Dan Geer is an extremely well respected security expert.  When he worries about something, people listen.

One of the things he has worried - and warned - about is the danger represented by IT "monocultures" - the situation that arises when everyone uses the same software, for example, and therefore everyone shares the same vulnerability to a computer virus or other security threat. 

Just as the word "virus" has been borrowed from biology and provides an apt and vivid descriptor for its IT analogue, so also does the word monoculture function: think of the consequences of Irish potato blight, or of the wiping out of the American Chestnut tree, which once numbered in the billions in the forests of the American East and is almost extinct as a mature species.

Well, last November, Dan wrote a perspective piece for CNETnews.com, called Massachusetts Assaults Monoculture.  In that article, he wrote:

As a matter of logic alone: If you care about the security of the commonwealth, then you care about the risk of a computing monoculture. If you care about the risk of a computing monoculture, then you care about barriers to diversification. If you care about barriers to diversification, then you care about user-level lock-in. And if you care about user-level lock-in, then you must break the proprietary format stranglehold on the commonwealth. Until that is done, the user-level lock-in will preclude diversification and the monoculture bomb keeps ticking.

As it happens, Dan's bomb went off a few days ago, with the breakout of the "Backdoor.Ginwui" virus, a malicious bit of code that Symantec introduced in an alert as follows: 

It has been reported that Backdoor.Ginwui may be dropped by a malicious Word document exploiting an undocumented vulnerability in Microsoft Word. This malicious Word document is currently detected as Trojan.Mdropper.H.

For the last couple of weeks I've been writing a number of blog entries focusing on poorly researched and deliberately misleading items in the news.  One of those pieces is called >The Script Reloaded: Recognizing "Them."  The first premise of that entry was that it's easy to spot opinion pieces that derive from a common source, based on the points made and the language used.  The second was that there's a difference between pieces from interested sources that are based on "talking points," and planted stories that contain the same message, but don't disclose that they're just a conduit for someone else's message (or worse yet, disinformation).  For example, you expect an op/ed piece by a vendor officer, or a quote from a vendor spokesperson, to be toeing the party line.  But when you read a "citizen" op/ed piece, you don't want to worry whether it's been vendor-influenced unless there's the usual italicized disclosure at the end of the piece.

This difference is important, because most of us are willing to give a "citizen" op/ed or a report issued by a neutral non-profit more credence than a vendor-piece - unless we know that they have an economic axe to grind.  That's where paying attention to the language can help - especially when there is a campaign to spread a Big Lie - the subject of another recent blog entry of mine on the same theme.

I promised in my last entry to highlight new articles that caught my eye that seem suspect, and this morning read one that has all of the hallmarks that I noted before.  The piece in question is by Steven Titch, a Senior Fellow of the Index.cfm">Heartland Institute, and also the editor of its monthly newsletter.  The Institute describes itself on its home page as, "devoted to discovering and promoting free-market solutions to social and economic problems," and the article is called The Dangers of Dictating Procurement. 

And this is just the first draft 
               Microsoft spokesperson, commenting on the 4,000 page
               first draft of Open XML, as quoted at

The first draft of Open XML has been posted for public viewing at the >Ecma Website, five months after Ecma accepted Microsoft's submission of what was then less-appealingly referred to as the XML Reference Schema.  The most detailed source of information I've found so far is this page at Brian Jones' blog, which focuses heavily on XML in Office and the development work on Open XML file formats (Brian is a Microsoft Office Program Manager who has frequently provided public comments on the progress and purpose of Open XML).  You can also find short press articles at >NetworkWorld.com, by IDG's Elizabeth Montalbano, and at by Peter Galli.  Both Elizabeth and Peter have been following the ODF/XML Open story for many months. 

According to Jones, the specification is now 4,000 pages long (roughly twice its original size) and has been the subject of weekly two hour conference calls and three day face-to-face meetings about every two months. 

Each of these sources is quite brief, and therefore there is little new information to be gleaned about the draft specification, short of downloading it and diving in yourself.  For those not so able or inclined, though, here is one out take from Brian's blog that is instructive regarding the differing approaches (and constraints) represented by the ODF and the XML Open approaches:

