> What you say makes perfect sense. However, I doubt that> software development and maintenance is a core process of> many non-programming companies, other than NASA running> astrophysics simulations or banks running financial> simulations.But you are just repeating what I am arguing against. Where is the proof that 'non-core' processes (which...

> "What you say makes perfect sense. However, I doubt that> software development and maintenance is a core process of> many non-programming companies, other than NASA running> astrophysics simulations or banks running financial> simulations."> > I took what James said very differently. It seemed to me> he was saying that a finance company, for...

> You're a little more optimistic than I am James. My> experience is that the third-party vendor mentality is> driven by the comfort level of the CIO with software> development. My own CIO has a background in industrial> relations and absolutely no technical background. Needless> to say he wants nothing to do with software development.> My...

> all functions of a business that aren't (arbitrarily)> labeled 'non-core'That should be 'are labeled'.

> In order for such a model to work, a company would need to> provide hosting services, business and management> consultancy and development services all in one package. I> don't know of any company doing this type of business.I'm not sure about all of that. The business would only need to provide the services it needs for itself. Why would it...

> Dynamic Languages: Creativity> Programmers want more than anything to create. Give them> more power to create, and they will be more creative. On> the other hand, teach them that programming is all about> boundaries, and they will look for boundaries. Is it any> wonder that programmers who only learn Java in college> want to know what the...

> > In any event, if it's up to the user to specify the> > limits, what makes this approach better than any of the> > other ways data can be validated?> > This was just my response to someone's previous post about> having language construct to specify a value range, and> they gave an example from Pascal and Ada. So, i'm saying> that it's better...

> > So if I'm writing a library and I don't know what the> > range is for your needs, what do I put in there instead> of> > "r(10,20)"?> > The user of your library will specify what range they> need, not you, the library designer; you would just create> the range class with the necessary member functions.So I need to expose implementation...

> > I actually think that putting data validation in code is> a> > bad solution for a lot of problems. For one, it makes> > code a lot harder to make reusable. The valid range> for> > your application may not be the same as it is for my> > application. How would library and framework> developers> > deal with that? They'd have to allow the...

> How about using a user-defined type (class) to specify an> integer range, including all the security checks and> whatever else we might want to define for some specific> purpose? Doesn't that make more sense than a built-in> integer range construct?I don't know that it makes more sense. It makes as much sense.The idea that just by providing...

> http://www.informit.com/articles/article.aspx?p=1322398> > Summary:> 3. Vulnerability lists help auditors more than developers.That article basically says the same thing over and over. I agree but that doesn't mean these lists don't have value. If the implication is that we must have bug lists without other education or there must be no bug...

> I've never done EJBs--thankfully managed to avoid> that--but I did get turned down by a lot of recruiters> because of it. They seemed to think that because I hadn't> done EJBs I hadn't done enterprise Java, when nothing> could be further from the truth.It's funny too that I've known people who have plenty of experience working with EJBs but...

> The losses that resulted from having EJBs foisted upon> us has been estimated in the billions> > I'm no fan of EJB but do you have a source for this claim?> Nobody was forced to use EJB.I was. Not physically but I generally try to avoid insubordination.But I think Bruce means that EJB were sold as a panacea and a lot of people bought into...

> Even though this list may seem like an obvious compilation> of possible coding errors, it's easy to overlook some of> these problems.I think it's dangerous to assume that most developers recognize these practices as problems. I've found even the most well-known of these (SQL injection vulnerability) in the wild numerous times.All developers...

This interview is pertinent to the conversation:http://www.infoq.com/interviews/Agile-Skeptic-Keith-Braithwait e