Software Patents: The new MAD

With the recent news of Microsoft being told to stop selling MS Word in the US due to it’s infringement of a patent owned by i4i I am really hopeful that perhaps, just perhaps, someone will start to realise just how MAD this all is.

Reading the first story I linked to, there is a reasonably understandable explanation of the patent in question but lets be honest here. Does this sound like an truly new and innovative invention?

“What we have developed at i4i is what’s customarily referred to as ‘customer-centric’ or ‘custom XML,’ which is allowing people to create customer-driven schema — we’ll call it templates or forms. So, while XML is used to tag and to mark the data that’s created, our technology is used to create the whole schema and the management of the data.”

They’ve managed to patent the ability to create your own schema by the sounds of that. Isn’t that what XML is for?

Anyway, I can’t see the good ‘ole boys really winning in the long run. I’m sure it will get over turned when hopefully someone shows up with some prior-art. But it seems to me that with this ridiculous system in the States, they are building their own new version of the Cold War. Remember Mutually Assured Destruction? That’s where they are now.

Businesses like Microsoft, IBM and others build vast portfolios of patents on the most ridiculous things not for their inherent value, but mainly as a safeguard against being sued for infringing someone else’s equally ridiculous patent. ‘If you sue me for patent xyz, then we’ll sue you with zyx’. Then we have the other wonderful group of [ahem] businesses known as Patent Trolls who bring nothing to the party except litigation. Nice.

Who wins out of all this in the long run? The worst group of parasites on the planet (yes, even worse than estate agents): Lawyers.

Surely, the US Government must see the stupidity and waste that this daft situation has created? I really hope that this is the litigious straw that will break the back of the patent camel.

Finally, get this. The last paragraph of that story reports on a patent that Microsoft has just been granted, which they applied for several years ago.

Word-processing document stored in a single XML file that may be manipulated by applications that understand XML

A word processor including a native XML file format is provided. The well formed XML file fully represents the word-processor document, and fully supports 100% of word-processor’s rich formatting. There are no feature losses when saving the word-processor documents as XML. A published XSD file defines all the rules behind the word-processor’s XML file format. Hints may be provided within the XML associated files providing applications that understand XML a shortcut to understanding some of the features provided by the word-processor. The word-processing document is stored in a single XML file. Additionally, manipulation of word-processing documents may be done on computing devices that do not include the word-processor itself.

Hmmm – this appears to have far reaching implications. OOXML, ODF, any word processor supporting XML file formats… Jeez. How the f**k can you call this an invention?

Please, UK Government and the EU Commission, don’t let the patent trolls of the world make you think that software patents are a “good thing”.

OOXML: Nobody knows (or cares) what it is for or why.

I’ve not penned much on OOXML for quite a while mainly because there really doesn’t seem to be much interest in it outside of a small circle of Microsoft lackeys and puppy dogs. Even MS themselves are making more noise about implementing native ODF support with the just-released SP2 for Office 2007.

Anyway – two blog posts crept on my radar today that are worthy of mention and the cause for my writing at all.

This one from the ever vigilant and articulate Glyn Moody about how no-one seems to be that interested in OOXML any more and some possible reasoning behind the apparent apathy.

The other quite literally had me in hysterics (ROTFL). It’s not the post so much as the comments attached to it. Apparently those few who remain interested in OOXML enjoy nothing more than discussing between themselves what OOXML is for and how various versions of the notorious specification should be augmented/updated or even simply maintained.

The debate is on such things as should the “Transitional” format be forward or backward looking and if the later then it shouldn’t be Transitional but Strict. Hmmm – yes I hear you say gripping stuff. Here’s a snippet from one of the comments just to whet your appetite:

So, ECMA-376 (1ed) is “looking back”, but ISO-29500 Transitional is not simply “looking back”: it is a “mutant”, that is both looking backward and looking forward. ISO 29500 Strict is indeed “looking forward”.