There have been a number of stories published on-line in recent days that warrant both comment and qualification.  The good news is that more and more journalists are being attracted to the OpenDocument Format (ODF) story, largely because of the increasing credibility of the threat to Microsoft Office that ODF poses.  A measure of the appeal of that story line is the fact that it is beginning to surface in articles appearing in the mainstream press (look for a story in Fortune magazine this week, for example).  The bad news is that some of these articles have been poorly researched and/or reported.  The result is that more care is now needed when reading the news than was required a short while ago when only a small number of reporters were covering the story, each of whom had taken the time to acquire a good understanding of what was involved, and had the chronology of events and the facts in focus.  Free lancer John K. Waters and ComputerWorld's Carol Sliwa, in particular, have impressed me with the quality of their coverage. In this entry, I'll look at some of the significant news that has broken in the past week, and highlight the ways in which I believe it has, and hasn't, been accurately reported on-line. Let's start with one of the big news stories that emerged yesterday: the first public, pre-release demonstration by IBM of some of the ODF-supporting features of its new "Hannover" release of Lotus Notes.  The news that the next release of the Notes client would support ODF is not new (IBM had announced last January that its Workplace Managed Client (WMC) software would support ODF), but the demo offered a media opportunity to showcase the fact that progress was proceeding apace.  The first article to be issued of which I am aware was reported from the Deutsche Notes Users Group conference in Karlsruhe, Germany, where the demonstration was given.  You can find it here.

 Just over a week ago, I posted the first of what I hope will be a complete set of interviews with the developers of the major open source and proprietary software suites that implement ODF.  That Interview was with KDE's Inge Wallin, and addressed the KOffice suite — one of the two best known open source implementations of ODF. Today, it's the turn of OpenOffice — the other well-known open source implementation of ODF, and the most implemented of all software packages that support ODF. The interview that follows is with Louis Suarez-Pots, OpenOffice's Community Manager (LSP in the responses below), and John McCreesh, Marketing co-lead (JM).

The purpose of this series of interviews is to provide a comparative picture of the evolving ODF landscape, highlighting the strengths (and weaknesses) of each current implementation, so that potential users can judge which alternative is right for them. At the same time, it will illustrate the fact that a standard such as ODF, far from limiting innovation, can instead enable a rich set of products that distinguish themselves with additional features to attract users to their particular flavor of the same software tool.

Each of the interviews contains the same set of comparative questions, plus a smaller number of queries directed at features, history, or other factors unique to that product. As with the KOffice interview, this series of questions and answers is included in full and unedited, with the goal of creating a record of the developer's or communities view of its product today, and its vision for the future of that product tomorrow.

At the end of the series, I will seek to summarize the results and, if possible, find a suitable expert(s) to provide their own comparative evaluation of the implementations. If you are such an expert and willing to participate, please get in touch with me.

"Public Relations" is one of those funny phrases that has very little to do with what it really means.  At sixty thousand feet, it's about influencing opinion, which (at that altitude) doesn't sound all that bad.  But when it gets down into the bushes, it starts to become a bit less innocuous, and more unsavory.  For example, when you watch a political ad and listen to a smarmy voice malign another politician, you know exactly what's going on, and it's not pretty.  Still, at least you have your radar spinning, and can take the statements for what they're worth, which is not expected to be much.

But how about messages that are delivered in sheep's clothing, in other contexts, where you don't expect to be listening to a paid political announcement, and therefore won't necessarily recognize what you're listening to for what it is?

Here's where the fun comes in (I use the word "fun" in the darkest and most cynical fashion), because in order for messaging to be effective, it must be consistent.  And if it is consistent, it can be spotted.  But once you learn how to spot it, you enter into a disquieting science fiction world where ostensibly innocent, normal people are suddenly revealed to be  "them" - but only you can see them.

This blog entry is the first of what I fear will be a long series of posts where I will cut and paste outtakes from various sources, putting the key words from the script in bold, and paraphrasing the rest to thwart Googling.  Over time, you can assemble the script yourself, and start spotting "them" yourself when you see them.

It's not my goal at this blog to nominate myself as the official FUD Ombudsman for the contest between the ODF standard and Microsoft's  Open XML (especially since the connotations of the name "Ombudsman" in this saga ain't what they used to be).  But a press release issued late Monday falls so neatly into the pattern that I wrote about two days ago that I'm not feeling a lot of choice on the matter this morning.  Sadly, the text of that release also points out an unfortunate by-product of "objective journalism"  -  the ability to have outrageous statements broadly disseminated by journalists who feel bound to provide both sides of an issue, but don't have the time to research and report whether the statements are true or false.   

The press release in question was issued by the Initiative for Software Choice (ISC), an affiliate of CompTIA, and is titled "Coalition Says Massachusetts' Search for ODF Plug-in Evidences Flaw in Mandate Policy."  The news-based message of the release, as I read it, is that the issuance by the Massachusetts Information Technology Division (ITD) of a request for information illustrates that free market dynamics are preferable to imposed technical requirements.  The press release concludes by saying:  "We applaud these and subsequent, market-based developments."   

David Gardner wrote a piece at InformationWeek.com based on the same press release, and titled it "Trade Group Blasts Massachusetts Call for Office Plug-in."  Perhaps we shouldn't be too hard on David for getting the formal message wrong, because in fact he got the underlying message regarding the ITD's policy dead on.

