![[rss feed 圖案]](/~ckhung/i/rss.png)
Destined Incompatibility of OO.o's OOXML Implementation
By HUNG Chao-Kuei on Monday, January 5 2009, 10:21 - Permalink
Here is a plea to the OO.o developers who work on OOXML (or docx) compatibility:
- Please speak clearly whether the publicly available information about the ISO-approved OOXML format (into which docx is yet to evolve) is sufficient for you to implement its DRM-related features.
- Please speak clearly whether you are sure of your legal safety in implementing OOXML's DRM-related features.
Please say it loudly in your blogs or emails, in as non-technical terms as possible. Then we will turn around and show your opinions to the confused governments and journalists who still believe Microsoft's claim that OOXML is an open format, and put an end to that lie.
* * * * *
Despite all the OOXML scandals that make 6 countries question the compromised process of ISO and IEC and despite the legal threat behind OOXML, Microsoft is still able to confuse enough people to believe that OOXML is an open format. What seems to be obvious to us who follow the development may not be so to the non-technical public. The goal of this post is to bring awareness of the danger of OOXML to more non-technical public by cutting through the confusing technical and legal fog, and by making Microsoft answer directly, in layman's terms, to the two questions: that of openness and that of legality.
I have my own answers already. I personally have stopped serious programming for years and I know next to nothing about the technical details of OOXML. Yet simple logic dictates that DRM "features" (which OOXML has) immediately becomes useless once the algorithm is known. DRM is designed to restrict, not to empower the user, and therefore has to rely on security by obscurity. It cannot be open for public examination, and the proponents of the exposed DRM systems will surely find legal troubles with those who reveal the secret, including but not limited to FLOSS developers. To illustrate this point, there have been too many cases to enumerate (and I am too tired to give URL's): please just search "DeCSS", "fairuse4wm", "09 F9", "sony rootkit", "ebook sklyarov", "felton sdmi", ...
Yet Microsft will never answer the "openness" and "legality" questions honestly, and my answers for them won't count much. So we need your help, developers. Please let the general public know that OO.o (and for that matter, anything competing against Microsoft Office) is destined to be non-fully compatible with Microsoft Office, in particular regarding all features that require the knowledge of its DRM algorithm. And let them know why. Let them know that it is not because you (and everyone else) are not capable, but rather because OOXML is not open after all. The world appreciate your hard work all the same. We appreciate even more your courage to help clarify matters that Microsoft tries hard to cloud when you admit to the destined incompatibility of your project. Ditto for the firefox ooxml plugin developers. Oops, that one is sponsored by Microsoft so I am not sure whether there is anyone who is voluntarily involved from outside and who would speak the truth.
Some may argue that such move would hurt the publicity, and hence the adoption, of OO.o, Firefox, and other FLOSS projects. In response, I would like to point out that, first of all, one element of the FLOSS culture is honesty about our own shortcomings. Secondly and maybe even more importantly because it concerns the general population outside the FLOSS culture, it would be a better world where MS Office remains dominant by sincerely supporting ODF as the default file formats than where OO.o and Firefox become the greatest helpers in defending Microsoft in various anti-trust cases while getting Microsoft to sneak the wonderful business models of DRM into the office documents of some unfortunate countries. (If these are the only two choices, that is.)
Hopefully at some point in the future, people will understand that true open file formats, and open interfaces in general, are more important than free software. Think about the difficulties that hinder wine, gnash, samba, and so forth. Free software does not fear competition. Yet it needs true open interfaces to compete on a fair playground, or else it is destined to be an incompatible and inferior lame alternative to proprietary solutions. Let's lower down the barrier to truth for the non-technical population and prevent the unconscious spread of docx being helped by some FLOSS before these involved pieces of FLOSS unconsciously become their own victims. We have to admit OO.o's destined incompatibility regarding OOXML one way or another. Why not do it now, loudly, when the echos can still help instead of hurting FLOSS?
Comments
We (Yes, you [you], too.) should all put our money together and plaster this on its own page of the Wall Street Journal.
...and maybe put an ad up on MSN.com. (I see more Microsoft ads on Linux sites these days anyways).
Nice article.
Which DRM features, in particular, are you talking about?
It's way WAY WAAAAAY too easy to have numerous interop failures across apps except when all source code is shown (including up to the build tool chain and the OS).