For those readers who “have a life” and missed all the excitement of 2007/8 a brief synopsis of the history goes something like this:

Microsoft implemented OOXML (their XML based file format which is essentially a binary dump of the memory footprint of your document wrapped in an amazingly obscure and illegible XML schema) in Office 2007. You may have even received the odd file with a .docx or .xlsx extension. Then some kind of panic happened in MS and they decided that because Governments and other public bodies were asking for ODF (ISO/IEC 26300 Open Document Format supported by many applications including OpenOffice.org) they’d better get OOXML standardised too. So in a rush job, Microsoft’s specification publicist ECMA took the format used on Office 2007, got the developer documentation and wrote a bit more stuff around it and published it as ECMA 376. It then got submitted to the ISO for “fast tracking”. Oh yes, did I mention the “specification” was over 6000 pages long? Needless to say there was lots of argy bargy back and forth, the document got changed quite a bit, lots of money changed hands, loads of small countries from the developing world suddenly got very interested in XML Document Specifications and decided to become paid up members of the standards bodies and the specification scraped through about a year ago to become probably the worst example of a supposed International standard the world has ever seen (IMHO).

Do be advised also that today, as far as I am aware. there is no currently available end-user product (free or commercial) for reading and writing ISO IEC 29500 (OOXML) files. Microsoft Office 2007 doesn’t; it supports something similar to the first edition of ECMA 376 but probably not quite the same and I’m not sure anyone really cares anyway.

But do go and read the discussion on this blog post. Even if you don’t really understand it, the discussion of such irrelevant minutiae and semantics really does show to me that even those who support and think it is a useful and worthwhile specification don’t really know what it is for…

Here’s a bit more just to highlight the trouble they are all having:

Thanks for the clarification. “Transitional”, at present, is definitely looking like the superset of “Strict” the way you explained. The word “transitional”, however says to be that it is temporary. If we insist “transitional” will always be the superset, then there is no way “Transitional” will ever be a temporary thing.

Moreover, with the superset definition, it means anything that makes it into “strict” will automatically make it into “transitional”, which will make Brown’s statement that the working group is considering mirroring new features into “transitional” moot.

I will say “transitional” is the superset of “strict”, with a time limit imposed. Therefore, for a limited time only, it can be “looking forward”. What is happening is someone forgotten to specify the time limit, which leads to the discussion whether new features in “strict” should be mirrored into “transition”.

To me, it does not make sense to put new features introduced in Office 14 into “Transitional”. “Strict”? Yes, but not “transitional” since it unnecessarily extended the time frame for “transitional”.

One question still remains, how does one add new features to Transitional or Strict given the charter can be read to exclude new features introduced in future version of MS Office, including Office 14?

On the ‘Open Source, Open Standards and Re-Use: UK Government Action Plan’

As anyone interested in the politics and wider adoption of FOSS will know by now, the UK Government recently released an updated policy statement regarding “Open Source and Open Standards”. I made a brief comment on it when the news broke, but have now had more time to consider the document in more depth.

Firstly, It’s quite minor but nevertheless a shame that the pdf document was issued using Arial and Times New Roman embedded fonts that are not available on a free license. This leads me nicely to my second general point.

Why is there no mention of “Free Software“? There is a distinction between Open Source and Free software that, for some at least, is extremely important.

Anyway, having now read the pdf policy document in full, I want to air my thoughts on it.

After the preamble and introduction, in ‘The Way Forward’ we read this:

The Government considers that in order to deliver its key objectives a programme of positive action is now needed to ensure that there is an effective „level playing field‟ between open source and proprietary software and to realise the potential contribution open source software can make to wider aims of re-use and open standards. This programme needs to consist both of a more detailed statement of policies and of practical actions by government and its suppliers.

Notice how this is discussing a programme to generate policy statements and actions. I actually reckon this is really good stuff but am a little concerned about the fact there aren’t any demonstrable programmes or actions already created. In other words, it looks like we’ll have to wait for the bureaucrats to get their ink flowing before anything “real” happens. There are some actions at the end of the document, and although they are worthy in themselves they are rather broad and easy to spend years developing. Small, precise, tactical actions are what is required IMHO.

The objectives of the “programme” itself are pretty darn good from what I can tell. They read like a manifesto from RMS himself…

1. ensure that the Government adopts open standards and uses these to communicate with the citizens and businesses that have adopted open source solutions.

Nice – can I send documents to my MP or local council in ODF today then? (see toward the end of this piece) I don’t use any proprietary software in my business nor home (apart from my wife’s PC that is shortly to become Free too).

2. ensure that open source solutions are considered properly and, where they deliver best value for money (taking into account other advantages, such as re-use and flexibility) are selected for Government business solutions.

Once you do really take into account “re-use” it gets pretty hard to see how proprietary software represents value for money [“Sure Mr. Brown, just buy one copy of Office 2010 and re-use it across the country!”]. I look forward to seeing some detail here and the procurement guidlines for “properly” considering open source solutions.

