What Are We Still Doing Wrong

2,352 views
2,231 views

Published on

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
2,352
On SlideShare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
35
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

What Are We Still Doing Wrong

  1. 1. What are we still doing wrong? Thomas Kyte http://asktom.oracle.com/
  2. 2. Who am I <ul><li>Been with Oracle since 1993 </li></ul><ul><li>User of Oracle since 1987 </li></ul><ul><li>The “Tom” behind AskTom in Oracle Magazine </li></ul><ul><ul><li>www.oracle.com/oramag </li></ul></ul><ul><li>Expert Oracle Database Architecture </li></ul><ul><li>Effective Oracle by Design </li></ul><ul><li>Expert One on One Oracle </li></ul><ul><li>Beginning Oracle </li></ul>
  3. 3. <ul><li>“ We do many things correctly. However, we data processing professionals ( please don’t be insulted by that ) still do many things incorrectly. Let’s look at a couple of examples.” </li></ul>What I’ll be Saying today
  4. 4. Underestimating Complexity
  5. 5. Nothing is as simple as it seems - http://i.thefairest.info/funniest_thumbs/TrUf6c.jpeg Eischer
  6. 6. http://www.contrast.ie/blog/there-are-no-small-changes/
  7. 7. Small Change <ul><li>We want to limit the length of a review in our application to 140 characters (SMS like) </li></ul><ul><li>Easy, Trivial change. </li></ul><ul><li>Business demands it. </li></ul><ul><li>It’ll take what – 30 seconds? </li></ul><ul><ul><li>Just find a code snippet on that there interweb thingy and plop it in </li></ul></ul><ul><ul><li>Don’t need to design this, this is way too small of a change to even think about – it’ll literally take 30 seconds to implement </li></ul></ul>http://www.contrast.ie/blog/there-are-no-small-changes/
  8. 8. Small Change – but think about it… <ul><li>What happens when exceed 140 characters </li></ul><ul><ul><li>What happens to existing data? </li></ul></ul><ul><ul><li>What happens to existing interface? </li></ul></ul><ul><ul><ul><li>Do you silently truncate? </li></ul></ul></ul><ul><ul><ul><li>Do you display an error message? </li></ul></ul></ul><ul><ul><ul><ul><li>Is error message modeless? </li></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>Is error message even in another window, or just on status? </li></ul></ul></ul></ul></ul><ul><ul><ul><ul><li>Is error message modal? </li></ul></ul></ul></ul><ul><ul><ul><ul><li>What is the explanation given to the user? (one that they’ll comprehend and believe to be true) </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Who will write that message? </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Do we know what the error message style is? </li></ul></ul></ul></ul>http://www.contrast.ie/blog/there-are-no-small-changes/
  9. 9. Small Change – but think about it… <ul><li>We don’t want to round trip to server </li></ul><ul><ul><li>Bad end user experience </li></ul></ul><ul><ul><li>Not scalable </li></ul></ul><ul><li>Hence client side validation </li></ul><ul><ul><li>But database still must enforce this </li></ul></ul><ul><ul><ul><li>Why? (Tools -> Options -> Content -> Enable Javascript) </li></ul></ul></ul><ul><ul><ul><li>Again, existing data?? </li></ul></ul></ul><ul><ul><li>Who is going to code this javascript? </li></ul></ul><ul><ul><ul><li>What browsers do we support (or not) </li></ul></ul></ul>http://www.contrast.ie/blog/there-are-no-small-changes/
  10. 10. Small Change – but think about it… <ul><li>What about usability? </li></ul><ul><ul><li>I guess we need a character counter, it would be rude otherwise </li></ul></ul><ul><ul><ul><li>Counter should probably look different near zero characters than it does near 140 characters </li></ul></ul></ul><ul><ul><ul><li>If you just “find one on the interweb” – who </li></ul></ul></ul><ul><ul><ul><ul><li>Does the testing to ensure it works everywhere </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Verifies isn’t infected in some way, it happens </li></ul></ul></ul></ul><ul><ul><li>Do you just stop accepting characters at 140? </li></ul></ul><ul><ul><ul><li>If not, what do you do to make it obvious that something will get chopped </li></ul></ul></ul><ul><ul><ul><li>What about cut and paste? </li></ul></ul></ul><ul><ul><li>How do we display existing data?? </li></ul></ul>http://www.contrast.ie/blog/there-are-no-small-changes/
  11. 11. <ul><li>How do you explain to the end users why their input is limited to 140 characters but the other reviews are the size of War and Peace? </li></ul><ul><ul><li>Existing data! </li></ul></ul><ul><li>What about the implied restriction that wasn’t specified </li></ul><ul><ul><li>We want to limit the length of a review in our application to 140 characters (SMS like) </li></ul></ul><ul><ul><li>What is the implied restriction?? </li></ul></ul>Small Change – but think about it… http://www.contrast.ie/blog/there-are-no-small-changes/ SMS disallows many characters, now what???
