Posted on 10/05/2005 7:42:38 AM PDT by N3WBI3
Opinion: It's not coincidence that after Massachusetts made it clear that it would support open formats, Microsoft is now going to include PDF in the next version of Office.
What is Microsoft up to, anyway, with its sudden plan to finally support PDF?
It wasn't announced by Bill Gates loudly to the world at the Professional Developer Conference a few weeks ago. It also wasn't proclaimed to the Microsoft faithful at its recent Most Valuable Professional Global Summit.
No, instead, Microsoft quietly squeaked out the news on a Saturday afternoon in Microsoft Office Program Manager Brian Jones' Weblog.
Could it be that it's because Microsoft is backing its way into ever so reluctantly supporting an open format after Massachusetts decided that it would only use office suites that supported open formats like PDF and OpenDocument?
It certainly looks that way to me.
For all of its talk about being an innovator, Microsoft is really just a follower.
PointerClick here to read more about Microsoft's decision to build PDF support into Office 12.
Sometimes, of course, the company is a very, very reluctant follower. It took Microsoft's leadership forever to live down the fact that they had initially dismissed the Internet. Now, I see Microsoft slowly and painfully embracing open standards.
Mind you, this move is just a beginning. I recently pointed out that it would be trivial for Microsoft to add OpenDocument support to Office.
I don't see that happening anytime soon now though.
With PDF support alone, Microsoft can still try for Massachusetts government contracts without having to add OpenDocument.
Well, until StarOffice, OpenOffice.org and WordPerfect's support for OpenDocument force Microsoft's hand anyway.
After all, PDF is much more of an end-result format than one that most people actually want to edit in. As OpenDocument and the applications that enable it gain more support, Microsoft will find itself forced into supporting it too.
Now, some might say that this is just Microsoft giving the people what they want. Many users have been asking for a PDF option from Microsoft since Adobe Acrobat 4 appeared in 1999.
eWEEK Special Report: Office Politics
But, if that's all there was to it, then why was Microsoft banging the drum for its own PDF substitute, Metro, only a few months ago?
Still others might say that is part and parcel of Microsoft's recent efforts to compete against Adobe in other ways: Sparkle vs. Flash, Acrylic vs. Photoshop and so on.
To which, I say, "Why now? Why announce it in such a subdued way?"
No, all those other things play a role, but at the end of the day, Microsoft felt that it must make at least a concession to open standards by adopting PDF.
After all, it's not like Massachusetts is the only entity that is seriously considering making supporting open standards a requirement for its software purchases. Massachusetts was just the first to make it official.
Microsoft would love it if it could make everyone stick to its proprietary formats. That forces customers to keep buying its products. But it can't. And, much as Microsoft may hate it, its executives know it. So it is that as quietly as the company could, Microsoft is, once more, making concessions to open standards.
eWEEK.com Senior Editor Steven J. Vaughan-Nichols has been using and writing about operating systems since the late '80s and thinks he may just have learned something about them along the way. He can be reached at sjvn@ziffdavis.com.
You guys just can't let it go. Think long enough and parse enough words and you'll get that square peg into that round hole.
GE has a valid point. And opsec is all about obscurity.
Obscurity: The quality or condition of being imperfectly known or difficult to understand
Confidentiality: Entrusted with the confidence of another
Secrecy: The quality or condition of being secret or hidden; concealment.
The process is one in which you take a well none algorithm, well documented and reproducible to generate a key which you will keep secret. Is this Obscurity, Confidentiality, or Secrecy?
Good definitions. They should have been brought out early on as in a couple threads the term obscurity has been used to mean secret (by both sides making points).
But in addition to that, the definition of obscurity still fits many of the arguments made from both sides.
Confidentiality (from the posts I've read closely) doesn't fit in the discussion of security by obscurity.
Security comes through architecture and design. Be it open or closed source thats the only place you're going to make anything more secure.
The normalized signature must still be stored. Without something pre-existing and secret, you can't verify. Duh.
Agreed but it was a term that was used so I threw it out there..
In the same way I think its abusing the English language, and I would know ;), to say that obscurity is the practice of generating private keys with a known defined algorithm. Secrecy is easily the best definition.
Exactly, when the bottom line is they're typical new age thinkers who somehow believe everything must be open for it to be secret, even though those are by definition diametrically opposed. The deeper and deeper into obscurity I want to hide something, obviously the harder and harder it would be for anyone to dig it out. And without my key, like a password, their only hope is brute force.
Using N3WBI3 definition of Obscurity...it looks like to me as if it describes one of the properties of a one-way hash.
So that catch phrase of security via obscurity is no security isn't accurate.
Something that used to work years ago (it has probabally been fixed by now) is zipping a zip file...
Actually after thinking about that...obscurity is one of the properties of a one-way hash. It takes a phrase and makes it obscure so that if you receive the hash you won't be able to work backwards and get the true phrase (unless you have the key). However, the message is still there in the hash (assuming the hash doesn't have any collisions). SO the hash is obscuring the message.
Would it be more accurate to say it depends on how the hash is generated. If I know how to generate a hash in the exact same manner is what youre doing obscure?
It would be, but of course I never said that. I'm "hiding" the key in obscurity, making it "private". You have to find the key in order to unlock the encyrption. Right now you don't even know where my key is, much less what it is. Same with my password.
Not surprising newbie would try to slip the 3rd defintion in as proper one.
http://dictionary.reference.com/search?q=obscurity
1. Deficiency or absence of light; darkness.
2a. The quality or condition of being unknown
2b. One that is unknown.
3. The quality or condition of being imperfectly known or difficult to understand
IMO, if you can't read it, or get your hands on it well enough to actually use it, it is effectively obscure.
Not really, because it's a one-way hash, so that the hash is something that is obscure even if you know how it was created. The whole point of a hash is to make it hard to get back to the original phrase.
So if my password is "P@ssW0rd" and the hash is "39d**(30%4kK3!@" there is no easy way to know my password. In fact, the only one that really knows how to create that hash is the person that knows the password. The hash is what is kept on a computer(s). When I need to access info and the computer wants to verify it's me I enter my password...the computer runs it through the one-way hash and checks if it matches the hash it has on file for my password (it doesn't have my password stored). If it matches it assumes its me.
So the one-way hash is obscure to anyone that may get access to the hash. You still want to keep your obscure hash SECRET as brute force attacks on the hash can still work (assuming the algorithm that created the hash is known). Hence that's why NSA and super secret orgs don't release their algorithms for creating a hash.
So secrecy and obscurity is still fundamental to security. I've been staying out of this one a bit more than usual as it goes against conventional wisdom (or at least a catch phrase that I thought was gospel). But GE tought me something (not really anything I didn't already know, but never put put the logic together to refute that catch phrase).
Misspoke...let me fix that...
So the password is obscure to anyone that may get access to the hash.
You're welcome, but I can only imagine what the hounds of hell will think of you saying that, prepare for a major onslaught of BS. But actual conventional wisdom and even common sense will tell you that hiding something by definition makes it more secure, ask any common man who hasn't been "enlightened" by these new age theories, LOL.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.