Questions Learning Outcome
L5 : Describe TDD ?
TDD is test driven development where developer test the functions before releasing the code. Test are written before code. i.e. - Write enough of a test to fail. Write enough code to pass the test. Write enough of a test to fail...
L18 : What is a canary release/AB test?
Split into two groups, one group gets the new feature but the other does not. A technique that is used to reduce the risk of introducing a new software version in production by gradually rolling out the change to a small subgroup of users before rolling it out to the entire platform and making it available to everybody.
L3 : Given the following case: ... What kind of model would you use to describe the situation, and why?
State diagram Class diagram Component diagram Use case diagram There are more....
L19 : What issues exist with FP contracts?
They go for cheap supplier and they end charging us extra. Estimate, you have some value, cognative bias, your brain will go into shorter time than it might take. You raise price. Requirements, changes in agreements can indulge bad behaviour. --- Providers know the estimates are off (they increase the price) Requirements are never complete (change requests, can lead to unethical behaviour) Requirements changes might lead to more benefit for the client (FP hinder this) (Many) Clients focus more on price than competence.
Extra : Give an example of Three-tiered architecture
UI Layer, (HTML etc.) Business logic layer (JS, NODE etc.) Persistance layer (SQL, Mongo etc.)
L2 : What is user requirements ?
User requirements is called URD or user requirement documentation, it is also called user requirement specification. In short what user requirements does is it specifies what the user expects the software to be able to do.
L5 : At which stage in an agile process does requirements engineering occur?
User stories and scrum planing Every iteration, each sprint
L16 : What are examples for MBE?
Using UML diagrams class diagram which is drawing of classes. Also DB Schema diagram where you can generate DB Schema from the diagram -- Generating Page Flow Component interface generation Documentation generation Test case generation
L16 : What does the term MBE describe?
Using models as important as artifacts, not just draw them and throw them away. Using models as a key artifact in the development, you can generate test, code documentation. Model-Based Engineering (MBE) (noun + acronym) Definition: A software and systems development paradigm that emphasizes the application of visual modeling principles and best practices throughout the System Development Life Cycle (SDLC).
Extra : Describe Iterator Pattern ?
Traverse elements in collection independent of their representation
L11 : What is the idea of service orientation?
The related buzzword service-orientation promotes loose coupling between services. SOA separates functions into distinct units, or services, which developers make accessible over a network in order to allow users to combine and reuse them in the production of applications. Loosely coupled, implementation and platform independent, pay for a service you use instead of a COTS
L2 : What makes specification of quality requirements challenging?
V & V, is the software correct, does the software meet the user needs It can be hard to decide exactly what the quality should be. Saying that a system should be fast is kind of vague but on the other hand if you say a system should be for example 500ms fast doing some operation. Then you should have a reason for that number. If the cost of going from 510ms to 500 is enormous then maybe you live with 510. So it can be difficult to express exactly what quality you are looking for.
L6/7 : What is the difference between validation and verification?
Verification: "Are we building the product right?" Validation: "Are we building the right product?" Verification process is to ensure that the software works with functional and non-functional requirements. Validation is more of a general process. Show what customers are expecting. V&V establishes confidence that the system fits its purpose.
L17 : Given (information need), what could be a way to arrive at an indicator for this need?
You can have for instance line of codes, you can measure how many lines of code is in an hour. Attributes that you are measuring is that you are measuring lines of code. Attributes, Base measures, derived measures, indicator, information product. --- Decide which attributes are relevant for that and measure them (base measures) Combine them iteratively into meaningful derived measures Until you can use an indicator to provide the required information
Vasa : Name few antidotes to ignoring the obvious
Back-of-the-envelope calculations Assimilation of lessons learned
L8 : What are the CI, CD, DevOps concepts?
CI/CD is a method to frequently deliver apps to customers by introducing automation into the stages of app development. The main concepts attributed to CI/CD are continuous integration, continuous delivery, and continuous deployment. CI comes from XP "Extreme programming" CI - Push code to repostiroy such as github, gitlab. This is tested, done frequently, even more than once per day. CD - same as CI, automatic deploy, if tests are successful then this is deployed automatically. When the code is deployed to repository the code is tested and automatically deployed. Problem with this is there is not enough to have automatic testing. DevOps: Development + Operations. Plan > Code > Build > Test > Release > Deploy > Operate > Monitor > Plan...
