Tuesday, June 13, 2017

Whose Deck is it Anyways?

This year at KScope, we're going to try something new.  And fun.  And funny to watch - we hope.  It's called "Whose Deck is it Anyways?", and will occur on Sunday at 8:30pm.  It's only 30 minutes, but it will likely be the best 30 minutes of the conference.  Or at least the most embarrassing.

Here's what we're going to do: the will be four 5-minute presentations - one on each of the following: BI, EPM, Database & APEX.

Sound interesting?  Probably not.  We get that, too.  So here's what we did.

Each 5-minute session will be presented by a non-expert.  For example, it's highly likely that I'll be presenting on BI or EPM.

To make it even better, each slide deck will be prepared by the corresponding expert.  So again, it's highly likely that my slide deck's creator will be either Stewart Bryson or Edward Roske.  If nothing else, this session will be a crash course in how not to make cohesive, easy to read slides.

Interested now?  Ya, I thought so.  Here's some more details on the KScope site.

Thursday, March 23, 2017

#fakecode

Unless you've managed to somehow filter out everything about US politics over the last few months (and if you have, please let me know your secret), then you've likely heard about "fake news".  From a high level, my basic understanding of "fake news" is that it refers to stories or websites that are fabricated to advance the political beliefs and/or ideologies of one site or the other.  Your definition may differ.

So what is fake code?  That, I can at least try to explain in a bit more detail.

The other day, I saw this image posted on Kris Rice's twitter feed:



I thought it was a joke, but it's actually a real book. That made me laugh.  Then cry.  Then I read the book, mainly since it's only 4 pages.  Believe it or not,  there's actually some really good content packed in there.  Let me summarize:

If you choose to copy code from Stack Overflow, the OTN forum, or anywhere, really, there's a few things to keep in mind:


  1. Who owns the code.  It's more than likely perfectly legal to copy and use the code you find on these sites "as is", but keep in mind there may be exceptions to this rule.  The first page in the booklet offers some insight as to what they are.
  2. Who gets credit for the code.  While not required, it's a good idea to credit the author of the snippet that you used.  This is not just courteous, but also provides a reference back to the source of the code, so when it breaks, you know where to start looking.  Which brings me to the third and most important thing to consider:
  3. How good is the code. Unfortunately, there is no easy way to verify this.  You can look at the number of up votes for a specific response, but even that can be easily faked - or more likely, just be wrong because it is based on an older version.

The first two issues don't concern me all that much, as the first is rarely an issue and the second is simple to solve.  The third however, does concern me a lot.  FAKE code - where FAKE stands for Found Another Killer Example (yes, I made that up) - is fast becoming the way that we develop solutions.  Simply enter in some string of what you're trying to do into Google, and a set of possible solutions will magically appear on the page.

With very little effort, you can copy & paste that snippet into your application, run it, and if it works, then you're job is done and you're a hero.  If it doesn't, some more searching and some more tinkering is in order.  Maybe it's a 15 minute task instead of a 5 minute one.  But that doesn't matter, as what you were asked to do is done, and you can move on to the next problem.

There's definitely some problems with this approach.  If you don't understand what the code is doing, who is going to fix it when it breaks?  And it will break at some point.  As other libraries or components get upgraded and/or browser versions change, code will eventually break - usually at the worst possible time.

If you get lucky, and it doesn't break, then who is going to change how it works when the users come up with new requirements?  If you don't have a full grasp as to what it does or how it does it, then you'll have little success in changing how it works.

And just because there's a solution, does it mean that is the best, most secure, most performant solution?  It may work fine for a single user on a development environment, but what happens when its implemented in the real world?  This is especially a concern when you're implementing something in a language that you're not as proficient in, as you won't be able to readily spot bad practices.

In no way am I saying that any of these sites are bad, nor saying don't use them.  I use them all of the time to find solutions to problems and contribute solutions, as do many others.  They are all a valuable resource that makes our jobs a lot easier to do.

What I do want to emphasize is that when you do use any site that presents a solution or code snippet, be sure to not only vet the solution, but also ensure that you completely understand how it works, and be ready to fix it if it breaks.  If you can't do either of these things easily, then perhaps its best to find an alternate solution to your problem - one that you can understand and maintain

FAKE code is a real danger to any development project.  Sprinkle enough of it around, and you're essentially creating a ticking time bomb, that's just waiting to explode.  But FAKE code can be spotted and stopped fairly easily: Document the source of any snippet or blog you use.  Take the time to learn what it does line-by-line, and document that, too.  Be ready to support it if in the case it breaks.  And if you're not comfortable doing so, have alternative resources lined up or at least identified.