5. ensure that there are no procedural barriers to the adoption of open source products within government, paying particular regard to the different business models and supply chain relationships involved.

Nice. Good objective.

The next section (6) is called “Policy” and stipulates the policy in broad but laudable terms:

(1) The Government will actively and fairly consider open source solutions alongside proprietary ones in making procurement decisions,

(2) Procurement decisions will be made on the basis on the best value for money solution to the business requirement, taking account of total lifetime cost of ownership of the solution, including exit and transition costs, after ensuring that solutions fulfil minimum and essential capability, security, scalability, transferability, support and manageability requirements.

(3) The Government will expect those putting forward IT solutions to develop where necessary a suitable mix of open source and proprietary products to ensure that the best possible overall solution can be considered.

(4) Where there is no significant overall cost difference between open and non-open source products, open source will be selected on the basis of its additional inherent flexibility.

These first policy item is sort of a catch-all but is quite vague and unmeasurable. I really want to see how they intend to implement, monitor and correct the bad procurement decisions.

The second and third points are indeed measurable and quite clear in their demands which is great.

The forth sounds very promising but again I’d want to know the detail; how the overall cost of the procurement can really be measured when you are comparing apples and oranges. This is a very difficult one to get right and the commercial vendors have many years of practice at coming up with exceptionally (ahem) creative pricing.

The Policy then goes onto non-open source software guidance:

Non-Open Source Software

(5) The Government will, wherever possible, avoid becoming locked in to proprietary software. In particular it will take exit, rebid and rebuild costs into account in procurement decisions and will require those proposing proprietary software to specify how exit would be achieved.

(6) Where non open source products need to be purchased, Government will expect licences to be available for all public sector use and for licences already purchased to be transferable within the public sector without further cost or limitation. The Government will where appropriate seek pan-government agreements with software suppliers which ensure that government is treated as a single entity for the purposes of volume discounts and transferability of licences.

Nice: “The Government will, wherever possible, avoid becoming locked in to proprietary software.” A fine objective if ever I read one.

I’m not sure about number 6 though. I guess it depends largely on existing contracts as to the flexibility they have with their current licenses but this must be sending shivers through Redmond right now.

Open Standards didn’t get much coverage. I guess it says what it must but open standards are one of the reasons we have FOSS today. The IETF who gave us amongst others RFC 793 and 791 (without which the Internet wouldn’t exist) and the W3C who protect and publish the open specifications for the world wide web are light-years ahead of the ISO as we have seen recently with the OOXML debacle. At least this part of the policy will be very easy to monitor. Send your Doctor, MP or Councillor an ODF document for example.

For IT and digital standards, the ISO is becoming totally redundant. Thinking back to when I was a lad, we had X.25, X.400, X.500, the ISO 7 layer reference model OSI and a ludicrously complex network management protocol known as CMIP. In their full specifications, these are all virtually obsolete now although some have been used in a cut-down form for modern standards like LDAP for example. But the reality is the ISO/ITU (CCITT) take too long, and try to be too clever. So Mr Brown and Mr. Watson, please do be careful – there are standards, and then there are standards…

The “Re-use” section gets really interesting and shows quite a good understanding of what FOSS is all about. But how on earth do they expect to achieve this

… look to secure full rights to bespoke software code or customisations of commercial off the shelf products it procures, so as to enable straightforward re-use elsewhere in the public sector.

without paying an arm and a leg for it. Can you imagine Larry or Steve agreeing to giving “full rights” (whatever that means) without a blank cheque? I can’t. In the same paragraph the following sentence is a really excellent policy:

Where appropriate, general purpose software developed for government will be released on an open source basis.

In the US public sector they have, for some time I believe, had a policy that basically means stuff created by and on-behalf of the public belongs to the public and is in the public domain. When I read stuff like this from what is the most draconian Government we have had in generations I am somewhat sceptical and really wonder how much actual input Number 10 and the policy makers have had in this document. The state that wants to restrict the citizen’s liberty whilst protecting the state itself so judiciously doesn’t feel like the same state that will write open source software. Time will tell on this one.

