Final Questions Flashcards
What is product-based software engineering?
In the first place the development was lead by Customer that had a problem, from this problem they generated requirements with the developers, this was a bloody part, and then the software was implemented. Nowadays the developers sees an opportunity , that inspires Product features for developer, they then implemented a software their realises the opportunity. Product vision for a product started from a series of questions: WHO, WHAT, WHY that could be enlarged in For target customer, Who need , The name of the product that reason to buy , unlike competitive alternatives, our product main difference. All tat lead to a product vision that derived from Domain experience, product experience, customer experience, prototyping and playing around
Which are the key Scrum practices?
The product backlog is a list of to do, of feature that must be done to complete the development of the actual product. Hold the items inside this list are called o’clock items. The items are very different such as a feature to be implemented, users requests, engineering improvements. The product backlog must be prioritised in a way such that the most urgent and important feature must be on the top of this list. Also there is a state of all the items inside the backlog. That is ready for consideration, ready for refinement ready for implementation.
There are some activities related to the product backlog. When is our refinement were existing product backlog items are refined it to create more detailed product backlog items. Estimation were the estimated amount of work to implement each product backlog item. Creation when you’re high items are added to the backlog. And then prioritising where all items are ordered to take the new circumstances into account.
The metrics related to the product backlog are the effort required that is estimated eight hours or days of work, of course, different people can work on the same item to achieve faster results. Also, there are the story points the toilet is the two sides of the task, the complexity of the technologies and the unknown characteristics. These points are chosen by the team in relation to other product backlog items.
Time box sprints, the products are developed during two - four weeks activities that delivers an increment of the product , sprint stops also, if the work has not been completed. Activities of sprint are planning where the work items are selected items are refined if necessary. This should not last more than a day sprint execution where the product backlog items are implemented, but this part cannot be extended. Also if the work isn’t finished. Sprint reviewing all the work done is reviewed by the team and possibly also the stakeholders to check what went wrong during the process.
The ideal scum, two sides is between five and eight people, decides he is useful because the team who is large enough to be diverse, but small enough to communicate informally and effectively. Each person takes responsibility for the work, so people can join and leave without problems team. A good communication means that the people in the team will learn about each other Areas. The external interactions heart cured by scrum master, if their team focused a external interactions, and for the product focused external interactions, the product owner. To report the progress and organise the work. There is the project manager took this responsibility.
What are personas, scenarios, user stories and features?
We can use it as a representation letter called personas, and natural language scenarios stories to identify the product features. The personas are the target user for our product, we have to identify from one to 5 personas to get the key product future. We have personalisation, job-related relevance and education feature related to a persona. Then we have the scenarios where our Persone is using our product feature to do something. Then, from the scenarios that are high level stories, we can get the user stories that are formulated in the following way, has a, I want to do something, so that reason. The feature identified must be independent, coherent, and relevant. The future can be extracted from user knowledge by scenarios have user service, from product knowledge from holder products to provide fundamental functionality, the main knowledge from the area where the product you support, and in particular to do what they want him innovative way. Or technology knowledge that can lead to new features.
What is the role of non-functional quality attributes and decomposition in a software architecture?
They are the attributes of responsiveness, so if the system returns are in a reasonable time, reliability, if the system behave as expected, availability the system can deliver its services when requested by users, security system can protect itself from unauthorised attacks, usability can the system access the features quickly and without errors, maintainability can the system be updated with a new feature without effort, resilience, can the system continue to work after partial failure. The optimisation of some non functional attributes can affect others, for example an increase of security can lead to performance usability issues. That system can be decomposed into services that are coherent unity of functionality, components that are softer units, offering, one or more services, and module which is a set of components. A large number of components can increase the complexity of the system. To control the complexity of a system we have to separate the concerns into components focused on a single concern, create stable interfaces coherent that changes slowly and implement once functionality. We can have layered architectures, where each layer has a concern, and each layer doesn’t know the implementation of each layer, we have also cross cutting concerns like security, performance and reliability that add interactions between layers. The basic layers if an application web are, were or mobile user interface, auth and ui managements, application functionality , basic shared services, database and transactions management.
