was lots of argy bargy back and forth, the document got changed quite a bit, lots of money changed hands, loads of small countries from the developing world suddenly got very interested in XML Document Specifications and decided to become paid up members of the standards bodies and the specification scraped through about a year ago to become probably the worst example of a supposed International standard the world has ever seen (IMHO).

Do be advised also that today, as far as I am aware. there is no currently available end-user product (free or commercial) for reading and writing ISO IEC 29500 (OOXML) files. Microsoft Office 2007 doesn’t; it supports something similar to the first edition of ECMA 376 but probably not quite the same and I’m not sure anyone really cares anyway.

But do go and read the discussion on this blog post. Even if you don’t really understand it, the discussion of such irrelevant minutiae and semantics really does show to me that even those who support and think it is a useful and worthwhile specification don’t really know what it is for…

Here’s a bit more just to highlight the trouble they are all having:

Thanks for the clarification. “Transitional”, at present, is definitely looking like the superset of “Strict” the way you explained. The word “transitional”, however says to be that it is temporary. If we insist “transitional” will always be the superset, then there is no way “Transitional” will ever be a temporary thing.

Moreover, with the superset definition, it means anything that makes it into “strict” will automatically make it into “transitional”, which will make Brown’s statement that the working group is considering mirroring new features into “transitional” moot.

I will say “transitional” is the superset of “strict”, with a time limit imposed. Therefore, for a limited time only, it can be “looking forward”. What is happening is someone forgotten to specify the time limit, which leads to the discussion whether new features in “strict” should be mirrored into “transition”.

To me, it does not make sense to put new features introduced in Office 14 into “Transitional”. “Strict”? Yes, but not “transitional” since it unnecessarily extended the time frame for “transitional”.

One question still remains, how does one add new features to Transitional or Strict given the charter can be read to exclude new features introduced in future version of MS Office, including Office 14?

On the ‘Open Source, Open Standards and Re-Use: UK Government Action Plan’

As anyone interested in the politics and wider adoption of FOSS will know by now, the UK Government recently released an updated policy statement regarding “Open Source and Open Standards”. I made a brief comment on it when the news broke, but have now had more time to consider the document in more depth.

Firstly, It’s quite minor but nevertheless a shame that the pdf document was issued using Arial and Times New Roman embedded fonts that are not available on a free license. This leads me nicely to my second general point.

Why is there no mention of “Free Software“? There is a distinction between Open Source and Free software that, for some at least, is extremely important.

Anyway, having now read the pdf policy document in full, I want to air my thoughts on it.

After the preamble and introduction, in ‘The Way Forward’ we read this:

The Government considers that in order to deliver its key objectives a programme of positive action is now needed to ensure that there is an effective „level playing field‟ between open source and proprietary software and to realise the potential contribution open source software can make to wider aims of re-use and open standards. This programme needs to consist both of a more detailed statement of policies and of practical actions by government and its suppliers.

Notice how this is discussing a programme to generate policy statements and actions. I actually reckon this is really good stuff but am a little concerned about the fact there aren’t any demonstrable programmes or actions already created. In other words, it looks like we’ll have to wait for the bureaucrats to get their ink flowing before anything “real” happens. There are some actions at the end of the document, and although they are worthy in themselves they are rather broad and easy to spend years developing. Small, precise, tactical actions are what is required IMHO.

The objectives of the “programme” itself are pretty darn good from what I can tell. They read like a manifesto from RMS himself…

1. ensure that the Government adopts open standards and uses these to communicate with the citizens and businesses that have adopted open source solutions.

Nice – can I send documents to my MP or local council in ODF today then? (see toward the end of this piece) I don’t use any proprietary software in my business nor home (apart from my wife’s PC that is shortly to become Free too).

2. ensure that open source solutions are considered properly and, where they deliver best value for money (taking into account other advantages, such as re-use and flexibility) are selected for Government business solutions.

Once you do really take into account “re-use” it gets pretty hard to see how proprietary software represents value for money [“Sure Mr. Brown, just buy one copy of Office 2010 and re-use it across the country!”]. I look forward to seeing some detail here and the procurement guidlines for “properly” considering open source solutions.

5. ensure that there are no procedural barriers to the adoption of open source products within government, paying particular regard to the different business models and supply chain relationships involved.