Together, with a little bit of work, we can stop the FAKEcode epidemic.

Tuesday, March 14, 2017

Iceland, Iceland, Baby

Alright, stop!  Collaborate and listen!  Ok, I’ll be the one to take my own advice here and stop...

Later this month, I’ll be heading to Reykjavík, Iceland to deliver our 3-day training class “Developing Desktop APEX Applications”.  This class will be open to the public and costs about $2500 per student, so anyone is welcome to sign up. You’ll have to make your way to Iceland, of course.

Miracle logo1

Here’s a brief overview of what we’re going to cover:

This 3-day course is an introduction to developing web applications using Oracle Application Express, or simply APEX. The course starts out with an overview of data model of the application that student will build. It then transitions to the SQL Workshop portion of APEX, where basic database object management concepts are addressed.

The bulk of the remainder of the class focuses on building an APEX application, starting with the core components that make up the foundation of the application. Students will then build several forms and reports, which allow user interaction with the data. Next, additional types of forms and reports will be introduced, as well as more advanced techniques used when managing them. The course will conclude with a review of the basic security attributes of an application as well as how to prepare and deploy it to a production environment.

The course will run from March 28th through March 30th, and will be held in a location TBD in Reykjavík. More details, as well as the course outline and a link to register can be found on Miracle’s site here: http://miracle.is/en/building-apex-applications/

Taste of KScope 2017 Webinars

This Thursday, I’ll be participating in the Taste of KScope 2017 webinar series by presenting GET POST ORDS JSON: Web Services for APEX Decoded.  The webinar will begin at noon EDT on Thursday, March 16th.  The webinar is completely free, and you don’t need to be an ODTUG member to attend.

Here’s a summary of the abstract:

Web Services in the APEX world are becoming more and more popular.  However, there is still a lot of confusion as to what they are and how they could benefit the APEX developer.  After a review of the syntax and jargon associated with web services, this session will review and boil down web services to their basic components.  It will then demonstrate how APEX developers can start to use these powerful components - both to send and receive data from other sites.  

Not only will I be presenting this session at KScope later this year, but I’ve also done it a few times already, so most of the kinks are (hopefully) worked out.

You can register for the webinar here: https://attendee.gotowebinar.com/register/2300788935263147265

Friday, March 10, 2017

Low


Recently, there has been a lot of buzz about "low code" development platforms.  Even the Oracle APEX team has embraced this term (see https://apex.oracle.com/lowcode/ for details). This approach allows the "citizen developer" - someone without a traditional IT background - to build basic applications with little to no code. Platforms such as QuickBase, Appian, Mendix and even SalesForce.com have popup up, offering the promise to quickly build applications with little to no code.  Users from all walks of life can now build and deploy applications to some sort of cloud in just minutes!

But is it possible to build a truly useful application with little to no code?  Perhaps.  Perhaps not.  I suppose that all depends on what you want the application to do and what data it will use.  It probably also depends on the security of the application, and how easy it will be to integrate into a corporate identity management system behind a firewall.  It also probably depends on what type of availability and reliability you need.  And it will definitely depend on how much any of these solutions cost, especially if your application gets popular and more users need to use it.  While some of these companies are solid and not going anywhere soon, a few of these names are new to me, and if they were to fold, it would not be the first time a startup failed.

While I have not tried any of the products that I mentioned, I do have a bit of experience with Oracle APEX, so I'll speak from that angle. APEX does fit into the "low code" profile, as you can easily build an application that manages data, provides visualizations, and even facilitates some basic workflows.  You can do all of this without writing any code, save for maybe a query or two.  There’s even an “App Store” of sorts - called Packaged Applications - that can get you create a fully functional point-solution application with a single click.  I’ve seen people from skilled developers with multiple IT-related degrees to vice presidents with limited IT experience build and deploy APEX applications.  The "citizen developer" term truly fits in here.

