Advertisement
Promo

Become a member of the ZDNet UK community

Comment Articles

Saving the world one file format at a time

Daniel Geer CNET News

Published: 29 Nov 2005 16:45 GMT

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

...about user-level lock-in, then you must break the proprietary format stranglehold on the commonwealth. Until that is done, the user-level lock-in will preclude diversification and the monoculture bomb keeps ticking.

The Massachusetts Department of Administration and Finance does care, and its Enterprise Technical Reference Model specifies OpenDocument Format. That standard is precisely what is needed and not a moment too soon.

OpenDocument Format is the point of maximum leverage. Of all the things Massachusetts could do to make risk diversification possible, the most effective is to remove user-level lock-in by making document storage formats no longer the one thing that forces everyone to use Microsoft Office. As long as the commonwealth voluntarily allows itself to be locked in by the proprietary document formats of a proven monopoly, the commonwealth cannot diversify and therefore cannot mitigate its risk.

The risk of remaining as we are exceeds the understanding of nonspecialists, including, with all due respect, the average legislator. There are new Windows viruses all the time. Perhaps 15 percent of all desktop Windows computers are running malicious software at any time. The monoculture makes attacks automatable — so automatable that there is money to be made. And, sure enough, the menace once posed by teenage hackers has been replaced by that of professional, organised crime.

Do we say that Microsoft is the only interpreter of a public record? That everyone has to buy Microsoft Word to read the documents their taxes paid for? That monoculture is public policy? Or do we say that a public record is not a public record unless it is in OpenDocument Format? I'll take the latter, both because I agree with the idea that a public record is not a public record unless it is in an open format, and also because this is an unavoidable step if we are to dodge the monoculture bullet. The former reason is moral. The latter reason is self-protection.

If we miss this chance, we'll keep paying through the nose until there is a cascade failure among our identically vulnerable computers. It would give no decent person pleasure then to say, "I told you so."

Daniel Geer is chief scientist at data security company Verdasys. He is past president of the Usenix computing systems association.

Next

Previous

1 2


  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with EPSON

Did you find this article useful?
55 out of 118 people found this useful


In association with Network Liberation Movement

Talkback

Post a comment


Full Talkback thread

3 comments

  1. Excellent article. Arthur B.
  2. Articles like this encourage 'able' virus writers... Samuel, UK
  3. "Articles like this encourage 'able' virus writers... Anonymous

Related Links

Company/Topic Alerts

Create a new alert from the list below:







Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

ALL TOOLKITS

Blogs

Newsletters