In the final section “Action Plan” there are 10 actions presented for the Government. These actions cover producing published guidance on procurement which will include words like:

a standard form of words for Statements of Requirements to state positively that the Government’s policy is to consider open source solutions on their merits according to total lifetime cost of ownership.

and

The CIO Council and the OGC, working with industry and drawing on best practice from other countries, will institute a programme of education and capability-building for the Government IT and Procurement professions on the skills needed to evaluate and make the best use of open source solutions . The aim will be to raise the level of awareness, skills and confidence in the professions in the different licensing, support, commercial and cost models associated with open source solutions.

Which is very interesting to an Open Source Consulting Business like my own ;-)

As is the following which I feel is particularly strongly worded compared with the rest of the document:

Government Departments will challenge their suppliers to demonstrate that they have capability in open source and that open source products have been actively considered in whole or as part of the business solution which they are proposing. Where no overall open source solution is available suppliers will be expected to have considered the use of open source products within the overall solution to optimise the cost of ownership. Particular scrutiny will be directed where mature open source products exist and have already been used elsewhere in government. Suppliers putting forward non-open source products will be asked to provide evidence that they have carefully considered open source alternatives and to explain why they have been rejected.

Well, well, well:

The Government will specify requirements by reference to open standards and require compliance with open standards in solutions where feasible. It will support the use of Open Document Format (ISO/IEC 26300:2006) as well as emerging open versions of previously proprietary standards (eg ISO 19005-1:2005 (“PDF”) and ISO/IEC 29500 (“Office Open XML formats”). It will work to ensure that government information is available in open formats, and it will make this a required standard for government websites.

Can I say that again… “The Government will support the use of ODF” and a lovely phrase for OOXML “open versions of previously proprietary standards”. That’s possibly the kindest description of the worst specification ever written. Kudos for the clear mandate for ODF.

The last action is probably the most important of the lot:

Government will communicate this policy and its associated actions widely and will expand it as necessary. It will engage with the Open Source community and actively encourage projects that might, in due course, develop into „Government Class‟ products. It will keep the policy and progress on the actions under review, and report on progress publicly.

Firstly, I want to see how this policy is going to be communicated to the huge oil tanker called the UK Government. Secondly, it is spot on to want to engage with the FOSS Community but they will have to put in place some mechanisms, resources, on-line locations etc. where this engagement can take place. And the Government will have to learn very fast that for FOSS to work, the community has to collaborate in all directions and its members must give as much, if not more, than they take to get real benefit. It’s a bit like love… The more you give, the more you get back.

My biggest concern with this is the executive. Over the last 10 years or so their insistence on draconian lawmaking and interference in our liberty does make me sceptical about the commitment from the top dogs and hence the drive to pull this off. But, I will support this effort in whatever way I can until that scepticism is either proved wrong or right.

To conclude this rather long post then, I think this could be a huge and historical turning point in the health of FOSS here in the UK and I am very excited about the tone and sentiment behind this policy document. The authors (Our Government) have started to roll a very large ball down a very long slope. If the current Government do not take this seriously, or should the administration change and turn away, then the ball will roll out of control. If they do what they say and keep close to the community then I honestly believe there could a very bright future ahead of us.

OOXML Fataly Flawed?

Thanks to Roy’s tenacity and constant vigilance, I have learned how it now appears the MS Office binary format that is wrapped in XML and is now known as IS 29500 (OOXML), an ISO Standard Office Document Specification (ROTFL), is giving hackers everywhere a field day.

It is now official and also confirmed that OOXML files are not just insecure but there are also persistent attacks against new flaws (without any security patches being available, i.e. zero-day).

There are some good links and sources to this article so recommended reading for anyone who is considering using Office 2007 or receives an OOXML document (the ones ending in x, e.g docx, pptx and xlsx). IMHO your automatic response should be to return it directly to the sender, do not attempt to open it, and ask for them to send it to you in an open format such as ODF or PDF or even plain text. I would also suggest that you provide a link to OpenOffice.org in the reply.

In the last few scant months, there have been several major and very serious security flaws and attack opportunities with Microsoft’s software. Surely, it must be becoming clear to everyone by now:

If the foundations are weak, the walls crumbling, the windows broken and the roof collapsing; it’s time to move.