However, there is a limit as to what you can make any application do without writing code.  Over the years, APEX has done a great job of pushing this limit out further and further.  You can create a much better looking, more secure, more functional APEX application with APEX 5.1 in much less time than you could with versions as recent as APEX 4.0.  But even with the latest and greatest release, if you want to add some business rules or put basic conditions on a region, you’re likely going to have to use a little bit of code.

Think about this: if you had a couple of citizen developers build a basic project management tool in APEX, and then as it becomes more popular, more people in the organization start to use it.  Thus, the citizen developers enhance and modify it to support multiple teams, multiple users and roles, etc.  All along, there is no oversight from IT about how the application is enhanced and managed.  No standards are followed, as it’s totally up to the citizen developers to choose how it looks and works.  It’s fairly likely that at some point, bad decisions were made.  Perhaps a few security vulnerabilities were introduced, or a couple of poorly-written SQL statements were created.  It’s not all that different from the MS Access mess, but at least this one is backed up...

Low code is fine when it’s just that: low code.  As soon as applications cross some threshold and become a critical component of an enterprise, it’s time to stop calling them low code and transition their ownership to the professionals. With most of the online tools, I don’t believe that this is an option, or at least not a simple one.  If you exceed the capabilities of the platform which you’re building on, it’s going to be a good amount of work to migrate to another one.
This is where APEX differs. While APEX does seem to fit the low code moniker, it’s so much more capable than that.  Calling APEX low code makes me think of other “low” branded things: low fat, low carb, low T, etc.  It’s perfectly possible to start citizen developers in APEX, and show them how to build basic applications that meet some of their less critical business needs.  Some applications will remain somewhat simple, and that’s just fine.  But for the ones that don’t - it doesn’t take much at all to transition ownership of that application to IT, or perhaps just monitor and manage it a bit while still allowing the citizen developer to own it.

Those who have used APEX for years know this: it’s one of the few development platforms that you can become productive with in just a few days, but it will take your entire career to master all it can do.  It’s an ideal platform that meets the criteria of low code.  But it’s so much more - offering one of the most seamless transition paths from low code to enterprise applications.

Thursday, March 09, 2017

jQuery, Security and Web Services - Oh My!


It's going to be a hectic couple of weeks for me, as I get ready to head to Utah this weekend for the annual UTOUG Training Days conference next week.  I love Salt Lake City, and the UTOUG conference is just the right size - not too large, but large enough that most of the rooms are full of attendees.

This year, I've got three slots, each as different as the next:

jQuery & APEX Primer
This session is aimed at the APEX developer who has just never had the time to get into the details of jQuery.  It starts with an overview of the basics, and then proceeds to demonstrate these concepts using a simple HTML page.  After that, it will show some more practical examples of how jQuery can work in an APEX application.

Secure Your APEX Applications with APEX-SERT
Security is as important as ever, and this session will show you how APEX-SERT - a free, open source tool - can be integrated into your development process.  Once installed, APEX-SERT is instantly available to any and all workspace developers.  Evaluations can also be scheduled to run daily, so your application is constantly being checked for potential threats.

GET POST ORDS JSON: Web Services for APEX Decoded
Lastly, web services are also one of the things that APEX developers may not have a lot of experience with.  They are becoming more and more critical in modern web development, and it's a matter of when you'll need to learn them, not if.  This session covers the basics then walks through how to take a standard APEX form and modify it to use web services instead of the built-in DML  processes.

If that wasn't enough, I'll also be a part of the APEX panel on Tuesday - but will likely have to bail out a bit early to make my flights back home.

The full schedule can be found here: http://www.utoug.org/Schedule

See you in SLC!

Wednesday, March 08, 2017

NATCAP OUG Reboot

NATCAP OUG - or the National Capitol Region Oracle Users Group - has a long history of providing Oracle-related content to those in the DC metro area.  I remember presenting there back in my Oracle days (early 2000's) on multiple occasions.

Over the last few months, a few of us have been trying to resurrect this group, as there are likely more Oracle developers & DBAs in the DC area than any other area in the US, perhaps even the world!  This region has long been underserved, and we hope to change that.

We have had a couple of meeting at Oracle's campus in Reston, and attendance has been, well, not where we need it to be.  So, if you're in the DC area, please consider joining this group.  It's free, and our goal is to have quarterly meetings where both experienced presenters and NATCAP members alike provide the content.

If interested, please sign up on the NATCAP website here: http://natcapoug.org

Let's grow this group and give the DC metro area the user group it so badly needs!