  12. 12. <ul><li>“ This is why as a UX designer you need a good understanding of what it takes to implement a feature before you nod your head and write another bullet point.” </li></ul>Quote from article It was very good, but They missed a lot because – they are the UX designer…
  13. 13. http://www.joelonsoftware.com/articles/NothingIsSimple.html
  14. 14. Think about it… <ul><li>There is more than one way to do something </li></ul><ul><ul><li>Can you put the Windows standard file open dialog into a wizard? (yes, but it is hard) </li></ul></ul><ul><ul><li>Can you rethink your approach instead? </li></ul></ul><ul><ul><ul><li>Yes, remove the wizard! </li></ul></ul></ul>http://www.joelonsoftware.com/articles/NothingIsSimple.html
  15. 15. <ul><li>“ Do not ask (yourself or others) how to physically implement something in a specific way (first specification). Rather – ask ‘how do I achieve this goal ’. </li></ul><ul><li>Perhaps my largest frustration on asktom are the questions that demand a specific solution – rather than the best, easiest, most performant, scalable, whatever solution” </li></ul>I say
  16. 16. Not knowing how to ask for help
  17. 17. http://blogs.msdn.com/oldnewthing/archive/2009/08/04/9856634.aspx
  18. 19. Think about it… <ul><li>Think it all of the way through </li></ul><ul><li>Be very specific </li></ul><ul><ul><li>Supply everything you think it relevant </li></ul></ul><ul><ul><li>But if something isn’t relevant, hold it back </li></ul></ul><ul><li>Whittle your example down to the smallest possible case </li></ul><ul><li>Phrase the problem as if you were explaining it to your mom </li></ul><ul><ul><li>Because we on the outside have as much inside information as she does </li></ul></ul><ul><li>Think long and hard about the ‘edges’ </li></ul><ul><li>Think long and hard about the implied constraints (we want to limit to 140 characters for SMS, therefore…) </li></ul>
  19. 20. We write/generate Way too much code
  20. 21. Think about it… <ul><li>More code = More bugs, this epitomizes ‘more code’ </li></ul><ul><li>So does this </li></ul><ul><li>We love writing cool code </li></ul><ul><li>You can reduce a million lines of code to a single statement, if you know how … </li></ul>
  21. 22. <ul><li>“ To be a good SQL developer, you should be able to imagine the query in terms of sets and in terms of algorithms at the same time. </li></ul><ul><li>It’s not enough to come up with a set operation that yields correct results. It will be inefficient. </li></ul><ul><li>It’s not enough to come up with a good algorithm that transforms your set as you need and try to force-feed it to the server using procedural approach. The servers are not good at that. </li></ul><ul><li>What you need to do is to formulate your query so that the optimizer chooses exactly the algorithm you need. And to do this, you should know both the algorithm and the set operations. You need to doublethink. </li></ul><ul><li>This is not always an easy task to do. But it definitely deserves learning. </li></ul><ul><li>And only if you learn it you will be able to harness all the power of SQL .” </li></ul>Quassnoi
  22. 23. We pretend Everything will be alright
  23. 24. That is… We are in denial
  24. 25. http://demonoid.com/ - still down, was 2 nd largest – Alexa top 500
  25. 26. Think about it… <ul><li>Errors happen – deal with it </li></ul><ul><ul><li>Error codes were unclear, confusing and too technical </li></ul></ul><ul><ul><li>said the system repeatedly failed to accurately track student attendance. &quot;You would have a kid that had 20 unexcused tardies, and that would show up as zero,“ </li></ul></ul><ul><ul><li>&quot;Many people were getting the wrong work-habits grades.” </li></ul></ul><ul><ul><li>mistakes on report cards </li></ul></ul><ul><ul><li>duplicated student records </li></ul></ul>http://www.washingtonpost.com/wp-dyn/content/article/2009/09/04/AR2009090402302.html?wprss=rss_metro/md
