Posted on

Portugal publishes open standards catalog. ODF, PDF and several other standards are mandatory.

The Portuguese Government has published the National Digital Interoperability Regulation [2], which defines the list of open standards to be adopted in the Portuguese public administration. This framework brings to life the existing Law of Open Standards [1]. It is part of the larger ICT reform program that aims to save 500M EUR/year while providing stimulus to the local economy.

We must stress the importance of the whole open standards adoption process and declare our explicit support for the way the interoperability regulation was designed. On one hand, there is some pragmatism to be noticed: the list of open standards is relatively short with priority given to functions where interoperability problems are a large concern. On the other hand, pragmatism didn’t mean lost of insight: there is no more than one open standard per functional category. This is something ESOP has always defended, as a measure to prevent incompatibilities that could bring the adoption process to a failure.

Choices have been made and ODF is the chosen open standard for editable documents. We think this is appropriate since ODF is implemented by several different vendors, in both open source and proprietary applications, across multiple operating systems. As a truly open standard, it can be implemented by any vendor that wishes to do so. This is a choice that will save money and avoid vendor lock in.

Other standards for formats and protocols include PDF, XML, XMPP, IMAP, SMTP, CALDAV and LDAP.

ESOP

Portugal Government actually has a sane decision.

Untill now every time i installed Libre/Open-Office on someone’s computer i set it up using .dox and .xls as standard save file formats. Not anymore. It’s about time the world get used to using open standards, and it’s about time most people install some free version of standards compliant officesuite on their computers if their MS Office is not ODF compliant. (( To be fair i think ODF has been supported in MS Office since Office 2007 but i’m not sure to which degree and not sure if it’s not an optional download from MS website. ))

Posted on

Hotmail: Your password was too long, so we fixed it for you

My previous password has been around 30 chars in size and now, it doesn’t work anymore. However, I could login by typing just the first 16 chars.

This limitation is well known (see Graham Cluley’s excellent post on the password limits of various services) however, what caught my attention was that by cutting the password to 16 chars, it would work.

To pull this trick with older passwords, Microsoft had two choices:

* store full plaintext passwords in their db; compare the first 16 chars only * calculate the hash only on the first 16; ignore the rest

Storing plaintext passwords for online services is a definite no-no in security. The other choice could mean that since its inception, Hotmail was silently using only the first 16 chars of the password.

To be honest, I’m not sure which one is worse.

Securelist

Microsoft: Screwing up security and best-practices since, basically, ever!

I assume there’s nothing wrong with the water up there in Redmond, so why do MS keeps doing this kind of stupid things and just not giving an jota about security? Or Standards? Or just good engineering?

Another good example is this one:

@bphogan: Example of NIH: Microsoft PowerShell: “New-item foo.txt -type file” instead of ” touch foo.txt”

Microsoft could just have implemented some sort of POSIX compliant shell (( bash, zshell, and endless others )) all freely available, all standards compliant and all widely used in every other OS in the world. Instead they have to go and reinvent the wheel and do some half-baked effort, that probably is way more limited, way more insecure and always halfway but never there.

Update: To answer the original poster, apparently is the last one, MS has always only stored the first 16 characters of your password and simply ignored all the remaining ones.

Posted on

MSN Messenger finally open

” Today we’re taking another step, with the public availability of access to the Messenger network via XMPP, an open standard. This means that anyone can build innovative messaging clients—either stand-alone or built into their devices—that include access to Messenger’s 300 million active users.”

Anyone can build a Messenger client—with open standards access via XMPP

Years later, Microsoft finally joins the standard protocol that everyone uses, allowing us users to finally use ichat to talk in the MSN network and probably improving the reversed engineered library that Adium and others use.

However, in typical Microsoft fashion, while they appear to join a standard they do it in a non-standard way… And now the login parts appears to use some OAuth magic (of which i’m not qualified to talk about) instead of the standard protocols than everyone else already uses.

So, no need to go running to your ichat program, Apple still needs to update it for using the standard protocol XMPP with MSN (which iChat already supports…)

Ah Microsoft. Somedays i have true faith in you. And then you go and just spoil it all again…