I’ve already said before (Certificate-based SSL Documentum 7.1 with xCP 2.1) that EMC (any company for this matter) should be more careful when releasing products with the comments left in files and/or the scripts done for Windows environments that doesn’t work on *nix even if they are supposed to. This doesn’t break anything, but it really does look bad. Well, here we go again:

If you’re using Webtop 6.8 (by the way, this is still not fixed: sortablelistbox bug) you’d probably noticed the ESAPI messages thrown in your application server log when webtop is deployed OOTB or following the deployment guide:

Attempting to load ESAPI.properties via file I/O.
Attempting to load ESAPI.properties as resource file via file I/O.
Not found in ‘org.owasp.esapi.resources’ directory or file not readable: C:\blablablablablablabla\Tomcat v7.0 Server at localhost-config\ESAPI.properties
Not found in SystemResource Directory/resourceDirectory: .esapi\ESAPI.properties
Not found in ‘user.home’ (C:\Users\blablablablablablabla) directory: C:\Users\blablablablablablabla\esapi\ESAPI.properties
Loading ESAPI.properties via file I/O failed. Exception was: java.io.FileNotFoundException
Attempting to load ESAPI.properties via the classpath.
SUCCESSFULLY LOADED ESAPI.properties via the CLASSPATH from ‘/ (root)’ using current thread context class loader!
Attempting to load validation.properties via file I/O.
Attempting to load validation.properties as resource file via file I/O.
Not found in ‘org.owasp.esapi.resources’ directory or file not readable: C:\blablablablablablabla\Tomcat v7.0 Server at localhost-config\validation.properties
Not found in SystemResource Directory/resourceDirectory: .esapi\validation.properties
Not found in ‘user.home’ (C:\Users\blablablablablablabla) directory: C:\Users\blablablablablablabla\esapi\validation.properties
Loading validation.properties via file I/O failed.
Attempting to load validation.properties via the classpath.
SUCCESSFULLY LOADED validation.properties via the CLASSPATH from ‘/ (root)’ using current thread context class loader!

So I decided to investigate this to see if it can be removed. Long story sort:

You can add “-Dorg.owasp.esapi.resources=”C:\blablabla\webtop\WEB-INF\classes” to the JVM parameters to reduce the messages thrown to:

Attempting to load ESAPI.properties via file I/O.
Attempting to load ESAPI.properties as resource file via file I/O.
Found in ‘org.owasp.esapi.resources’ directory: C:\blablabla\webtop\WEB-INF\classes\ESAPI.properties
Loaded ‘ESAPI.properties’ properties file
Attempting to load validation.properties via file I/O.
Attempting to load validation.properties as resource file via file I/O.
Found in ‘org.owasp.esapi.resources’ directory: C:\blablabla\webtop\WEB-INF\classes\validation.properties
Loaded ‘validation.properties’ properties file

but you can’t get rid of the messages as those are thrown with System.out.println (ouch)

However, this “investigation” led me to webtop/WEB-INF/classes/ESAPI.properties. This file is the ESAPI configuration file where we can find some funny/sad comments:

# Default file upload location (remember to escape backslashes with \\)
HttpUtilities.UploadDir=C:\\ESAPI\\testUpload
# let this default to java.io.tmpdir for testing
#HttpUtilities.UploadTempDir=C:\\temp

Yes, let’s default this to java.io.tmpdir… in next version maybe…

# ESAPI Executor
# CHECKME – Not sure what this is used for, but surely it should be made OS independent.
Executor.WorkingDirectory=C:\\Windows\\Temp
Executor.ApprovedExecutables=C:\\Windows\\System32\\cmd.exe,C:\\Windows\\System32\\runas.exe

Umm, not sure what it is used for? Let’s check the original bundled ESAPI.properties:

# ESAPI Executor
# CHECKME – This should be made OS independent. Don’t use unsafe defaults.
# # Examples only — do NOT blindly copy!
# For Windows:
# Executor.WorkingDirectory=C:\\Windows\\Temp
# Executor.ApprovedExecutables=C:\\Windows\\System32\\cmd.exe,C:\\Windows\\System32\\runas.exe
# For *nux, MacOS:
# Executor.WorkingDirectory=/tmp
# Executor.ApprovedExecutables=/bin/bash
Executor.WorkingDirectory=
Executor.ApprovedExecutables=

Well, we still don’t know what this is used for but remember, do NOT blindly copy!