  26. 27. Think about it… <ul><li>Unknown errors not only can happen – they will happen </li></ul><ul><li>And we should not catch them </li></ul><ul><ul><li>If you do, you should log them, and throw/raise/ “ your languages terminology goes here” them again </li></ul></ul><ul><li>When others then null – the “logic” escapes me, entirely. </li></ul>
  27. 28. http://www.hans-eric.com/2009/09/03/tools-of-the-effective-developer-error-handling-infrastructure/
  28. 29. Think about it… <ul><li>Quote “there are several problems with the error handling code above, some more severe than others” </li></ul><ul><ul><li>Inconsistency, every developer will “do it themselves” </li></ul></ul><ul><ul><li>Information loss </li></ul></ul><ul><ul><ul><li>About the error itself </li></ul></ul></ul><ul><ul><ul><li>To the data in the application (probably) </li></ul></ul></ul><ul><ul><ul><li>And the caller doesn’t know and probably destroys more data </li></ul></ul></ul><ul><ul><li>Automation un-friendly </li></ul></ul><ul><li>Quote “Implement a strategy for handling errors at the earliest possible time” </li></ul><ul><li>(just like archiving should be done…) </li></ul>http://www.hans-eric.com/2009/09/03/tools-of-the-effective-developer-error-handling-infrastructure/
  29. 30. http://gen5.info/q/2008/07/31/stop-catching-exceptions/
  30. 31. Think about it… <ul><li>Quote “Where should you catch exceptions?” </li></ul><ul><ul><li>At high levels of your code, you should wrap units of work in a try-catch block. A unit of work is something that makes sense to either give up on or retry. </li></ul></ul><ul><li>What should you do when you’ve caught one? </li></ul><ul><ul><li>What do tell the end user? </li></ul></ul><ul><ul><li>What do you tell the developer? </li></ul></ul><ul><ul><li>What do you tell the sysadmin? </li></ul></ul><ul><ul><li>Will the error clear if up if we try to repeat this unit of work again? </li></ul></ul><ul><ul><li>How long would we need to wait? </li></ul></ul><ul><ul><li>Could we do something else instead? </li></ul></ul><ul><ul><li>Did the error happen because the state of the application is corrupted? </li></ul></ul><ul><ul><li>Did the error cause the state of the application to get corrupted? </li></ul></ul>http://gen5.info/q/2008/07/31/stop-catching-exceptions/
  31. 32. http://dobbscodetalk.com/index.php?option=com_content&task=view&id=698&Itemid=
  32. 33. Think about it… <ul><li>Quote “The arguments in favor of removing them were along the lines of” </li></ul><ul><ul><li>The production code will run faster. </li></ul></ul><ul><ul><li>Professionally written production code is bug free, so there is no need for asserts. </li></ul></ul><ul><ul><li>An assert firing causes the program to abort, which may not be permissible, may cause data loss, and looks unprofessional to the customer. </li></ul></ul><ul><ul><li>The data being checked may not matter anyway, so why check it? </li></ul></ul><ul><li>Let’s talk about that </li></ul>http://dobbscodetalk.com/index.php?option=com_content&task=view&id=698&Itemid=
  33. 34. Security Matters
  34. 35. Security <ul><li>Oracle is very secure </li></ul><ul><li>Therefore, we don’t need to be, it just happens </li></ul><ul><li>Besides, it is not as important as having pretty screens after all. </li></ul><ul><li>And if we add it later, </li></ul><ul><ul><li>I’m sure it’ll be non-intrusive </li></ul></ul><ul><ul><li>And very performant </li></ul></ul><ul><ul><li>And easy to do </li></ul></ul>
  35. 36. http://news.bbc.co.uk/2/hi/business/8206305.stm
