Post on 07-Sep-2020
• What is
Learn&Be Curious?
• Why we are here
• What we’ll talk about
Le a r n a n d
be c u r io u s
Be there, Join us
romania.amazon.com
Why attend classes? We’ll share a few practical examples that will make you
understand why.
Join this talk and learn about the relevance of your studies in your
future career
Place and date: During the Algorithm Design courses
Monday, April 2, 10:00, Room C112
Tuesday, April 3, 10:00, Room C2
• What is
Learn&Earn
• Why award prizes?
Small or world changing,
at the heart of any software is engineering.
Online retail
What is ?
Online Retail
Robotics
What is ?
Online Retail
Robotics
Prime Air Delivery
What is ?
Online Retail
Robotics
Prime Air Delivery
AWS
What is ?
Online Retail
Robotics
Prime Air Delivery
AWS
Kindle
What is ?
Online Retail
Robotics
Prime Air Delivery
AWS
Kindle
Echo
What is ?
Online Retail
Robotics
Prime Air Delivery
AWS
Kindle
Echo
Amazon Go
What is ?
Online Retail
Robotics
Prime Air Delivery
AWS
Kindle
Amazon Go
Echo
Internet of Things
What is ?
“Put the customer first. Invent. And be patient.”
Optimizing Amazon.com
• How can we
understand what
the user’s journey
is on a page?
• In-page analytics.
Everyone does it!
Optimizing Amazon.com
• Measure, measure,
measure!
• In the wild, not in
the lab.
• Improve on the
basis of real data.
Analytics hooks
• A web page is composed of web elements.
• A user interacts with web elements.
• Interaction triggers one or more units of
work to be run.
Analytics hooks
Analytics hooks
Can we decouple the analytics from the actual add to cart invocation?
Behavioral patterns
In software engineering, behavioral design patterns are
design patterns that identify common communication
patterns between objects and realize these patterns. By
doing so, these patterns increase flexibility in carrying out
this communication.
Observer
• Problem: A large monolithic design does not scale well as new requirements are added.
• Definition: Define a one-to-many dependency between objects so that when one object changes state, all its dependents are notified and updated automatically.
• Web apps writing many event handlers.
• Event handlers = functions that will be notified when a certain event fires.
http://www.dofactory.com/javascript/observer-design-pattern
Observer
Observer
Observer
Observer - benefits
• Decoupling of subject and observers: the subject
doesn’t need to know about how many or which
observers will be interested in changes.
• Open-closed software: we only need to write
new observer code, not modify existing one.
Shopping engagement
• How are these
recommendations
served?
• What if we want new
types of
recommendations to be
displayed?
Shopping engagement
Shopping engagement
Template method• Problem: two different
components have significant similarities. A change common to both components implies duplicate effort.
• Definition: Define the skeleton of an algorithm in an operation, deferring some steps to client subclasses.
• Template Method lets subclasses redefine certain steps of an algorithm without changing the algorithm's structure.
https://sourcemaking.com/design_patterns/template_method
Template method
Template method
Template method
Template method - benefits• All widgets know what they have to define in
order to return recommendations.
• They don’t reinvent the wheel.
• They don’t duplicate async calls and results
synchronization code.
SDKs
• Amazon Web Services run in the Cloud
• You access them via the HTTPS protocol
• As a developer, what do you have to do in order to establish a
connection and implement your business logic?
SDKs
• AWS Step Functions: coordinate distributed applications.
• Part of the AWS Serverless Platform, and makes it simple to orchestrate AWS
Lambda functions, amongst other things, for serverless applications.
(1) Define a state machine -> (2) Start its execution -> (3) Make $$$
SDKs
• StartExecution: starts a state machine execution.
• Request Syntax
• Response Syntax
AWS SDKs
AWS SDKs – drawbacks
• HTTPS connections are heavy-weight
(Certificates retrieval, Encrypting, TPC hand-
shake, DNS lookups)
• One connection cannot be shared by concurrent
threads
Creational patterns
• In software engineering, creational design patterns
are design patterns that deal with object creation
mechanisms, trying to create objects in a manner
suitable to the situation.
• The basic form of object creation could result in
design problems or added complexity to the design.
Creational design patterns solve this problem by
somehow controlling this object creation.
Object Pool
Problem: It is necessary to work with a
large number of objects that are
expensive to instantiate and each object
is only needed for a short period of time.
Definition: a set of initialized objects
kept ready to use rather than allocating
and destroying them on demand.