Nice. Good objective.

The next section (6) is called “Policy” and stipulates the policy in broad but laudable terms:

(1) The Government will actively and fairly consider open source solutions alongside proprietary ones in making procurement decisions,

(2) Procurement decisions will be made on the basis on the best value for money solution to the business requirement, taking account of total lifetime cost of ownership of the solution, including exit and transition costs, after ensuring that solutions fulfil minimum and essential capability, security, scalability, transferability, support and manageability requirements.

(3) The Government will expect those putting forward IT solutions to develop where necessary a suitable mix of open source and proprietary products to ensure that the best possible overall solution can be considered.

(4) Where there is no significant overall cost difference between open and non-open source products, open source will be selected on the basis of its additional inherent flexibility.

These first policy item is sort of a catch-all but is quite vague and unmeasurable. I really want to see how they intend to implement, monitor and correct the bad procurement decisions.

The second and third points are indeed measurable and quite clear in their demands which is great.

The forth sounds very promising but again I’d want to know the detail; how the overall cost of the procurement can really be measured when you are comparing apples and oranges. This is a very difficult one to get right and the commercial vendors have many years of practice at coming up with exceptionally (ahem) creative pricing.

The Policy then goes onto non-open source software guidance:

Non-Open Source Software

(5) The Government will, wherever possible, avoid becoming locked in to proprietary software. In particular it will take exit, rebid and rebuild costs into account in procurement decisions and will require those proposing proprietary software to specify how exit would be achieved.

(6) Where non open source products need to be purchased, Government will expect licences to be available for all public sector use and for licences already purchased to be transferable within the public sector without further cost or limitation. The Government will where appropriate seek pan-government agreements with software suppliers which ensure that government is treated as a single entity for the purposes of volume discounts and transferability of licences.

Nice: “The Government will, wherever possible, avoid becoming locked in to proprietary software.” A fine objective if ever I read one.

I’m not sure about number 6 though. I guess it depends largely on existing contracts as to the flexibility they have with their current licenses but this must be sending shivers through Redmond right now.

Open Standards didn’t get much coverage. I guess it says what it must but open standards are one of the reasons we have FOSS today. The IETF who gave us amongst others RFC 793 and 791 (without which the Internet wouldn’t exist) and the W3C who protect and publish the open specifications for the world wide web are light-years ahead of the ISO as we have seen recently with the OOXML debacle. At least this part of the policy will be very easy to monitor. Send your Doctor, MP or Councillor an ODF document for example.

For IT and digital standards, the ISO is becoming totally redundant. Thinking back to when I was a lad, we had X.25, X.400, X.500, the ISO 7 layer reference model OSI and a ludicrously complex network management protocol known as CMIP. In their full specifications, these are all virtually obsolete now although some have been used in a cut-down form for modern standards like LDAP for example. But the reality is the ISO/ITU (CCITT) take too long, and try to be too clever. So Mr Brown and Mr. Watson, please do be careful – there are standards, and then there are standards…

The “Re-use” section gets really interesting and shows quite a good understanding of what FOSS is all about. But how on earth do they expect to achieve this

… look to secure full rights to bespoke software code or customisations of commercial off the shelf products it procures, so as to enable straightforward re-use elsewhere in the public sector.

without paying an arm and a leg for it. Can you imagine Larry or Steve agreeing to giving “full rights” (whatever that means) without a blank cheque? I can’t. In the same paragraph the following sentence is a really excellent policy:

Where appropriate, general purpose software developed for government will be released on an open source basis.

In the US public sector they have, for some time I believe, had a policy that basically means stuff created by and on-behalf of the public belongs to the public and is in the public domain. When I read stuff like this from what is the most draconian Government we have had in generations I am somewhat sceptical and really wonder how much actual input Number 10 and the policy makers have had in this document. The state that wants to restrict the citizen’s liberty whilst protecting the state itself so judiciously doesn’t feel like the same state that will write open source software. Time will tell on this one.