  36. 37. Think about it… <ul><li>Quote: “ Mr Gonzalez used a technique known as an &quot;SQL injection attack&quot; to access the databases and steal information, the US Department of Justice (DoJ) said .” </li></ul><ul><li>Quote: Edward Wilding, a fraud investigator, told the BBC that this method was &quot;a pretty standard way&quot; for fraudsters to try to access personal data. He added that this case probably &quot;involved extremely well researched, especially configured codes, not standard attack codes downloaded from the internet &quot;. </li></ul><ul><li>It is clear from the article that the fraud investigator does not know what SQL Injection is </li></ul><ul><li>Unfortunately – the same is true for many developers </li></ul><ul><li>SQL Injection is insidious </li></ul>http://news.bbc.co.uk/2/hi/business/8206305.stm
  37. 38. http://www.takefreetime.com/2009/09/mass-infection-turns-more-than-57000.html
  38. 39. Think about it… <ul><li>Quote: “ SQL injection attacks exploit weaknesses in web applications that fail to adequately scrutinize text that users enter into search boxes and other web fields. The attacks have the effect of passing powerful commands to the website’s back-end database .” </li></ul><ul><li>At least they get the concept correct! </li></ul><ul><li>Remember my example with “let’s grab some javascript from the interweb and just include it”? </li></ul><ul><ul><li>Just a little bit dangerous </li></ul></ul><ul><ul><li>More dangerous than this particular SQL Injection attack! </li></ul></ul>http://www.takefreetime.com/2009/09/mass-infection-turns-more-than-57000.html
  39. 40. Security Matters Apparently, it won’t get better in the future
  40. 41. http://ha.ckers.org/blog/20090918/what-star-trek-predicts-about-the-future-of-information-security/
  41. 42. Think about it… <ul><li>The following are some quotes from the ‘article’ </li></ul><ul><li>They are not only funny </li></ul><ul><ul><li>They are true </li></ul></ul><ul><li>Do go read the entire article – insightful </li></ul><ul><li>An example with Star Trek I’ve used in the past (having nothing to do with security) is about distributed databases… </li></ul>http://ha.ckers.org/blog/20090918/what-star-trek-predicts-about-the-future-of-information-security/
  42. 43. Think about it… <ul><li>Physical security will always be a problem </li></ul><ul><ul><li>How many times have we seen people open up random access panels on the Enterprise and start pulling out chips when something goes awry or just start swapping them out right and left? Crawling through tubes to get past obstacles and the like… all point to the fact that even the most sophisticated military war machine of the future won’t stop some teen aged acting ensign in engineering from taking over control of the whole ship in about 35 seconds. </li></ul></ul>http://ha.ckers.org/blog/20090918/what-star-trek-predicts-about-the-future-of-information-security/
  43. 44. Think about it… <ul><li>PCI doesn’t stop hackers, now or ever </li></ul><ul><ul><li>They don’t use money in the future. Probably because consumers are so sick of having their credit cards stolen is my guess. I’m also guessing based on how many holes still exist; SQL injection still exists even hundreds of years in the future . So currency, and therefore the payment industry had to go. Even Quark trades in gold-pressed latinum - you don’t see the Ferengi taking plastic. </li></ul></ul>http://ha.ckers.org/blog/20090918/what-star-trek-predicts-about-the-future-of-information-security/
  44. 45. Think about it… <ul><li>Organizations will always ignore single points of failure, even after it bites them </li></ul><ul><ul><li>I can’t even tell you how many times the Enterprise has managed to damage the one and only di-lithium crystal that they have on the whole ship. They know they can’t whip up a new one with the replicators but they still don’t carry even one spare. Then they end up being stranded or having to use the sensor array to catch radiation from some exploding sun or some other retarded plan that always manages to work out exactly perfectly, but always necessitates near death experiences in the process. Why, for all that’s holy, wouldn’t you just bite the bullet and pay to have two on board? </li></ul></ul>http://ha.ckers.org/blog/20090918/what-star-trek-predicts-about-the-future-of-information-security/