L16 : What are requirements to be able to generate a (non-trivial) artefact from a model?
Code generation, we draw a model and generate code from the model. In most cases there are specific tools to do this kind of thing. --- One or more models that strictly follow a modelling language (e.g. UML) that's in a readable model file (e.g. XML) and one or more transformations.
L5 : What are issues when trying to scale agile development?
Cointeracting with teams Managing inter-team dependancies Iterative planning Coordinate work between teams in different locations and time zones. Contracts, Regulations, Meaningful user stories (who is the customer)?
L11: What is COTS ?
Commercial off-the-shelf Short for commercial off-the-shelf, an adjective that describes software or hardware products that are ready-made and available for sale to the general public. For example, Microsoft Office is a COTS product that is a packaged software solution for businesses.
L14 : Which dimensions of security play a role in software engineering?
Confidentiality: Information is only disclosed to authorised people/systems Integrity: Data is not corrupted or damaged, it can be relied upon Availability : Access to system is possible (system is operational)
Extra : Which dimensions of security play a role in software engineering?
Confidentiality: Information is only disclosed to authorized people/organizations. Integrity: Data is not corrupted or damaged, it can be relied upon. Availability: Access to system is possible, the system is operational
Vasa : Name few antidotes to lack of technical specifications
Development of initial specifications Event-driven updating of specifications Baseline management of specifications A designed software architect
L20 : What are productivity factors in SE related to the workplace?
E-factor: The environmental factor describes the ratio of uninterrupted hours and body-present hours Office layout: Private or open-plan office layout. Physical separation: The team members are distributed over the building or multiple sites. Proper workplace: The suitability of the workplace to do creative work. Time fragmentation: The amount of necessary "context switches" of a person. Telecommunication facilities: Support for work at home, virtual teams, video conferencing with clients.
L14 : What's the advantage of a layered architecture regarding security?
If security is a critical requirement, a layered structure for the architecture should be used, with the most critical assets protected in the innermost layers and a high level of security validation applied to these layers. Application Layer Middleware can have logging Database management Generic such as shared applications OS --- To get to the bottom layers you have to go through the upper levels and more security layers can easily be added between layers. Not a single point of failure.
Vasa : Name few antidotes to Requirements creep
Initial requirements baseline Baseline management Risk Management A designated software architect
Vasa : Name few antidotes to changing needs
Iterative development change control/baseline management
L17 : What are ways to establish trust in measurements?
Measurements need to be tested and checked. Provide meta-data (quality and date) of measurements.
L11 : Describe Kruchten's 4+1 architectural view model and why it is needed.
Multiple views are usually needed to present a complete picture of an architecture. Kruchten's 4+1 view model: Logical view: shows the key abstractions in the system (objects, classes) Process view: shows run-time interacting processes. Development view: shows decomposition for development Physical view: shows hardware and deployment of components +1: Use cases/scenarios relate the other for views.
L4 : What are issues with waterfall processes?
Once the application is in the testing stage, it is very difficult to go back and change something that was not well-thought out in the concept stage. The waterfall model is rigid, since the deliverables of each phase are frozen before the next phase starts. This makes it difficult to change anything. Since change is an essential part of software engineering, the model is unsuitable in many practical situations. Alternatives to the waterfall would be the V-model, agile processes such as Scrum or XP, or the spiral model.
L10 : What are typical qualities that are affected by architectural decisions?
Performance and security there can be a tread-off in these two. Architecture reuse, often similar architecture in the same domain. There can exist reusable styles and patterns. Better performance vs less maintainable. If we are talking about performance then the critical operations should be in the same component, then you don´t need to sent over the network, the downside of this is that the component will be bigger and there for less maintainable. This is changing into microservices. Safety, must be in a less components, this is more of organisation issue Availability, system is always up and running, no downtime, Redundancy is a problem, fault tolerance. Maintainability, make changes easily. Easy to change components, the tread-off is the performance is not as good. --- Performance - Localise critical operations, minimise communication, use large components. Security - Use a layered architecture (critical assets in inner layers) Safety - Safety-critical features in a small number of components Availability - Redundant components, mechanisms for fault tolerance Maintainability - Use fine-grain, replaceable components
L5 : Describe pair programming ?
