Bonum Certa Men Certa

OOXML: Security Flaw Found, Microsoft Lies About It Again, African Revolt Against It, and ISO in Great Danger

It is not looking good for OOXML. Even if it passes the September 2nd test, the wrecks it will leave behind it will be highly damaging not only to Microsoft, but also to those that surround Microsoft.

OOXML Means... Deception



Microsoft systematically lies about OOXML. It does it deliberately. To use a few recent examples, consider this batch [1, 2, 3, 4, 5]. There are many more examples to be found, but they are not quite as 'fresh'. If you thought Microsoft ran out of lies, then get a load of this.

Of course, Microsoft already knows all this, and no doubt that is why they are working so hard to urge NB's to vote "Approval, with comments" with promises that their comments will be addressed at the BRM, a BRM that might not even occur. In fact, if everyone listened to Microsoft and followed their advice then that would almost guarantee that no BRM would be held and no NB's comments would be adopted.


This is another disgraceful case of deception. Microsoft hopes to have its victims razzled and dazzled until it's too later to change the mind.

OOXML Means... Not Secure



In the past, for a variety of reasons, OOXML was said to be unsafe. It's unsafe because of poor digital preservation. It is unsafe because life is in jeopardy. It is unsafe because of untrusted binary macros. It is unsafe because it depends on the existence and direction of one single company. The list could go on and on, but there's a theme here. OOXML is not a safe route for storing one's (potentially vital) documents, history, and work.

If you thought you had seen it all, be aware that an XML-related flaw has just been discovered in Excel 2007.

Bradley Mountford, a digital forensics expert, today discovered a security vulnerability in Microsoft Office Excel 2007 regarding login information of external data sources.


Need anyone be woken up by a louder warning signal? Inelegant formats are bound to become susceptible to abuse. Without reuse, there is plenty of room for mistakes. OOXML is not just buggy, but it is also risky.

OOXML Means... Imperialism



Recall our very recent post about OOXML in the African continent. Reciting some key information:

In response they [Microsoft] have apparently been sending PR teams around to national Standards boards all over the world(Ghana for a fact) to lobby for votes for OOXML under the guise of talking about ‘Open XML Standards’.


Bear in mind that Ghona is actively pursuing Free software, but it's also an easy target for the notorious "exchange of favours/money".

The minister also said that "Ghana's legislators, of which I am a member, use Linux to support the computing facilities at Parliament House".


Here is where the news comes in. It follows the articles (some of which were cited in our previous Africa-tagged post) about Microsoft's abuse through lock-in. Right now, the African civil society is actually courageous enough to warn Microsoft. To paraphrase Pamela Jones (in a different context), Africa is not as ignorant as Microsoft needs it to be.

African Civil Society Organisations (CSOs) may be spoiling for war with the global software giant, Microsoft Corporation, over its bid to have its DIS 29500 'Office Open Extensible Markup Language (OOXML)' endorsed by the International Standard Organisation (ISO).


Miscellany: OOXML Means... The End of Standards



It wasn't long ago that the OOXML petition site posted and posed the 5 famous questions about OOXML.

Here are some 5 simple questions you should get an answer from your Standardisation Body, from ECMA, or from Microsoft...


These questions make it evident that OOXML becoming a standard would be absurd, to say the very least. The Web is filled with new comments about OOXML's progress and here is one that caught my eye:

MS threatens legitimacy of ISO

Microsoft whines they are following the rules. Well, it's also within the rules to fire a competent and cooperative single mother of 4 children and replace her with your drinking buddy. Some rules.

ISO will commit suicide if OOXML becomes a standard as it is now. But maybe that's what Microsoft wants.


Closing a loop here, in reference to the issue of OOXML and safety, have another look at what Rob Wier said last week. It's the conclusion in an essay whose title was "Is it [OOXML] safe?" (highlight in the quoted text is ours):

The tragedy of this is that for so many NB's, with talented technical committees, the discussion of OOXML has failed to be a technical evaluation, but has quickly become a political game, where committees are stuffed, governments are pressured, billionaires call in favors, competitors blocked from participation, voting rules ignored or modified at whim, etc. All we can do is stand by and watch as Microsoft takes over JTC1. The cost to Microsoft will be great, but so much greater is the cost to JTC1. What will it mean for JTC1's future to be known as a body that does not follow its own rules, does not evaluate proposals on technical merits, but has procedures so weak and poorly written that it allows itself to be taken over by a single company? Quis custodiet ipsos custodes?

Recent Techrights' Posts

BASIC Predates Microsoft by Over a Decade, Microsoft-Controlled Sites Like The Register MS Don't Want You to Know This
The state of the media is really bad when it relies a lot on oligarchs' money and is appointing editors who are working for oligarchs
Brian Kernighan, "Only Third to Dennis Richie and Ken Thompson" (UNIX), Agreed With Someone Who Said Rust Was Just Hype, Should Not Replace C
17 hours ago
Reminder: Microsoft's "Secure Boot" Certificate for "Linux" Will be Expired in One Week
Many PCs won't manage to 'rotate' to another certificate
 