In the final section “Action Plan” there are 10 actions presented for the Government. These actions cover producing published guidance on procurement which will include words like:

a standard form of words for Statements of Requirements to state positively that the Government’s policy is to consider open source solutions on their merits according to total lifetime cost of ownership.

and

The CIO Council and the OGC, working with industry and drawing on best practice from other countries, will institute a programme of education and capability-building for the Government IT and Procurement professions on the skills needed to evaluate and make the best use of open source solutions . The aim will be to raise the level of awareness, skills and confidence in the professions in the different licensing, support, commercial and cost models associated with open source solutions.

Which is very interesting to an Open Source Consulting Business like my own 😉

As is the following which I feel is particularly strongly worded compared with the rest of the document:

Government Departments will challenge their suppliers to demonstrate that they have capability in open source and that open source products have been actively considered in whole or as part of the business solution which they are proposing. Where no overall open source solution is available suppliers will be expected to have considered the use of open source products within the overall solution to optimise the cost of ownership. Particular scrutiny will be directed where mature open source products exist and have already been used elsewhere in government. Suppliers putting forward non-open source products will be asked to provide evidence that they have carefully considered open source alternatives and to explain why they have been rejected.

Well, well, well:

The Government will specify requirements by reference to open standards and require compliance with open standards in solutions where feasible. It will support the use of Open Document Format (ISO/IEC 26300:2006) as well as emerging open versions of previously proprietary standards (eg ISO 19005-1:2005 (“PDF”) and ISO/IEC 29500 (“Office Open XML formats”). It will work to ensure that government information is available in open formats, and it will make this a required standard for government websites.

Can I say that again… “The Government will support the use of ODF” and a lovely phrase for OOXML “open versions of previously proprietary standards”. That’s possibly the kindest description of the worst specification ever written. Kudos for the clear mandate for ODF.

The last action is probably the most important of the lot:

Government will communicate this policy and its associated actions widely and will expand it as necessary. It will engage with the Open Source community and actively encourage projects that might, in due course, develop into „Government Class‟ products. It will keep the policy and progress on the actions under review, and report on progress publicly.

Firstly, I want to see how this policy is going to be communicated to the huge oil tanker called the UK Government. Secondly, it is spot on to want to engage with the FOSS Community but they will have to put in place some mechanisms, resources, on-line locations etc. where this engagement can take place. And the Government will have to learn very fast that for FOSS to work, the community has to collaborate in all directions and its members must give as much, if not more, than they take to get real benefit. It’s a bit like love… The more you give, the more you get back.

My biggest concern with this is the executive. Over the last 10 years or so their insistence on draconian lawmaking and interference in our liberty does make me sceptical about the commitment from the top dogs and hence the drive to pull this off. But, I will support this effort in whatever way I can until that scepticism is either proved wrong or right.

To conclude this rather long post then, I think this could be a huge and historical turning point in the health of FOSS here in the UK and I am very excited about the tone and sentiment behind this policy document. The authors (Our Government) have started to roll a very large ball down a very long slope. If the current Government do not take this seriously, or should the administration change and turn away, then the ball will roll out of control. If they do what they say and keep close to the community then I honestly believe there could a very bright future ahead of us.

OOXML Fataly Flawed?

Thanks to Roy’s tenacity and constant vigilance, I have learned how it now appears the MS Office binary format that is wrapped in XML and is now known as IS 29500 (OOXML), an ISO Standard Office Document Specification (ROTFL), is giving hackers everywhere a field day.

It is now official and also confirmed that OOXML files are not just insecure but there are also persistent attacks against new flaws (without any security patches being available, i.e. zero-day).

There are some good links and sources to this article so recommended reading for anyone who is considering using Office 2007 or receives an OOXML document (the ones ending in x, e.g docx, pptx and xlsx). IMHO your automatic response should be to return it directly to the sender, do not attempt to open it, and ask for them to send it to you in an open format such as ODF or PDF or even plain text. I would also suggest that you provide a link to OpenOffice.org in the reply.

In the last few scant months, there have been several major and very serious security flaws and attack opportunities with Microsoft’s software. Surely, it must be becoming clear to everyone by now:

If the foundations are weak, the walls crumbling, the windows broken and the roof collapsing; it’s time to move.

OOXML: Flogging a Dead Horse

I am continually amazed by the amount of time, energy and expense that the ISO are going to to support the standard that nobody really wants or believes (in except for one corporation and it’s paid lackeys of course). Yes, it’s IS29500 (OOXML to you and me).