Programmers work in pairs, developing code together. Different styles: Multiple keyboards, one writer/one observer
L21 : What is ethics?
"the discipline dealing with what is good and bad and with moral duty and obligation. [..] a set of moral principles : a theory or system of moral values"- Merriam-Webster Dictionary
What questions do surveys answer?
"What" questions.
L12/13 : What do the SOLID principles for software design prescribe?
S — Single responsibility principle Each class, component should have one responsibility over single part. "Do one thing and do it well" O — Open/closed principle Classes, modules should be open for addons, plugins but closed for modification L — Liskov substitution principle Objects, should be replaceable for functionality of the program I — Interface segregation principle Use interface segregation. D - Dependency inversion principle High level modules should not depend on low level modules.
L5 : What are the activities and artefacts in SCRUM?
Project planning Sprint phases Project closure Activities: 2-4 week sprints (Usable Software after each sprint) Sprint Planning (Items chosen from backlog, breakdown of high-level items into tasks) Daily standup / Daily scrum (What have I done? What will I do today? What problems am I facing?) Sprint review (after each sprint increment is presented to PO) Sprint retrospective (team reflects on how the sprint went) Artefacts: Product Backlog (Prioritised requirements, each item has customer value) Sprint Backlog (Plan for each sprint, Items from backlog broken down into tasks)
Vasa : Name few antidotes to lack of scientific methods
Prototyping Incremental development Technical performance measurement
L21 : What are examples for ethical dilemmas in Software Engineering?
Racial Bias in Health Care algorithms Self-Driving cars, should try and save older or younger pedestrians in an unavoidable crash. Splitting up families in airline bookings to maximize profit.
Extra : Describe Decorator Pattern ?
A design pattern that allows behavior to be added to an existing object dynamically.
L10 : What purpose serve application architectures?
Applications architecture tries to ensure the suite of applications being used by an organization to create the composite architecture is scalable, reliable, available and manageable. Applications architecture means managing how multiple applications are poised to work together. Understanding how a system should be organized, designing the overall structure of that system and identifying the main structural components
L12/13 : What is the difference between architecture and design (in software systems)?
Architecture is to get details on how the interactions is done in the system and how it should be understood. But design is focus relationships on the components. Achitecture and design are closely related; the main difference between them is really about which way we face. Architecture faces towards strategy, structure and purpose, towards the abstract. Design faces towards implementation and practice, towards the concrete. ... Both architecture and design are essential. --- Architecture: high-level relationships (components, sub-systems) + quality trade- offs; long-term strategy Design: Code-level design - Classes, variables, functions
L18 : Give examples of validity problems in a study.
Are the groups you are testing representative. Is this something that we want to test. We might draw wrong conclustion as a result of invalid study. --- Blood pressure medication example A: Construct: Measuring body temperature instead of blood pressure. A: Internal: Measuring stress and age effects instead of the real effects of the drug A: External: Does the 12-person clinical trial count for all patients, all age-groups, all genders?
L3 : Explain the four models in system modelling ?
Context model Is how context data is structured and maintained. It aims to produce a formal or semi-formal description of the context information that is present in a context-aware system. Context model normally show that the environment includes automated systems but does not show types of relationships between system in the environment that is being specified. Interaction model It describes interaction between software and the user and or software and software is. In most cases there are two types of modelling which explain interaction model and are use case model where there is some kind of explanation between user and system, then there is sequence diagram which shows the interaction between system components. Structural model Usually shows the makeup or the structure of the system in terms how the components in the system and its relationships. Structural model can be static. It uses class diagram to show the relationships between components within the system. Behavioural model Shows the behaviour of the system based on how the system is executing. The data and or event can be a trigger for behaviour of processing. Data-driven modelling is apart of behavioural model. To understand behavioural model sequence diagrams are used to show what happens in specific actions, in most cases it sends some information and returns some information and from that it does some process based on that information. Model-driven architecture
L18 : What is a controlled experiment?
Controlled tests, such as drug tests, one gets the real drug while the other group gets placibo
L18 : What is the empirical method?
