Another piece of nonsense from EMC

Sometimes I do think that EMC specially hires people who unable to read and understand what they read. If you take a look at any EMC’s vacancy you will find something like:

Actually, I do want to believe that “Equal Employment Opportunity employer” relates only to sex, raсe and religion and irrelevant to mental disorders, but facts sow doubt in me.

Today EMC have published two funny articles.

The JSP specification requires that an attribute is preceded by whitespace:

Strange, EMC developers does not follow JSP specification, but Apache Tomcat is to blame because it does allow to relax specification checks. Moreover, I can’t understand how disabling HttpOnly cookies affects JSP specification – it seems that I have mental disorder :). Actually, HttpOnly cookies is a cool security feature which mitigates a lot of XSS attacks, so, why do not change behavior of UCF applet and make customers safer?

Another article:

is more strange because it suggests the opposite to what the administrator really needs to do:

6 thoughts on “Another piece of nonsense from EMC

  1. “…why do not change behavior of UCF applet and make customers safer? …”

    You are asking too much. Documentum engineering is too busy to create new bugs in new versions. Or, I guess, you are may be right about mental disorders….


  2. Hi Greg,

    I always appreciate comments from EMC employees, because those comments are inexhaustible source of wisdom and competence, however you are definitely wrong here: “http-only cookies” feature is available in Weblogic since 10.3.1 (July 2009) and Tomcat since 6.0.20 (June 2009), and enabled by default since Weblogic 10.3.5 (May 2011) and Tomcat 7 (June 2010), and I can’t believe that 4 years were not enough to synchronize behavior of UCF with security best practices.


  3. Hi Andrey,

    You missed my point. It was sarcasm. Of course they did not fix it, and even, not intended to fix it. As I said, they are busy to generate new bugs. So why engineering shelled bother to fix old bugs. For exaple, recently i tried to install process builder on 6.7 patch 25. Installation failed, so EMC support suggested to open days.jar and install bpm.dar and TCMproject.dar manually. 6.7 is out for the last 5+ years and so? Engineering do not care. Let’s create new version and new bugs. And let’s do not talk about xCP2. EMC even prolong support of xCP 1.6 for another 2 years.


  4. Pingback: Security through guessing | Documentum in a (nuts)HELL
  5. Pingback: Tomcat 8 vs webtop | Documentum in a (nuts)HELL
  6. Pingback: To sell or not to sell… | Documentum in a (nuts)HELL

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s