  45. 46. Think about it… <ul><li>Virtualization security is an oxymoron - even in the distant future </li></ul><ul><ul><li>I mean, really, how many times has the whole damned ship been taken over by some overzealous holodeck character? Whoever wrote the holodeck hypervisor really needs to be put in a room with Warf for a few hours so he can explain with his batleth what the need for true physical and logical isolation is. Why some Sherlock Holmes character should have access to main memory, I’ll never know. Too bad we aren’t smart enough in the distant future to think about hardware isolation instead of relying exclusively on dangerously faulty software. </li></ul></ul>http://ha.ckers.org/blog/20090918/what-star-trek-predicts-about-the-future-of-information-security/
  46. 47. Think about it… <ul><li>The iterative development model will be proven bad for security and quality exactly 1,000,000 times but will still be used in production anyway </li></ul><ul><ul><li>How many times have we seen engineering making changes to the warp core while they are 200 light years from any star base or any other craft for that matter? And how many times has that gone smoothly again? No, it’s a bad idea now, and it will always be a bad idea. But then again, maybe you shouldn’t worry so much about keeping your data and integrity intact… it always manages to get fixed in an hour or so anyway, right? </li></ul></ul>http://ha.ckers.org/blog/20090918/what-star-trek-predicts-about-the-future-of-information-security/
  47. 48. A word on Best Practices
  48. 49. <Insert Picture Here> Best Practices defined – Consensus of expert opinions, based on actual customer experiences in practice. Lessons learned. Proven practices associated with a particular usage profile. Baseline configuration rules - prerequisite to tuning. Sounds all good…
  49. 50. <Insert Picture Here> Best Practices – It is easy with Best Practices to forget that once a practice has been branded as &quot;Best&quot;, that it may represent certain tradeoffs and may involve noteworthy downside potential . It is also easy to forget the context for which any given practice was promoted as &quot;Best&quot;, and therefore apply it in some inappropriate context. - Bob Sneed, Sun Microsystems
  50. 51. Bryn Llewellyn on Best Practices <ul><li>Has chosen the right parents. </li></ul>Prescribing best practice principles for programming any 3GL is phenomenally difficult. One of the hardest challenges is the safety of the assumption that the reader starts out with these qualities <ul><li>Has natural common sense coupled with well-developed verbal reasoning skills. </li></ul><ul><li>Has an ability to visualize mechanical systems. </li></ul><ul><li>Requires excellence from self and others. </li></ul><ul><li>Has first class negotiating skills. (Good code takes longer to write and test than bad code; managers want code delivered in aggressive timeframes.) </li></ul><ul><li>Has received a first class education. </li></ul><ul><li>Can write excellent technical prose. (How else can you write the requirements for your code, write the test specifications, and discuss problems that arise along the way?) </li></ul><ul><li>Has easy access to one or several excellent mentors... </li></ul><ul><li>Knows Oracle Database inside out. </li></ul><ul><li>Knows PL/SQL inside out. </li></ul>
  51. 52. Bryn Llewellyn on Best Practices 15:45-16:45 Sunday S311456 – Online Application Upgrade Hilton Hotel Imperial Ballroom B Highly Recommended: This (edition-based redefinition) is the killer feature of Oracle Database 11g Release 2 - Tom Kyte
  52. 53. In Conclusion
  53. 54. <Insert Picture Here> Always Question Everything – in a non-annoying way of course! Take your time, really (never time to do it right, always time to do it over?) Question Authority…
  54. 55. What are we still doing wrong? Thomas Kyte http://asktom.oracle.com/

×