In the last few weeks we have had coverage with some lovely photos of the events taking place in Korea from that bastion of fair play and honesty Alex Brown. How the poor live eh? All sponsored by our friends and yours: Microshaft. Well actually, if you buy their software, you have probably been paying for the luxury hotels, drinks and food.

We have also heard how the Norwegian NB (National Body), that actually voted against OOXML becoming a standard but were ignored, has resigned en-masse:

We end our work with Standard Norway because:

  • The administration of Standard Norway trust 37 identical letters from Microsoft partners more than their own technical committee.
  • The process within Standard Norway has been unpredictable and the administration has changed the rules along the way.
  • Standard Norway and ISO have committed a series of violations of their own rules and other irregularities in the OOXML process.

“Standard Norway has overruled hundreds of thousands of users in the public and private sectors”, says Martin Bekkelund.

The mass-copied Microsoft-letter did not contain a single professional argument. Standard Norway first said that these kinds of statements would not be given any weight. However, at the end of the process they changed their mind and emphasized the Microsoft letters. Thereby, Standard Norway misled the committee members.

And we have also seen IBM – a conservative corporation by any measure – making a public statement about the standards process needing reform. Bob Sutor expands on the announcement:

I’ve asked before in this blog if we don’t need some sort of full disclosure from standards participants. In the wiki IBM facilitated last summer, there was a good discussion of the notions of open government and how these might apply to standards making. Over time various votes on standards will be won or lost. I think an open, transparent organization should help users and other stakeholders understand who voted how and why. This is especially true for organizations that represent countries. We must have and understand accountability.

Not very clouded words for “ISO: Sort out your house or become an irrelevance”.

And we also had, back in September, the signed declaration by 6 countries – Brazil, Cuba, Ecuador, Paraguay, South Africa and Venezuela – deploring the refusal of ISO and IEC to further review the appeals submitted by the National Bodies of four nations.

And in support of ODF we have – almost daily it seems – countries, public bodies & departments and corporations requiring/mandating [PDF] the use of the open and royalty-free ODF to store their documents. Here some of the countries that have (or are) adopted ODF: Belgium, Brazil, Croatia, Denmark, France, Japan, Malaysia, The Netherlands, Norway, Poland, Russia, South Africa, Switzerland and Uruguay. Many others are close on their heels.

Which countries have formally adopted OOXML? Which countries have said they are thinking about adopting OOXML? I have yet to see any. Perhaps Côte d’Ivoire might eh?

But OOXML is not quite dead yet. There is a danger. And one we must all be vigilant toward: There is a possibility of Microshaft and it’s Lackeys trying to gain control of the maintenance of the ODF standard. Currently this is handled by the very open and transparent OASIS organisation. This process might end up being transferred to ISO under the guise of a group known as SC34. This committee is loaded full of Microsoft puppets – several of whom are British and have shown a total disregard for due process to this date.

Perhaps the title shouldn’t be “flogging a dead horse” but more of a “dead cat bounce“.

ISO/IEC officially redundant and history

Thanks to Andy Updegrove for bringing this to our attention.

CONSEGI 2008 DECLARATION

We, the undersigned representatives of state IT organisations from Brazil, South Africa, Venezuela, Ecuador, Cuba and Paraguay, note with disappointment the press release from ISO/IEC/JTC-1 of 20 August regarding the appeals registered by the national bodies of Brazil, South Africa, India and Venezuela. Our national bodies, together with India, had independently raised a number of serious concerns about the process surrounding the fast track approval of DIS29500. That those concerns were not properly addressed in the form of a conciliation panel reflects poorly on the integrity of these international standards development institutions.

Whereas we do not intend to waste any more resources on lobbying our national bodies to pursue the appeals further, we feel it is important to make the following points clear:

  1. The bending of the rules to facilitate the fast track processing of DIS29500 remains a significant concern to us. That the ISO TMB did not deem it necessary to properly explore the substance of the appeals must, of necessity, put confidence in those institutions ability to meet our national requirements into question.
  2. The overlap of subject matter with the existing ISO/IEC26300 (Open Document Format) standard remains an area of concern. Many of our countries have made substantial commitments to the use of ISO/IEC26300, not least because it was published as an ISO standard in 2006.
  3. The large scale adoption of a standard for office document formats is a long and expensive exercise, with multi-year projects being undertaken in each of our countries. Many of us have dedicated significant time and resources to this effort. For example, in Brazil, the process of translation of ISO/IEC26300 into Portuguese has taken over a year.

