Office 2003 Bug Locks Owners Out 247
I Don't Believe in Imaginary Property writes "A Microsoft Office 2003 bug is locking people out of their own files, specifically those protected with Microsoft's Rights Management Service. Microsoft has a TechNet bulletin on the issue with a fix. It looks like they screwed up and let a certificate expire. There's no information on when the replacement certificate will expire, though, or what will happen when it does."
Re:Screw Up Or Forced Upgrade? (Score:3, Informative)
Luckily open office writes to an open, patent unencumbered format. So if you dislike the UI- find a fork with a better one. Or a completely different program. No vendor lock in.
Re:So if you had no web, you'd be hosed? (Score:4, Informative)
This bug only applies to documents protected with Rights Management Services, which is part of Active Directory and the Windows Server operating system.
Therefore, the only way you would have an issue is if you were on a network that used RMS but had no internet connection, in which case you'd have your IT guy download a fix from some other internet-connected machine and deploy it to the systems with the bug.
This will not affect people who are simply running their own copies of Office 2003 without RMS or Active Directory or any other fancy add-ons.
Re:Screw Up Or Forced Upgrade? (Score:5, Informative)
It's still vendor lock in if there's no competing product that reads their open formats.
Umm... There are a huge number of programs that read/write ODF (OpenOffice's default format). Wikpedia has a fairly extensive list [wikipedia.org] of software that handles the various ODF files.
Re:Screw Up Or Forced Upgrade? (Score:5, Informative)
This has nothing to do with open formats.
If you encrypt and digitally sign (aka DRM) your OO.org files, and loose the ability to decrypt them, you are in the same boat.
This is a story about DRM, not formats. A story about the forgotten idea of key escrow idea and of DRM cert servers, not file formats.
Re:Any workarounds? (Score:3, Informative)
RMS is for controlling the documents once they are outside the organisation. They're encrypted, and you can't get the key unless the RMS server lets you have it. And only Office can decrypt, and the RMS allows the author to block the ability to do things like edit, print or forward the document to someone else.
Some customers like the idea. When we implement it, rule #1 is "You no longer have sole control of the document". IIRC, there are ways to set RMS up so that internal people always have access - it'd be strange if that was what was broken.
Re:amazing... (Score:3, Informative)
You are referencing a SCRIPT that was MEANT TO DO HARM.
There is a difference. The "malware" was really a simple script that asked for root before it got installed and used pre-installed programs that are available in the Ubuntu install to ping a server and download a file from another to do... something nefarious.
The easiest fix in the case of that script would be to force wget to launch with a tty attached instead of being launched in the background. Presto you have plugged a hole that this script exploited right there.
Security holes will be found continuously, by both sides of the fight - it is just up to who finds them first that dictates which way that scenario goes. Now if you compare the proprietary vs the open source software vendor's security track records you will note that the OSS guys are doing rather better than the proprietary guys.
Why? In OSS the source is available for those who protect AS WELL AS those who exploit, yet the exploits are less, and are patched quicker. In proprietary land the source is available ONLY to the vendors - yet exploits abound.
Another point is that you are comparing a targeted attack on a discovered weakness to a possible software bug that migh cause problems in the future.
Also, you forget that in the case we are discussing the fix HAS to come from Microsoft - they responded admirably quickly with a hotfix btw - but in the case of OpenOffice (for instance) you would be able to implement fixes from a larger number of vendors, or their partners or well meaning codesmiths all over the world.
The odds just favour OSS in this scenario to perform better, and to be fixed quicker if something breaks.
Re:Totally off the mark. (Score:5, Informative)
Eventually the bigwigs get tired of the fact that they cannot understand how to use save-as-older-format, and they dislike having their underlings telling them to do things, and they cannot bear to find all the files they saved and re-save them before they downgrade back to the old version... So the entire company naturally has to pay to upgrade everyone.
Or, the admins download and roll out the Microsoft Office Compatibility Pack [microsoft.com] and leave the CEO with his new shiny-shiny.
Re:Locks OUT!? (Score:4, Informative)
That's what happens when you hand the keys to your kingdom over to someone whose best interests don't align with your own.