For a sequel to this blog entry, see: A Tale of Two Press Releases: Big Lies and Objective Journalism

This blog entry is a rarity for me: an exegesis on the deliberate disinformation spread by a single vendor.  I generally avoid a piece like this for two reasons: first, every vendor has its own PR agenda, with the differences being a matter of degree between the egregious and the merely disingenuous.  More importantly, there is a risk when focusing on a single vendor of decreasing one's reputation for objectivity, despite the fact that one may certainly focus on the statements of a single source and fairly find them to be both inaccurate and cynical. 

What persuaded me to take up the cudgels in this case was a quote I read earlier this week in eWeek, and then spotted again  Bob Sutor's blog today:

"You can achieve interoperability in a number of ways," said [Microsoft's] Robertson. Among them: joint collaboration agreements, technology licensing and interoperability pacts.

The reason this statement caught my eye was that Scott Edwards (also of Microsoft) had used virtually the exact same words at a NIST workshop that I spoke at a month or so ago, offering such methods as valid alternatives to "open standards."  My reaction then, as now, is that such means can in no way represent equivalent alternatives to open standards, although they might offer an avenue to a single vendor, or to a cadre of vendors, to control a marketplace to their own advantage.  When you hear something once, it can be off-hand remark, but when you hear it twice, it's clear that it's a corporate talking point.  And when it comes from the General Manager for Standards of a dominant vendor, it becomes worrisome.

Still and all, and to be fair, Roberson's statement is accurate in a technical sense, although when used in certain contexts (such as the NIST workshop) it can be misleading to an audience that isn't knowledgeable about standards. 

Earlier this week, the Massachusetts Information Technology Division (ITD) issued a Request for Information (RFI) titled "OpenDocument Format Plug-in for Microsoft Office Suite."   Almost immediately, Pamela Jones posted word at Groklaw  from Gary Edwards that the OpenDocument Foundation had completed just such a plug-in, and would be responding in detail to the ITD shortly.  There will surely be other responses as well, as I have received email over the past several month from other groups embarked on the same project, some as far afield as Australia.

The RFI itself has some interesting aspects as well.  Rather than a formal  Request for Proposals, the RFI is instead a message to the greater IT community asking for assistance, not only from those that may be creating tools, but from those that may simply be aware of something interesting that is going on.  Specifically, what the ITD is looking for are tools that can assist it in its conversion to software that supports the ODF-compliant office software.  The page at the ITD procurement Website where you can view the RFI in ODF, PDF or (yes) Word format is here. 

As a result, if you are involved in a relevant project, or know of one, I would encourage you to check out the RFI and supply any information that you may have that could be useful.  Whether or not you have anything to offer, though, the RFI makes for interesting reading, and I'll now point out a few reasons why.

One of the great goals of standards development is to encourage the proliferation of multiple products that are comparable and interoperable at the level of standardization, but which each compete with value-added features, level of service and otherwise.  This arises from a set of mutual expectations among vendors and end-users that each will benefit from the wide uptake of the standard, especially where interoperability is a necessity, or lock-in a danger. 

To the vendor, the anticipated benefit is the rapid development of a larger and more long-term market than would result from multiple proprietary offerings, while the value to the end-user is greater choice, lower prices, more useful features, and avoidance of lock-in.  But none of this will occur to the benefit of any stakeholder unless multiple vendors decide to implement the standard in question.  As a result, the OpenDocument Format (ODF) will only be as valuable to end-users in fact as it is perceived to be potentially valuable to developers. 

Happily, multiple developers, both proprietary vendors as well as open source communities, have decided that there is great value to be gained from supporting the ODF standard, promising just such an environment of rich features, service and protection from lock-in.  Some have achieved a great deal of press, most notably Sun's StarOffice 8.0, the open-source OpenOffice 2.0 suite, developed by OpenOffice.org (which is supported by Sun) and IBM's Workplace Managed Client.   

But there are also versions of ODF that are not fueled by vendor funding, and the most fully developed of those offerings is KOffice, an open-source office suite developed by the KDE (K Development Environment) project, which has been hard at work developing a free, open desktop environment and development platform since 1996 that runs on many UNIX variants, including Linux.  A few weeks ago, KDE announced the release of KOffice 1.5, which achieves a high degree of support for ODF.

In this extensive interview, I explore with Inge Wallin, the KOffice Promotions Lead, how KOffice is different from the other major office productivity releases that support ODF, which users may find it most appropriate to their needs, in what directions future development will proceed, and much more.  In the future, I hope to provide similar interviews with representatives of the other major offerings, in order to illustrate the way in which the ODF standards-based office productivity environment is evolving in real time.