"The scientific method: observe the world, propose a model or a theory of behavior, measure and analyze, validate hypotheses of the model or theory, and if possible repeat the procedure" "The engineering method: observe existing solutions, propose better solutions, build/develop, measure and analyze, and repeat the process until no more improvements appear possible." "The empirical method: propose a model, develop statistical/qualitative methods, apply to case studies, measure and analyze, validate the model and repeat the procedure." "The mathematical method: propose a formal theory or set of axioms, develop a theory, derive results and, if possible, compare with empirical observations."
L2 : Describe the purpose of requirements [elicitation | specification | management]
1. Elicitation (Discovery) Is to get details of system requirements based on observation of current systems, discussion with potential users and procurers, task analysis and so on. This can include some development of prototypes to help the software engineer to understand the system. Requirements Elicitation has the purpose of discovering the requirements. It is not enough to simply ask what they are but it is necessary to discover what they are. 2. Specification (None-Tech Documentation) This is to get more information about the system, these information is set into a document which is specified as requirements. There should be two types of requirements and are user requirements and system requirements. Requirements Specification has the purpose of specifying the different parts of the system for all stakeholders. The document needs to be read by all groups of stakeholders. Therefore cannot be too technical. 3. Management (Analysing) Management requirements is a process of collecting, analysing, refining and prioritising product requirements and then planning for their delivery. This is also to ensure that the organisation validates and meets the needs of its customers and external and internal stakeholders. Requirements Management has the purpose of keeping track of requirements through their lifecycle. They can evolve and change along with their importance and dependencies. We need to keep track of why the requirements changes so we can trace why certain requirements where changed, when , where, why, how. Etc.
Vasa : What where the 10 problems in the vasa case ?
1. Excessive schedule pressure 2. Changing needs 3. Lack of technical specifications 4. Lack of documented project plan 5 and 6 Excessive and secondary innovations 7. Requirements creep 8. Lack of scientific methods 9. Ignoring the obvious 10. Unethical behavior
L3 : What are typical purposes for which models are created?
1. Models are used during requirements engineering. They help to clarify what the system does and is used to focus stakeholder discussions on its strengths and weaknesses. 2. Models are used to explain proposed requirements to other system stakeholders. Models help engineers to understand the system. Other potential purposes are communication, documentation, analysis, certification, and detailed system description for code generation.
Extra : What is client-server architecture ?
A client-server architecture is a system that provides distinct services to multiple clients by logically dividing the service providers. Each service may be hosted on another server although the services can be co-located all on one server. Several clients may run concurrent instances of any given service simultaneously. One server can be replaced or undergo maintenance without affecting the entire system. A great advantage of client-server architecture is that is a distributed architecture providing the possibility of integrating geologically separated components all into one system. A good example of a client-server architecture is a library system that may provide multiple services to multiple students such as an article database, a book finder and an order placer.
Extra : What is Repository architecture ?
A repository architecture is a system that will allow several interfacing components to share the same data. Each component interfaces the same dataset that is utilized system wide. Data manipulation taking place in one component will reflect an identical representation of data in another component. Components can be interchanged and are independent of other system components. A good example of a repository architecture would be a database management system. Such a system would provide both a console and graphical user interface to update both the structure and dataset of any particular database.
Extra : Explain the gang of four creational patterns ?
Abstract Factory is to provide a client with a set of related or dependant objects. Builder is used to create complex objects with constituent parts that must be created in the same order or using specific algorithm. Factory method is used to replace class constructors, abstracting the process of object generation so that the type of the object instantiated can be determined at run-time Prototype is used to instantiate a new object by copying all the properties of an existing object, creating an independent clone. Singleton ensures that there is only one object of a particular class is ever created.
Extra : Explain the gang of four structural patterns ?
Adapter is used to provide link between two otherwise incompatible types by wrapping the adoptee with a class that supports the interface required by the client. Bridge is used to separate the abstract elements of a class from the implementation details, providing the means to replace the implementation details. Composite is used to create hierarchical, recursive tree structures of related objects where any element of the structure may be accessed and utilised in a standard manner. Decorator is used to extend or alter the functionality of objects at run-time by wrapping them in an object of a decorator class. This provides a flexible alternative to using inheritance to modify behaviour. Facade is used to define a simplified interface to a more complex subsystem. Flyweight is used to reduce the memory and resource usage for complex models containing many hundreds, thousands or hundreds of thousands of similar objects. Proxy is used to provide a surrogate or placeholder object, which references an underlying object. The proxy provides the same public interface as the underlying subject class, adding a level of indirection by accepting requests from a client object and passing these to the real subject object as necessary.