Many of these would-be failures occur even when interop is attempted among friendly partners (unless these partners share significant or all source code).
Now imagine when you have a dominant vendor that gains proportionally to there being interop failures between its product and those of other third parties (in order to achieve lock-in).
Why do you think so many vendors keep their source hidden? ..So that their products don't become commoditized (ie, interoperable).
[Remember that even among cooperating partners, specs are always lacking in many ways (including missing out the inevitable extensions). Bugs/misimplementations always exist.]
Thanks, Simon. Maybe let's wait a while to see if some developers speak up. That would be more convincing than my article. Meanwhile, I would appreciate if people pass this article to EFF, groklaw, and similar places where influencial people take further actions to investigate this more direct line of argument.
AH: what about features mentioned in "IHR in the 2007 MS Office"? As soon as OO.o or FF can decode a docx file and decides to bypass its control, it becomes one of the "malicious programs such as Trojan horses, keystroke loggers, and certain types of spyware". Surely the developers have to be prosecuted by any available law such as DMCA.
Jose_X: Opening up the source code is a nice thing for the big corporates to do, but it has never been a requirement for the open interfaces to work. Think of all the network protocls such as http, ftp, smtp, ... defined by RFC's. Think of html and css. Think of graphic file formats such as png, and compression file formats such as gz and bz2. None of these ever require full (or any) disclosure of the source codes from participating parties. Why should office file formats be an exception? I love FLOSS and I use GNU/Linux almost exclusively. Yet I believe that it is important to help people distinguish between open interfaces and FLOSS. The former is a humble request to have a fair, democratic playground; the latter is a nice political party that both you and me support. If we don't make the distinction, MS may very well turn the confusion to their benefits and tell people that "these open interface extremists are making unreasonle demands to see our codes".
I wrote a much longer post and then scrapped it.
In it I had mentioned that many Internet protocols work because these each have a reference implementation that is FOSS and which effectively defines the standard and its precise behavior (it defines a base target). A lot of the Internet runs on FOSS or on FOSS derived products.
There are many products that use any combination of these (eg) Internet protocols but don't implement the same exact behavior as done by other products or they add other layers of undocumented behavior (eg, piggy-backed within the payload or as proto extensions/adjustments).
Still, a lot of FOSS effectively define the stds. Closed source vendors that create a variation have the recipe to figure out interop with the bulk of FOSS running the Internet [they have the source code]. However, they add other ingredients not understood by other products. It's a one-way street for interop.
So, in fact, the Internet shows the utility specifically of having source code.
You mentioned HTML, but we know Microsoft has extended it, and possibly so have a lot of other products.
And any independent implementation will have bugs that will change the behavior at least subtly if not significantly. Simple bugs alter behavior and break interoperability. When third parties have the source, they can flush out the bugs (file a bug report or change the FOSS themselves) or build in special compatibility into their own product (work around the bugs).
And don't forget that, for years now, online updates allow the vendors to alter their installed base of network accessible closed source products on the fly. They provide a moving target, moving behavior, but no source.
You mentioned some file formats, but I think the FOSS version of these effectively define these standards (I am aware that RFCs exist for a lot of these formats)... or at least allow for that one-way compatibility street.
Anyway, FOSS exists for many protocols. Closed source vendors can interop with these if they choose to, but the converse is not realistic except in special cases. I saw no argument from you to the contrary.
Those that want interop almost always show/share their source code because it is by far the most effective way to try and achieve interop. Why spend 3 times as much English text explaining obvious and subtle behavior captured across many function calls? Those that care much less about actual interop, on the other hand, find any excuse possible to keep as much of the source hidden as possible.
Jose_X: I see your point. Hope I don't mis-interpret you this time: Not every participant has to open up their source, but there must be at least one FLOSS reference implementation. Completely agreed.
> However, they add other ingredients not understood by other products.
> It's a one-way street for interop.
An example is Microsoft (again...) deliberately destroyed Kerberos interoperability. They seemed to "open up" the specification just before they went to court. Yet they kept a legal umbilical cord attached to that "open specification".
The drug dealer has used the same technique, over the years and repeatedly, to keep everyone addicted and controlled. Now they have the newest drug for sale. This time it is labeled as "organic" by some unfortunate organization whose process and hence reputation is compromised by the drug dealer . The question is: do we as customers still decide to buy it simply because of the pretty label?
This post's comments feed