I was going to guess that they accused the author of copying code from Office. Was AI used in the project? Perhaps a model regurgitated copyrighted code leading to a sternly worded notice from legal...?
Ooooh yeah. Looking through the author's past posts: "got a lot of skepticism because we're developing heavily with AI"
So AI was in use. Then the author says that following the spec alone wasn't enough to get it working, they got "active community feedback" and fed that feedback into the AI until it worked just like Word. I have to think that if there were ANY conditions under which a model might output code that Microsoft legal would threaten to sue you for, these would be them
I think this (if it is what happened) is a perfect demonstration of the dynamics. If you use AI to do things you couldn't have done on your own, you're copying off someone else's homework and the real risk is that you don't know who you're copying from, but they probably do.
I suspect the source code for at least some older versions of Office is absolutely in the training materials of some LLMs. There have been leaks before, and the early models were trained on the entire contents of the internet without regard to legality
I clicked through and browsed the comments and clicked links. It does appear the links are not working as described. Is there something you’re throwing and I’m not catching? :)
The relevant non functional links should be listed in the comments. The OP was complaining they were not able to include links directly. I'm not sure about [1] [2] [3] in the main post but the show hn [A] or [B] thread should afaik have not been an issue.
Ah, good call, I should have included the threads, thanks! I tried several variants of the GitHub URL and the main web site and got errors until I cut it back to what I posted and rushed out of work to have dinner with my wife.
Oh man, that’s disappointing. We implemented this in a test environment and have been hammering on it. Would love to know what’s going on as it solves a real pain point for us.
Edit (since I can’t seem to reply directly) - to the commenter suggesting LibreOffice below: quite different things. This was a library for implementing reasonably high fidelity docx viewing / editing in the browser.
what was that item from just a day or so ago where an opensource project had said they developed using AI, and a developer said "take it down, you copied it from us"
I thought of it because this project said they used AI
Also not affiliated but my open-source tinycld uses docx as the backend storage for its text package. Supports _most_ of the features (including comments and suggestions) but is still very young. It has a golang backend that reads/writes docx and translates to YJS that the editor reads for multi-user access. Has web/iOS/Android support.
I found docx to be a very well documented format and a surprisingly good fit for this.
I went looking around, but I couldn't find why you're making tinycld, and whether I could expect it to keep going as a project in the future.
I expect I could find whether you're using hardened server implementations or reimplementing, but if it's the former, you should advertise that, or if the latter, you shouldn't.
It's pretty simple: I have a small company and we're using it internally. my hope by releasing it is that the ecosystem will grow and it'll become the best way to publish web apps (ambitious I know).
I do not know what you expect by "hardened server implementations", it's open-source and people will probably host it a lot of different ways? If you're talking about the various services it offers like imap/webdav, I'm using well established golang libraries which I hope are secure but I have not performed a security audit or anything like that.
Thanks, I think you should put that up if it isn't, or at least link from About page if it is.
"If you're talking about the various services it offers like imap/webdav, I'm using well established golang libraries"
That's exactly what I'd hope to see said somewhere as a naive person. Maybe security people would say "that's only 50% of the attack surface!!!" but I'm not one so it sounds good to me.
So AI was in use. Then the author says that following the spec alone wasn't enough to get it working, they got "active community feedback" and fed that feedback into the AI until it worked just like Word. I have to think that if there were ANY conditions under which a model might output code that Microsoft legal would threaten to sue you for, these would be them
If anything it’s DOCX itself that was the vector!
Understanding DOCX Malware and Hidden Threats
https://cloudmersive.com/article/Understanding-DOCX-Malware-...
Hackers using Weaponized Office Document to Exploit Windows Search RCE
https://cybersecuritynews.com/office-document-to-exploit-win...
I would guess that they have lost access to a resource lately ... I've read there's a lot of that going around atm.
[1] https://news.ycombinator.com/threads?id=thisisjedr
[A] https://news.ycombinator.com/item?id=46947229
[B] https://news.ycombinator.com/item?id=48228411
[1] https://docx-editor.dev/
[2] https://github.com/eigenpal/docx-js-editor
[3] https://github.com/eigenpal/docx-editor
Edit for additional show hn thread
Edit (since I can’t seem to reply directly) - to the commenter suggesting LibreOffice below: quite different things. This was a library for implementing reasonably high fidelity docx viewing / editing in the browser.
I thought of it because this project said they used AI
( https://news.ycombinator.com/item?id=48085993 )
I found docx to be a very well documented format and a surprisingly good fit for this.
https://tinycld.org has a live demo
I expect I could find whether you're using hardened server implementations or reimplementing, but if it's the former, you should advertise that, or if the latter, you shouldn't.
I do not know what you expect by "hardened server implementations", it's open-source and people will probably host it a lot of different ways? If you're talking about the various services it offers like imap/webdav, I'm using well established golang libraries which I hope are secure but I have not performed a security audit or anything like that.
"If you're talking about the various services it offers like imap/webdav, I'm using well established golang libraries"
That's exactly what I'd hope to see said somewhere as a naive person. Maybe security people would say "that's only 50% of the attack surface!!!" but I'm not one so it sounds good to me.
the top comment on the show hn would seem quite apt if so https://news.ycombinator.com/item?id=46971202