This week EMC announced the 2015 EMC Elect program and I’ve been lucky enough to make it to the final step.

Even in the “small” Documentum, sorry, IIG, I mean ECD world, where we (mostly) know each other, it’s always nice to be publicly recognized. Taking into account the numbers involved (450 nominations, 200 finalists and 102 “winners”) it’s makes anyone feel thrilled and honored considering the “competition”

So thanks everyone in charge of the program (I guess Mark Browne and Sean Thulin are the main faces of the program) and everyone that had to judge the nominees (more info here: Journey to EMC Elect 2015 (with Bonus Number-Crunching) | GeekFluent)

I’m looking forward to seeing how the EMC Elect program evolves this year

Let’s see:

• 2014 will be the year of Big Data and the Cloud. By the end of 2014 everyone will be sure that 2015 will be the year of Big Data and the Cloud.

I consider this a yes

• At least one big cloud provider will make the news for some epic fail (interruption of service, data loss, data theft or something similar…) that will seriously hit the credibility of cloud providers (for at least a week )

I’ll take the “celebgate” as a cloud provider issue

• PanfilovAB will found more vulnerabilites in Documentum (if EMC releases a major version of the Documentum family, the number of bugs found increased, as he will check if the old bugs he discovered are still present… and of course those will be there ).

This was an easy one

• 2014 will be the year of D2 and xCP 2.x. By the end of 2014 most people will be thinking that D2 is going to be as successful as CenterStage and that xCP2 is as bad as xCP1 but “nicer”

Next year will be the year of D2 (if they match the funcionality provided by 3.1) and xCP 2.2

• EMC will release a mobile app for the community. Only for iOS. Android version “coming soon”.

Still waiting

• Java will lose market share to .NET/Silverlight/Adobe Flash. Oracle will release either Java 7u680 or Java 25 before the end of the year, breaking every single applet/program made with earlier versions in the way. Hopefully Oracle will also bury Oracle UCM deep in the ground.

Sadly no

• Apple will release iOS 8, forcing every app to be iOS 8 compliant. They’ll release the iPhone 5 in colors you don’t even know existed.

I’d never expected Apple to release a “bendable” phone, that’s for sure

• Microsoft will release another SP for windows 8 that will bring back the menu bar/start menu. Windows 9 will be announced with a return to windows 3.1 window’s style as main feature.

Close enough with the return of the start menu, and windows 9 10…

• Real Madrid will won the champions league
• and Spain will lose the world basketball championship against the USA (damn frenchies!!! we didn’t even get to hte finals )

 

 

I always wanted to do a year predictions, so here we go with my (most likely wrong) predictions:

• 2014 will be the year of Big Data and the Cloud. By the end of 2014 everyone will be sure that 2015 will be the year of Big Data and the Cloud.

• At least one big cloud provider will make the news for some epic fail (interruption of service, data loss, data theft or something similar…) that will seriously hit the credibility of cloud providers (for at least a week)

• PanfilovAB will found more vulnerabilites in Documentum (if EMC releases a major version of the Documentum family, the number of bugs found increased, as he will check if the old bugs he discovered are still present… and of course those will be there).

• 2014 will be the year of D2 and xCP 2.x. By the end of 2014 most people will be thinking that D2 is going to be as successful as CenterStage and that xCP2 is as bad as xCP1 but “nicer”

• EMC will release a mobile app for the community. Only for iOS. Android version “coming soon”.

• Java will lose market share to .NET/Silverlight/Adobe Flash. Oracle will release either Java 7u680 or Java 25 before the end of the year, breaking every single applet/program made with earlier versions in the way. Hopefully Oracle will also bury Oracle UCM deep in the ground.

• Apple will release iOS 8, forcing every app to be iOS 8 compliant. They’ll release the iPhone 5 in colors you don’t even know existed.

• Microsoft will release another SP for windows 8 that will bring back the menu bar/start menu. Windows 9 will be announced with a return to windows 3.1 window’s style as main feature.

• Real Madrid will won the champions league and Spain will lose the world basketball championship against the USA