EclipseCon: Day Three

Keynote was again fantastic. Hugh Thompson talking about security and such. Fuzz testing. Negative requirements (e.g. users should only be able to login with u/p: positive requirement. No one can access the database except through logging in: negative requirement). Chatted with the Paramesus guys as well as the gentleman from Knopflerfish. Went to the talk on “OSGi: the good, the bad and the ugly” by BEA guys. Man, they’ve done a lot of work and I’m pretty jealous. They don’t seem to think that OSGi needs “distribution services” either. Good to see. Also, they hate – hate, I say – the whole evil of 277. Good. May 277 rot on the vine.
It was interesting to hear them talk about their experiences developing with OSGi. It’s quite the common refrain: “I thought I wrote modular code until I started working in OSGi”. And it’s going to become even more common to hear this. Sadly, it’s going to be one of the barriers to entry into OSGi: i.e. it’s never a good business strategy (as I found out in the past) to force developers to understand their code. I’m looking into tools like Lattix, which seems quite promising in being able to help you understand and figure out your modularity and layering in your architecture. Something very, very, important in OSGi and if it takes off like we all think, something that a lot more people will be paying attention too.
Which is a really good thing, when you think about it. I really despair at times for all the talk by people who constantly complain about having to do actual work to make use of something. I mean, we need to keep raising the bar – it’s the only way we’re going to make things better. Dumb people produce dumb code and dumb code is dangerous, insecure and something that should be eliminated. It won’t be eliminated by better IDEs, team development environments, SCRUM or the religion of Agile. It simply comes down to better people producing better code and leaning from their mistakes in a virtuous cycle. </rant>

Leave a Reply