Author Archives: Jeanne Boyarsky

JavaOne – Simplified and Fast Fraud Detection

Posted on by
Reply

Simplified and Fast Fraud Detection”

Speaker: Keith Laker

For more blog posts from JavaOne, see the table of contents

Live SQL

  • free online Oracle 12C database
  • Can save scripts
  • Google searchable
  • Each OTN (oracle tech network) users sees own copy of data. Sandboxed
  • Can download data as CSV

https://livesql.oracle.com/apex/livesql/file/index.html

And for this session the live sql URL

Pattern Matching

  • types – regex, sed/awk
  • in SQL – row level regex
  • new: pattern recognition in a stream or rows – aka can match across rows and columns
  • new SQL construct MATCH_RECOGNIZE – ANSII standard; not Oracle specific

Steps

  1. Bucket and order the data
    • This makes the patterns “visible”.
    • Used order by or partition by/order by so queries are deterministic (this does not require the paid Oracle partitioning feature)
  2. Define the pattern
    • Regular expression like pattern
    • Ex: PATTERN (X+ Y+ Z+) where X/Y/Z is a boolean expression. Ex: bal < PREV(bal)
    • Common qualifiers: * + ? {n} {n,} {n,m}
    • Also have extra ? for reluctant qualifiers – helps deal with what to do with overlapping matches
  3. Define measures
    • Define columns in output table
    • pattern navigation options; PREV, NEXT, FIRST, LAST
    • column
    • optional aggregates (COUNT, SUM, AVG, MAX, MIN)
    • special measures: CLASSIFIER() – which component of the pattern applied to this row and MATCH_NUMBER() – how many matches within each partition – both are good for debugging
    • Ex: MEASURES FIRST(x.tstamp) as first_x
  4. Controlling output
    • by default get a column per measure along with the partitioning column (when using one row per match). Get more columns with all rows per match)
    • how many rows back: ONE ROW PER MATCH (default) ALL ROWS PER MATCH or ALL ROWS PER MATCH WITH UNMATCHED ROWS (good for debugging)
    • where to start next search: AFTER MATCH SKIP PAST LAST ROW (default), also options for next row and relating to variables

Demo

  • Find 3 or more small (<2K) money transfers within 30 days. Then find large transfer (?=1M) within 10 days of last small transfer
  • Can do in SQL without pattern matching, but a lot of code.
  • Can do in Java, but. [copying the database…]
  • Showed how to create a table for JSON data – reads into a CLOB and Oracle checks it is valid JSON. Loaded with insert statements because live sql is web based and can’t access underlying file system.
  • Can use dot notation to access SQL fields

Sample pattern matching statement:


SELECT *
FROM transfers_view
MATCH_RECOGNIZE(
 ORDER BY time_id
 MEASURES
 user_id AS user_id,
 amount AS amount
 PATTERN (X{3,} Y)
 DEFINE
 X AS (amount < 2000) AND 
 LAST(time_id) - FIRST(time_id) < 30,
 Y AS (amount >= 1000000) AND 
 time_id - LAST(x.time_id)< 10);

My take: This was a two hour “tutorial” which differs from a hands on lab. We were still able to follow along with a laptop or “large tablet.” I followed along with the demos on my Mac. Which also let me play a bit. It was fun. I’ve always liked SQL :). I like that he uses QR codes for the links/blogs he wants people to go to. They are also linked in the PowerPoint when it becomes available.

It was also interesting blogging on my laptop. On my tablet, I blog in HTML because it is a pain to u se the visual editor on the tablet. A laptop has no such problem. But a laptop battery doesn’t last all day so…

JavaOne – Development Horror Stories

Posted on by
Reply

“Development Horror Stories”

Speaker: Roberto Cortez & Oleg Shelajev

For more blog posts from JavaOne, see the table of contents

My favorite stories

  • Missing a space caused deleting way too much
  • Construction workers unplugged
  • Email look of invalid emails – crashed server a 5-6 million emails
  • Not blaming vs not holding accountable vs not improving
  • Backup not following sym links
  • QA and Prod on same box means…
  • Routed all transactions to one place – “Don’t let developers touch production”
  • Loading a table delete all other rows
  • Delete IE 8 and 7 to use IE 6. Can’t debug because too much JavaScript for dev console and GWT can’t handle IE 6. Problem was JavaScript closing the right click option on resize
  • Dev machine was the only place the code was stored. Decompiling is not the same
  • == vs .equals() caused error under one db but not another
  • Backup in different file system format and all the files were gone
  • Website turned into Chinese because Tomcat using default password

“We are all laughing here, but every story has a teaching moment”

My take: They said this was meant to be a BOF. And they ran it as one wich was good. It was a nice final session of the day. It read like “confessions of developers”

JavaOne – Escaping Developers’ Nightmares

Posted on by
Reply

“Escaping Developers’ Nightmares”

Speaker: Rustam Mehmandarov

For more blog posts from JavaOne, see the table of contents

Put together code tools and cs to make developer’s paradise.

90s – waterfall, java in notepad/emacs/vim, visual sourcesafe, cvs, javac at command line, MS Access in a shared network folder for defect tracking

now it is rainbows and unicorns – git, real issues tracking

Tweet from here:

YOU ARE IN A LEGACY CODEBASE

> RUN TESTS
YOU HAVE NO TESTS

> READ SPEC
YOU HAVE NO SPEC

> WRITE FIX
YOU ARE EATEN BY AN ELDER CODE HACK.

Continuous integration/deployment/delivery sold as unicorn or rocketship that will takes to stars.

Code quality

  • Code standard – do you have a coding standard? Do you follow it?
  • Encodign – If coding in langage other than English, do you have encoding standard? Is checking automated?
  • MIME Type – Do you have standard?
  • Code Reviews – Do you do? How know code does what supposed to?

Development Tools

  • Code Versioning – “Git or even SVN”. Do you have a branching and tagging strategy?
  • Complexity, Testing
  • Branching
  • Static code analysis
  • Plugins – ex: Sonar
  • IDEs, checks at comits, integrates with unit testing and sonarqube)
  • build tool – Jenkins, TeamCity, Bamboo, etc and Maven, Gradle, etc
  • Unit, integration, UI, end to end tests

Third party libraries

  • Do you track your third party libraries
  • Do you have known issues/vulnerablities
  • Are they updated? Are they maintained? Are they compatible with each other?
  • Are the licenses appropriate
  • Are they in Apache Attic? Where projects go to die
  • Google OSS Fuzz test

Packaging > Delivery > Deploy

  • Automated deployment?
  • What environments can you deploy to?
  • Are enviornment similar
  • Same process to deploy to each environment
  • Do QA and Prod use separate physical hardware
  • How easy to rebuild from a script
  • Do you have monitoring in all environments

Architecture

  • Do you support continous deploy? Microservices? Load balancing?
  • Code package structure can hurt or help you

Helpful Maven plugins
Assembly, versions, depedency, enforcer surefire, failsafe, sonar, findbugs, pmd

Documentation

  • Wiki
  • Avoid multiple documentation systems

Collaboration

  • Issue tracking
    • Wiki
  • Chat

Blog post on bash ools:
https://mehmandarov.com/cmd-tools-for-developers/

My take: Fun comparison. He even drew a unicorn with rainbow hair and a rainbow tail for the “rainbows and unicorns” slide. A lot of things were covered. And if you know you are supposed to do them, definitely a good review/checklist. There were a few stories. I was hoping for more stories or more on how to sell the need for such tools. [Someone asked about how to sell and he said “you just have to explain it and show the value.” I thought how would be in the talk”]