What is a distribution architecture?
A distribution architecture refers to the way in which a software system is divided into separate components that run on different machines or devices, and communicate with each other over a network. We can define servers and allocation of components to servers, we can have a client server architecture in which clients access a shared db and business logic are performed on those data figure 1 is an example of client server architecture. Also is used model view controller pattern where each view register to a model. The client server communication usually uses http and Xml/json. It can be multi tier or service oriented, in the first and second all the clients contact a web server, then in the first case the application server is contacted and then the database server, in a service-oriented gateway is contacted and then the gateway will contact each service required. When an application is distributed we have to put the components that change with the same frequency in the same services, also is important to avoid distribution of data, and if so its better to manage the problems derived from the distribution. We have to chose if use the cloud and so service oriented architecture, for a scaling system or local server and a multi tier architecture .
Which are the main features of Enterprise Integration Patterns?
Enterprise applications are composed by heterogenous services, uses various data types, have different participants, all connected via network, all are complex distributed multi service the problem is how to integrate, all this different applications using a button that he’s an eye level abstraction of solution. And enterprise integration, pattern he is reusable obstruction of the solution to well-known problems to integrate software components that forms enterprise applications. We have the message that he is a piece of data sent from the service to another is composed by an header and a body. So we have the channels that gives the possibility to communicate between applications, can be synchronous and asynchronous. The channels can be Point to point or publish subscribe. Usually the application doesn’t know the messaging system so there are you seat adapters to send messages to the channels and messaging points to reach or send messages. Thanks to the channels. We can have different type of message, so we need message translator. We use pipes and filters to be the architecture, the messages are passed into filters and then are sent thanks to the pipes that connect applications. We could have a content enricher that that’s so information to message. a message Router that thanks to the contacts base router read messages based on message type or message content or Thanks to the context so information from a central configuration. Also we have message filtering that filters a message. Also we have a router that can road tax for the content or in a recipient list. Normaliser, that translates a message in a common data format. Then we have the splitter that breaks down a composite message into a serious of it. He got a message and then aggregator that collect these messages.
Which are the technology choices that affect a software architecture?
DATABASE, PLATFORM, OPEN TOOL, DEVELOPMENT TOOLS, SERVER.
When we create a software architecture we have to choose the technologies, the database if we use a SQL or noSql db, platform if the app is a mobile or web app, server if is on in house serve or cloud, open source technologies, Development tools can they limit your architectural choices. The data base can be relational if you need transitions or no SQL. If we have more flexible data and data can be organised hierarchal. Delivery platform is also really important and we can have a problems with mobile products like processor power power management. The server to run our application can be cloud for consumer product for business it can be more useful to not use cloud because concerned about security. The closure can you plant the architecture of the product for example many development framework use model view controller, or some technologies can influence the database.
Which are the differences between multi-tenant and multi-instance SaaS systems?
Multi tenant means a single database schema shared by all the system users, the items in the database are tagged with tenant identifier to provide a logical isolation. Advantages are about the resource utilisation, because the software can use the resources to effectively use the resources. The security can be also improved because there is only one db to be patched. Th updates are also easier. Cons are about the inflexibility of use the same db, security in case of leak, complexity is more then multi instance. The multi instance system on the other hand is simpler in opposition of multi tenant , avoid concerns about data leaks. It can be implemented based on VM, so the software instance and db run in its own VM, all users from same customer may access the shared system db. Container based each user has an isolated version of software and db running in a set of containers, is most useful for product where each user work independently with little data sharing. The pros are about the flexibility each instance can adapt to the customer needs, there is no possibility of leaks of all customer, the scalability is simpler, if error for a customer others can continue to work. The cons are the major cost and the update management. The organisation of the db can be a key factor in choosing the right db. Target customer have security concerns about the db sharing -> use a multi instance;. If transactions and data consistency are needed or multi tenant or VM based multi instance. Big dbs are better for multi tenant, where can be optimized. If system is a service oriented use multi instance database.