Saying you should avoid that is all very well but it's practically impossible in any business.
Want to take out a loan? The moment the bank thinks you may be in trouble they can and will send you a rude letter saying "Repay the whole lot. Now."
Want someone to do your accounts? Paying an outside company will be a sight cheaper than paying a wage to someone who you only need for a few weeks of the year, but the accounts they prepare will be full of disclaimers to the effect of "We have prepared these using information supplied by our client...." and it's you the tax man will come after if he smells a rat. Too bad if the office junior did your accounts and the senior person who signed them off was in a hurry to get home that day - they'll never admit it in a million years.
Want an email, calendaring and contacts platform? Free clue: The F/OSS exchange alternatives are generally just as complicated as Exchange itself, with the added bonus that finding someone who knows them can be a hell of a lot harder.
Re:Unexpected error? (Score:5, Informative)
Re:Totally off the mark. (Score:5, Informative)
Comment removed (Score:4, Informative)
Compatability pack worse than OO.o (Score:1, Informative)
Compatability pack worse than OO.o for compatibility.
Save a wodge and get OO.o instead.
Re:Take off your tinfoil hat (Score:3, Informative)
Re:Totally off the mark. (Score:4, Informative)
Now if they are still using Office 97 I think they got bigger things to worry about than getting a newer version.
What things are those? Office 97 met my needs just fine, the only reason I stopped using it is that it didn't support multiple monitors correctly, you'd put the app on the second monitor and pop up a menu, and the menu would pop up on the primary display! Goooooo Microsoft, yeah! Now THAT is quality. Now I'm back to one monitor, but I'm also on Ubuntu so I'm using OO.o.
Re:Totally off the mark. (Score:4, Informative)
That's a Windows PC, an iMac, and a Linux netbook by the way.
Re:Totally off the mark. (Score:3, Informative)
And how do you upgrade the PAYING customer with the draconian security policy?
A totally cynical decision by Microsoft to make color palettes INCOMPATIBLE in when Office was upgraded has caused major troubles in our project. The Excel files we made, which need to use color in order to communicate complex data sets, get shown in front of large meetings and emailed to participants. I had to hand-edit many times to avoid embarrassment, the guys who didn't got embarrassed of course.
Re:Screw Up Or Forced Upgrade? (Score:5, Informative)
LyX is your friend. It's a wonderful WYSIWYM(ean) editor for LaTeX.
Re:Locks OUT!? (Score:1, Informative)
Want to take out a loan? The moment the bank thinks you may be in trouble they can and will send you a rude letter saying "Repay the whole lot. Now."
Don't know about the US but in the UK you'd just say "no, I'll continue paying as per our present arrangement". If they wanted to, they could take you to court. You tell the judge you can't afford to repay the mortgage, and the court will order you to pay an amount you can afford. You volunteer to pay what you were already paying and the judge will almost certainly consider that reasonable and make an order to that effect. Or possibly dismiss the case (as you are already paying that amount) without making an order and tell the company's lawer not to waste the court's time. So in practice, the company won't even try this in the first place.
Note this is regardless of any 'foreclosure' clause - which would as per above probably be invalid in this case under Uk consumer law.
If you're talking about a case where you actually don't make one or more payments, then that's different. But you did say "the bank thinks you may be in trouble".
Note I'm not an expert in this area, but I do live in the UK and I have seen lots of reports relating to house repossesion and I've never seen a simple case of 'we are forceclosing now despite you making full payments' succeed (unless there are other factors like use of house as crack den, disputed complex multi-loan structures, occupier part-demolishing house etc.)
Re:Totally off the mark. (Score:3, Informative)
Re:Totally off the mark. (Score:3, Informative)
But the message was clear, you shall upgrade whether you like it or not.
Who needs java? (Score:3, Informative)
Er... Java is optional, and only required if you use the database engine (nobody does, because almost nobody knows when _not_ to use a spreadsheet, IMHO of course 8-) or some of accessibility and wizard thingies.
One of the ACs gives the actual quote and reference.
Plus OpenOffice.org (and I think core open office as well) dumped the larger desktop interface a long, long time ago.
Try something recent, and try reading the documentation, before you rail against any product.