The object pool design pattern
creates and manages a set of objects
that may be reused.
AWS SDKs - Object Pool
AWS SDKs - Object Pool
AWS SDKs - Object Pool benefits
• Objects can frequently be reused, and each
reuse saves a significant amount of time
• The pooled object is obtained in predictable
time
Design patterns
in low level programming
Design patterns
in low level programming
• Do you trust Amazon to delegate credit card
processing?
• We work hard to protect customer data!
• Security is not about convenience!
How does access control work in
the Linux kernel?
https://upload.wikimedia.org/wikipedia/commons/4/43/Linux_API.svg
How should we restrict syscall access?
Structural patterns
In Software Engineering, Structural Design
Patterns are Design Patterns that ease the
design by identifying a simple way to realize
relationships between entities.
NSA proposes SELinux (2001)
https://upload.wikimedia.org/wikipedia/commons/4/43/Linux_API.svg
2001 SELinux2001 SELinux
NSA SELinux proposal
• High-level pseudocode:
open_syscall():…selinux_access_checks()...open_call()
NSA SELinux proposal drawbacks
• The SELinux checks were written directly in the
kernel
• Any modification to the security layer would
modify the kernel code
• Any other alternatives to SELinux not possible
• SELinux complexity was now a part of the kernel
code base
Proxy
https://upload.wikimedia.org/wikipedia/commons/thumb/7/75/Proxy_pattern_diagram.svg/800px-Proxy_pattern_diagram.svg.png
Problem: The access to an object
should be controlled or additional
functionality should be provided
when accessing it.
Definition: a class functioning as an
interface to something else, the real
subject.
The Proxy pattern uses an extra
level of indirection to support
distributed, controlled, or
intelligent access and protect the
real component from undue
complexity.
Linux Security Modules (2003)
• Different security modules:
o SELinux (NSA)
o AppArmor
o Smack
o TOMOYO
o Yama
Linux Security Modules
https://upload.wikimedia.org/wikipedia/commons/4/43/Linux_API.svg
SELinuxSELinux
AppArmorAppArmor
SmackSmack
TomoyoTomoyo
YamaYamaHooks
Linux Security Modules
• High-level pseudocode:
register_selinux_hooks()open_syscall():
...process_generic_hooks()...open_call()
Proxy Pattern Benefits
• Rejecting initial SELinux proposal was a chance
to build generic security modules
• The Proxy pattern adds an indirection layer
• Reduces the complexity of the real subject
• Adds a plus on availability since critical code is
not modified often
Managing permissions
• Default Discretionary Access Control (DAC) in Linux has: read, write and execute
• Sometimes it is not enough, you want additional granularity (heap dump, stack trace)
• Existing frameworks might be too complex with a steep learning curve
• There are multiple kinds of permissions for each resource
• Sometimes you must combine different technologies to achieve a goal
Managing permissions
Discretionary
access control
Mandatory
access control
SELinux
App Armor
Infrastructure
permissions
PROTECTED
RESOURCE
Managing permissions
• High-level pseudocode
init_mac_system()init_dac_system()init_infrastructure_permissions()... check_mac_access(user,
convert_to_mac_resource (resource), convert_to_mac_action(action))
check_dac_access(user, convert_to_infra_resource (resource), convert_to_dac_action(action))
check_dac_permissions(user, convert_to_infra_resource(resource), convert_to_infra_action(action))
Managing permissions - drawbacks
• Developers have to know all permissions
frameworks
• Actors, resources and actions are not standard,
they must follow the permission framework API
• A good portion of developers need s simplified
version of these permissions
How can we make it simpler and more uniform?
Façade
https://en.wikipedia.org/wiki/Facade_pattern#/media/File:Example_of_Facade_design_pattern_in_UML.png
Problem: A segment of the client
community needs a simplified
interface to the overall functionality
of a complex system.
Definition: wrap a complicated
subsystem with a simpler interface.
The Façade defines a higher level
interface to a more complex
system.
Managing permissions - Facade
• High-level pseudocode:
init_permission_system()...check_permissions(user, resource, action)
Managing permissions - Facade
• Transforms a complicated subsystem by using a
simpler interface
Façade
Language
PROTECTED
RESOURCE
Security work is never ending story.Follow design patterns to make it easier to
understand and maintain.
Corollary
What this course teaches is fundamental to a
professional software engineer!
Understanding design patterns sets you up for success in
continuously improving a software architecture.
Thank you!Please help us improve by filling out
the survey for the presentation.