Wednesday, 11 March 2009

On Being a Scapegoat

I've already blogged about the security problems caused by CDO and worse still, how CDO brought the world to its collective financial knees, but apparently the problems with modeling aren't isolated to that trouble making CDO component. Not at all! The problem seems to be a general Eclipse Modeling Framework shortcoming. It must be a fact because I just read about Microsoft's March Security Bulletin where the article makes it clear that "The problem stems from the way that the operating system parses and displays Windows Metafile- and Eclipse Modeling Framework-formatted image files." If that doesn't make your icicles shiver, nothing will!


Every community needs a scapegoat, so I say we pick on EMF. After all, if you have a really bad design, you can always blame EMF for generating it that way. Not only that, if you have really bad algorithms that perform poorly, you can always blame EMF for being bloated and slow. I've even heard that EMF isn't thread safe! Nothing distracts better than a scapegoat and EMF is really the ultimate scapegoat. If I'm reelected to the Eclipse board---you only have until Friday to vote for me---I promise to get to the bottom of this type of problem and root out the causes whomever they may be. No one will be safe from my careful scrutiny. We will reinstate public flogging to maintain order and discipline. Clearly I'm the no-nonsense candidate of choice.

11 comments:

Ian Mayo said...

Let's blame the journalist in this instance. I believe the vulnerability refers to Enhanced MetaFile (EMF) files, but the journo found the wrong acronym.

That's all.

Ian.

Ed Merks said...

Sure Ian, cloud a perfectly good witch hunt with some ugly facts. What a killjoy you are. There goes the sympathy vote too! Could we at least still advocate flogging the journalist or is that too medieval?

Ian Mayo said...

Hang'em high. Who knows how far the various international problems we face are down to lazy journalism that focusses on para-phrasing press releases versus doing any actual analysis or, god forbid, investigation of facts...

Anonymous said...

http://www.microsoft.com/technet/security/bulletin/MS09-006.mspx

"This security update resolves several privately reported vulnerabilities in the Windows kernel. The most serious vulnerability could allow remote code execution if a user viewed a specially crafted EMF or WMF image file from an affected system."

http://companionsoftware.com/Support/Resources/WindowsMetafileFAQ.aspx

"
What is an enhanced metafile (EMF file)?

An enhanced metafile is a 32-bit metafile that can be used by 32-bit versions of Windows (95, 98, Me, NT, 2000, XP and Vista) to display a picture. An enhanced metafile can contain a much broader variety of commands than a "regular" Windows metafile. Basically, the enhanced metafile format is a 32-bit super-set of the 16-bit Windows metafile format."

I hope you were joking Ed.

Ed Merks said...

Do I look like the kind of person who would joke? I'm thinking it's really partly wikipedia's fault for listing the Eclipse Modeling Framework first. Besides, even if EMF isn't to blame for this particular security problem, it still makes an excellent scapegoat.

Anonymous said...

Wikipedia? To heck with that, I'm blaming the terrorists.

Gunnar said...

Ed, is WMF a new Modelling project we don't know about?

Anonymous said...

See? Everyone knows that EMF is a common contributor in softWare of Maximum Flexibility!

Won't somebody think of the children?

varioustoxins said...

It made my day ;-) Anyway any suggestions for what WMF stands for?
Wrangler for Metamodel Formats (hey that could be Ed couldn't it? But thats a genetics project isn't it... have we convened an ethics committee?)

regards
gary (happily spiralling off into insanity)

Le ScaL said...

Sorry Ed, but the position of scapegoat is taken by p2 at least until June 209.

Ed Merks said...

Pascal, the problem with p2 as a generic scapegoat is that you can only blame it for your software not installing and hence not running. Once you have the application running, however painful that process might have been, you can't blame any subsequent problems on p2. You really need something more fundamental such that you can blame any and all runtime problems on an aspect over which you have no direct control. You want to make it clear to anyone who cares that all the problems are simply not your responsibility. The fact that you have something working at all on top of the garbage you've been forced to use is practically a miracle. This scapegoating technique a very important tool in the Teflon Programmer's arsenal.