What does the CAP theorem tell us?
In presence of network partition you can not have both availability and consistency. The consistency is defined as any read operation after a write, must contain that write changes. Arability every request from a non failing node must result in a response. Network partition the network can lose arbitrarily many messages sent from one group to another.
Which are the main pros, cons and characteristics of microservices?
The micro services are small scale stateless services with a single responsibility, independent one from the other, possibile to redeploy without changing or stopping other services. Self contained no external dependencies, light weight protocol to comunicate , independent implementation like technologies, independent deployable and business oriented. The pros are about the short time to create new features and update, also to scale effectively, quick restart without affecting other services, service replica quickly deployable. The cons are about the complexity of the system that will increase dramatically, also the microservices are dependent to the network that can reduce the response time between the services.
How can we feature authentication and authorization in a software product?
The objective of the authentication is to be sure that an user is who he claims to be, can be performed in 3 ways. Knowledge based with a password for example, possession based like a confirm code on the smartphone, attribute based auth with biometric attribute of the user. Password based auth can lead to problems, like user that forgot password or use the same password, to overcome this the password can be forced to be safe or can be used for forgotten passwords knowledge based auth like a question answer. Its good to use two stage auth only if there are confidential information. A secure auth system is difficult, also if an oauth is used, can be used a federate identity, like google. Authorization is a check if a particular user can access to some resources. Access control lists are used to check what kind of users can access to a particular resource.
What is static/dynamic vulnerability analysis?
Static vulnerability analysis is a type of white box analysis that has full access to the source code. It uses static analysis techniques to find security vulenrabilities that are caused by the code itself( e.g hardcoded secrets, old libraries with known vulnerabilities, bad crypto practices). Dynamic vulnerability tesating is a black box analysis. It tries to break the security control and find vulenrabilities by calling multiple applications API endpoints. Its purpose is to find bad designed authentication and authorization policies by exploiting a running application behaviour. IT casn find vulnerabilities such as no CSRF token, XSS, code injection problem, security misconfigs, unneccessary data exposusre ecc..
What is a workflow net?
Extension of petri nets. Petri nets consists of places, transitions and direct arcs connecting places to transitions. Transitions model activities, places and arcs model execution constraints. System dynamics represented by tokens, whose distribution over the places determines the state of the modelled system. A transition can fire if there is a token in each of its input places. If a transition fires, one token is removed from each input place and one token is added to each output place.
What is a sound/live/bounded net?
A Petri net is a workflow net iff: 1. There is a unique source place, with no incoming edge 2. There is a unique sink place, with no outgoing edge 3. All places and transitions are located in at least one path from the initial place to the final place What is a sound workflow net: A workflow net is sound iff: 1. every net execution starting from the initial state (one token in the source place, no tokens elsewhere) eventually leads to the final state (one token in the sink place, no tokens elsewhere) 2. every transition occurs in at least one net execution What is a live/bounded petri net?: A Petri net (PN, M) is live if and only if for every reachable state M’ and every transition t, there is a state M’’ reachable from M’ where t is enabled. A Petri net(PN, M) is bounded if and only if for each place p there is a n in N such that for each reachable state M’ the number of tokens in p in M’ is less than n Theorem: a workflow net 𝑁 is sound if and only if (N’,{i}) is live and bounded, where N’ is N extended with a transition from the sink place o to the source place i
What is Camunda?
Camunda is a framework supporting BPMN for workflow and process automation. It provides a RESTful API which allows to use any language Workflows are defined via BPMN and can be graphically modelled using Camunda Modeller
What is Locust?
Locust is a open source load testing python tool. It provides a python library and a simple web interface to generate a various number of API calls to stress test an application. A locustfile.py must be provided where some varius user api calls are defined. The number of these calls and the rate are dfined with the web interface