The issues which emerged over the past year have placed all of us at a difficult crossroads. Given the organisation’s inability to follow its own rules we are no longer confident that ISO/IEC will be capable of transforming itself into the open and vendor-neutral standards setting organisation which is such an urgent requirement. What is now clear is that we will have to, albeit reluctantly, re-evaluate our assessment of ISO/IEC, particularly in its relevance to our various national government interoperability frameworks. Whereas in the past it has been assumed that an ISO/IEC standard should automatically be considered for use within government, clearly this position no longer stands.

Signed:

Aslam Raffee (South Africa)
Chairman, Government IT Officer’s Council Working Group on Open Standards Open Source Software

Marcos Vinicius Ferreira Mazoni (Brazil)
Presidente, Servico Federal de Processamento de Dados

Carlos Eloy Figueira (Venezuela)
President, Centro Nacional de Tecnologías de Información

Eduardo Alvear Simba (Ecuador)
Director de Software Libre, Presidencia de la República

Tomas Ariel Duarte C. (Paraguay)
Director de Informática, Presidencia de la República

Miriam Valdés Abreu (Cuba)
Directora de Análisis, Oficina para la Informatización.

Ouch!

The above is a joint and public statement from the State IT bodies of Brazil, South Africa, Venezuela, Ecuador, Cuba and Paraguay when they met at a conference CONSEGI 2008 at the end of last week.

It is a really important development in the OOXML (DIS29500) fiasco and one that confirms what I have been saying for some time now; that ISO/IEC, in respect to ICT standards at least, are finished. They have no trust in ISO’s ability to produce Open Standards any more.

I was particulary interested in how much effort has been put into supporting IS26300 which was approved in 2006 and is now in widespread use around the world. This is the default (and currently the only really open standards) document format in many office suites like OpenOffice.org and also on many of the on-line services like Google Docs. It will even be supported in the next SP to, and release of, Microsoft’s Office product before they get around to delivering DIS29500 – if they ever do that is.

This has really been a sorry affair for ISO. They have lost all credibility, have been shafted well and truly by M$/ECMA and now are being told to “F” off in no uncertain terms by nation state IT organisations. What a complete mess.

ISO gives up on IT Standards: approves OOXML

So, as everyone thought would happen, the naive and sycophantic ISO and IEC bodies have decided to ignore the appeals, the scandalous bribery and corruption of their hitherto decent standing and approve ISO/IEC DIS 29500 (OOXML to you and me).

The two ISO and IEC technical boards have given the go-ahead to publish ISO/IEC DIS 29500, Information technology – Office Open XML formats, as an ISO/IEC International Standard after appeals by four national standards bodies against the approval of the document failed to garner sufficient support.

And toward the end of the rather short press release they come up with this real gem:

The adoption process of Office Open XML (OOXML) as an ISO/IEC Standard has generated significant debate related to both technical and procedural issues which have been addressed according to ISO and IEC procedures.

Understating the blindingly obvious or what? And just what has been addressed exactly? Nothing it seems to me. They have just bent over and let M$ shove their specification where the sun don’t shine.

But, as we near the end of this farce and fiasco, I think there are a couple of ironies which mark the approval of OOXML, and the process surrounding, ultimately as being little more that a damp squib.

  • The decision by Microshaft themselves to not bother with OOXML in their next Office release and to, even more amazingly, deliver native support for ODF.
  • The fiasco has shown that ISO/IEC is basically now an irrelevance when it comes to defining useful standards within the sphere of IT. They are too slow, too ponderous and too “up-their-own-arses” to be able to recognise when they have been shafted.

We have plenty of excellent standardisation bodies which have fundamentally driven the creation of the Internet and they have all used community-based, open processes. IETF, W3C and so on.

All I remember the ISO ever giving me in IT was the notorious OSI 7 Layer Model way back in the 80s. And what happened to it? It died almost before it was born because an open, easy to implement and flexible protocol stack called TCP/IP came along…

Bye Bye ISO.

Next Page »