Gemini Links 05/09/2025: Logitech Lift and DIY Gemini Servers
Links for the day
Links 05/09/2025: Sainsbury's Caught Spying on In-Store Shoppers and Microsoft "OpenAI is Using Legal Threats to Harass its Critics"
Links for the day
Analogies for "Memory Safety" in Rust
Don't worry, it's Rust! It can do anything!
"Many of the Red Hat Employees Are Still Looking for Work"
Shame on IBM's CEO
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, September 04, 2025
IRC logs for Thursday, September 04, 2025
Microsoft Started With Code Literally From The Trash, Nothing Has Improved Since
The reality is, there are systems and code that are reliable. But they're not Microsoft's.
Hypothesis That New McKinsey/Microsoft Executive Inside Red Hat Will Outsource Research and Development Operations to India (Like They Do in IBM)
IBM is floundering
Slopwatch: Scams, Fake Articles About "Linux", Plagiarism, and Worse
Perhaps some time soon the LLMs or the "Big LLMs" will run out of money (to borrow) and go offline, leaving those slopfarms in a tough place
Gemini Links 04/09/2025: Means of Production and Rusting Out
Links for the day
Links 04/09/2025: Science, Hardware, and Eyes on China
Links for the day
Gemini Links 04/09/2025: Digital Minimalism and Social Control Media
Links for the day
IBM's GNU/Linux Divestment, Based on Hard But Anecdotal Evidence (IBM Fails to Recognise How Much Money It Made and Can Still Make From "Linux")
Love us or hate us, a lot of what we've been saying about Red Hat under IBM turns out to be rather accurate
Links 04/09/2025: Massive Microsoft Staff Cuts (Barely Reported), "Strange Conspiracy Theory Is Reportedly Spreading Inside OpenAI"
Links for the day
Activists Can Win, But Keep an Eye on the Ball and on the Trophy
GitHub is dying, it was a loss-making trap, not free hosting
Gemini Links 04/09/2025: Katrina Remembered, Distracted Driving, and Virtual Economics
Links for the day
At This Point It's No Longer Matthew Garrett But People Who Fund Matthew Garrett (or Companies That Fund His SLAPPs Against My Wife and I)
The only thing worse than misogynists are misogynists who fail to respect other people's right to go on holiday
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, September 03, 2025
IRC logs for Wednesday, September 03, 2025
The UEFI 9/11 - Part VI - This Serious Harm Was Planned for Over a Decade, Not an Accident or Merely Some Misfortune
The term "Serious Harm" is legally meaningful here
GNOME Unfit for Diversity and Inclusion
GNOME's leadership is using "bad words"
Brodie Robertson Addressing the Recently-Discovered Comments
Most people probably knew nothing about this until he wrote a response
Red Hat QA Team "Had Shrunk by Half Over the Past Year." (After IBM Divestment)
If Red Hat's workforce is being moved to the East, then RHEL can become a national security problem
Slopwatch: "Open Source" and "Linux" News Faked, Made by Bots and Entered Into Google News
Spam combined with slop about "Linux" has entered Google News
Links 03/09/2025: Microsoft Causes Mass Layoffs Outside Microsoft Also, "Google Can Keep Paying for Firefox Search Deal"
Links for the day
Gemini Links 03/09/2025: calendar.txt, Alhena 5.3.1, and ROOPHLOCH
Links for the day
The Theory That the Man From McKinsey, Whom Red Hat Took From Microsoft a Month Ago as Executive, Wants 'Efficiency' (Lower Salaries)
So far... no "official" word
When Your Site's Articles Are Being 'Cheapened' by Slop as Feature Images
Dr. Farnell should become an advisor to The Register MS
Certificate Authority Let's Encrypt Drops to Only Half a Dozen Capsules and 0.2% of the Whole in Geminispace, Self-Signed is the Way to Go
It used to have hundreds, according to Lupa
Doing to Red Hat What They Already Did (and Still Do) to IBM
there seems to be a drive to hire cheaper staff, and it may be led by somebody Red Hat hired from Microsoft
Links 03/09/2025: Salesforce's Latest Mass Layoffs, 93% in Large Poll at The Register MS Say UK Government Should Dump Microsoft
Links for the day
Preparations for Our 19th Anniversary Have Already Begun
When we get back we'll probably sort out some balloons and venue for the next party
Pleased After 2 Years With team.blue
Moving from a Content Management System (CMS, dynamic) to a Static Site Generator (SSG) was a wise decision that made life so much easier
The Free Software Foundation (FSF) is Being Attacked by Organisations Jealous of Its Principled Stance and Longevity
Nobody is perfect, but imperfection does not instantaneously imply sinister intent
If You Reject the Google Verdict in the US, Then You Should Also Reject the "Modern" Web (Do Something About It)
Gemini Protocol is still open; it cannot be hijacked or subverted because it's frozen by design and by intention
Open Source Initiative IRS Filing: Almost All the Money is Corporate, Stefano Maffuli (Executive Director) Takes About a Quarter of That Money for Openwashing of "AI" Ponzi Scheme
OSI is currently little but a PR/marketing agency of Microsoft
Many People Are "Leaving" Red Hat, Even High-Level Managers
Something is definitely going on at Red Hat
Techrights Has Been Subjected to Calls of Violence (and Death Threats), It Never Condoned Violence
I have no sympathy for people who call violence "free speech" and then get in trouble
Condoning Violent Behaviour and "Free Speech"
perhaps Microsoft Lunduke lost touch with what constitutes violence
Takeaway From the Google Verdict: GAFAM Has Too Much Control (Even Over the US Government and Courts With Government Appointees)
Many people feel disappointed but hardly surprised by the verdict
The Free Software Foundation (FSF) Turns 40 in One Month
As noted a few days ago, several times in fact, many people now recognise the importance of the FSF's mission, even if most people don't know what the FSF is
Many Microsoft "Assets" Are Fabricated Baloney (to Game the Numbers)
At times it seems like what we deal with are many weak patents (on algorithms), valuations or speculations based on hype ("hey hi"), and stocks held by Microsoft and its own staff
"Voluntary" Layoffs at Microsoft (to Game the Numbers, Sugar-Coating a Crisis)
"Employees interested have until the end of October to volunteer."
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, September 02, 2025
IRC logs for Tuesday, September 02, 2025