Information wants to be Free

I was pottering about on the internet today and stumbled across this site about Freedom of Information Act requests. It is a great resource and I found exactly what I was looking for. I also spotted a request that had been made to the Departement of Innovation, Universities and Skills about communication about OOXML. This was only mildly interesting, but it got me thinking. This request would have been better addressed to BSI itself rather than DIUS, but it wasn’t. The reason being that the BSI is not in scope of the Freedom of Information act, our national standards body is not considered a public authority and is not compelled to be open and transparent. This just doesn’t sound right to me, especially when I read the act itself and the schedules of bodies that are in scope. After an exchange of emails with the administrators of whatdotheyknow.com I decided that a question to my MP was in order, so off I went to http://www.writetothem.com and sent off this note.

Friday 23 January 2009

Dear Jeremy Hunt,

The British Standards Institution is a commercial company providing
documentation and professional services around standardisation. It also
acts under a Royal Charter to be the UK national standards body on
behalf of the Department of Innovation, Universities and Skills. It is
my belief that when acting on behalf of the UK as national standards
body it should be considered a public authority under the terms of the
Freedom of Information Act and listed in Schedule 1 Part VI of the act.
This would be similar to the situation of the BBC which is included “in
respect of information held for purposes other than those of
journalism, art or literature”.
Can you let me know if this omission can be corrected as openness and
transparency in the decision making processes of international
standardisation is of great importance to us all.

Yours sincerely,

Alan Bell

Now I await his response.

OOXML: Flogging a Dead Horse

I am continually amazed by the amount of time, energy and expense that the ISO are going to to support the standard that nobody really wants or believes (in except for one corporation and it’s paid lackeys of course). Yes, it’s IS29500 (OOXML to you and me).

In the last few weeks we have had coverage with some lovely photos of the events taking place in Korea from that bastion of fair play and honesty Alex Brown. How the poor live eh? All sponsored by our friends and yours: Microshaft. Well actually, if you buy their software, you have probably been paying for the luxury hotels, drinks and food.

We have also heard how the Norwegian NB (National Body), that actually voted against OOXML becoming a standard but were ignored, has resigned en-masse:

We end our work with Standard Norway because:

  • The administration of Standard Norway trust 37 identical letters from Microsoft partners more than their own technical committee.
  • The process within Standard Norway has been unpredictable and the administration has changed the rules along the way.
  • Standard Norway and ISO have committed a series of violations of their own rules and other irregularities in the OOXML process.

“Standard Norway has overruled hundreds of thousands of users in the public and private sectors”, says Martin Bekkelund.

The mass-copied Microsoft-letter did not contain a single professional argument. Standard Norway first said that these kinds of statements would not be given any weight. However, at the end of the process they changed their mind and emphasized the Microsoft letters. Thereby, Standard Norway misled the committee members.

And we have also seen IBM – a conservative corporation by any measure – making a public statement about the standards process needing reform. Bob Sutor expands on the announcement:

I’ve asked before in this blog if we don’t need some sort of full disclosure from standards participants. In the wiki IBM facilitated last summer, there was a good discussion of the notions of open government and how these might apply to standards making. Over time various votes on standards will be won or lost. I think an open, transparent organization should help users and other stakeholders understand who voted how and why. This is especially true for organizations that represent countries. We must have and understand accountability.

Not very clouded words for “ISO: Sort out your house or become an irrelevance”.

And we also had, back in September, the signed declaration by 6 countries – Brazil, Cuba, Ecuador, Paraguay, South Africa and Venezuela – deploring the refusal of ISO and IEC to further review the appeals submitted by the National Bodies of four nations.

And in support of ODF we have – almost daily it seems – countries, public bodies & departments and corporations requiring/mandating [PDF] the use of the open and royalty-free ODF to store their documents. Here some of the countries that have (or are) adopted ODF: Belgium, Brazil, Croatia, Denmark, France, Japan, Malaysia, The Netherlands, Norway, Poland, Russia, South Africa, Switzerland and Uruguay. Many others are close on their heels.

Which countries have formally adopted OOXML? Which countries have said they are thinking about adopting OOXML? I have yet to see any. Perhaps Côte d’Ivoire might eh?

But OOXML is not quite dead yet. There is a danger. And one we must all be vigilant toward: There is a possibility of Microshaft and it’s Lackeys trying to gain control of the maintenance of the ODF standard. Currently this is handled by the very open and transparent OASIS organisation. This process might end up being transferred to ISO under the guise of a group known as SC34. This committee is loaded full of Microsoft puppets – several of whom are British and have shown a total disregard for due process to this date.

Perhaps the title shouldn’t be “flogging a dead horse” but more of a “dead cat bounce“.

Next Page »