L21 : What is meant by 'diversity' in the context of teams?
Age Gender Nationality Language Programming language Role Personality
L20 : Give an example for X bias (in SE)
Anchoring/Adjustment bias: "Anchoring and adjustment is a common heuristic in which one makes estimates by adjusting an initial value called an anchor. Anchoring bias is the tendency to stick too closely to the anchor.""Do you think it will take more than 6 months to complete this?" Availability bias:"Availability bias is the tendency for easy-to-recall information to unduly influence preconceptions or judgments." Ignoring unfamiliar keywords/locations in docu/code Framing Effect: "The framing effect is the tendency to react differently to situations that are fundamentally identical but presented (i.e.,'framed') differently." Ideas vs. requirements Bandwagon Effect:"The propensity for large numbers of individuals, in social and sometimes political situations, to align themselves or their stated opinions with the majority opinion as they perceive it." Agree with the "leader", brainstorming
L2 : What does the term 'stakeholder' describe in Requirements Engineering?
Any person or organization who is affected by the system. Not just a user, can also be for example an admin, a manager, a user, a customer, the one who pays for the system, regulatory bodies and many more.
L17 : What is a base measure/derived measure/indicator?
Base measure, measure single attribute, such as count lines of codes using a specific method. Derived measure, take a number of base measure and put them togeather, how many lines of code does developers produce per hour. Indicator, traffic light, thumb up or down. Can be 1000 base measures. Evaluation as a basis for decision making. Example of base measure : Milestone dates, amount of requirements, number of closed defects/bugs etc.
Vasa : Name few antidotes to excessive and secondary innovations
Baseline control Impact analysis Continuous risk management A designated software architect
L17 : How would you decide what to measure?
By your informational needs. We can measure everyting, What, How When. for example you can measure how many use the website, in what particular circumstances does the website crash. How productive are the developers Schedule and progress, are we on track. Resources and cost, how many employees, what is the cost of hosting. Product size and stability, how many lines of code are there. How many bugs do we have. Product quality, the performance during runtime. Process performance, waterfall to iterative, is this good or not. Technology effectiveness, look at different solutions. Customer satisfaction, how possitive are the customers.
Extra : Explain the gang of four behavioural patterns ?
Chain of responsibility is used to process varied requests, each of which may be dealt with by a different handler. Command is used to express a request, including the call to be made and all of its required parameters, in a command object. The command may then be executed immediately or held for later use. Interpreter is used to define the grammar for instructions that form part of a language or notation, whilst allowing the grammar to be easily extended. Iterator is used to provide a standard interface for traversing a collection of items in an aggregate object without the need to understand its underlying structure. Mediator is used to reduce coupling between classes that communicate with each other. Instead of classes communicating directly, and thus requiring knowledge of their implementation, the classes send messages via a mediator object. Memento is used to capture the current state of an object and store it in such a manner that it can be restored at a later time without breaking the rules of encapsulation. Observer is used to allow an object to publish changes to its state. Other objects subscribe to be immediately notified of any changes. State is used to alter the behaviour of an object as its internal state changes. The pattern allows the class for an object to apparently change at run-time. Strategy is used to create an interchangeable family of algorithms from which the required process is chosen at run-time. Template method is used to define the basic steps of an algorithm and allow the implementation of the individual steps to be changed. Visitor is used to separate a relatively complex set of structured data classes from the functionality that may be performed upon the data that they hold.
L4 : What are ways to react to change in software development?
Change in external pressure and is usually means money issues. Competition Change in management priorities Change anticipation: Anticipating possible changes before significant rework is required. Early prototypes can help customers realise what they really need. Change tolerance: Process allows to accommodate changes at low cost. Incremental development is tolerant to change since the entire system hasn't been planned.
L3 : What does a component diagram describe?
Component diagrams could be used to give an overview of the entire system in terms of its components, e.g., for the purpose of architecture evaluation. In this case, the structure (components and relationships) would be sufficient to convey the needed information (how components relate to each other). Another purpose would be to synchronise the work between multiple component teams. In this case, the interfaces need to be described in detail, potentially with comments explaining what different interface methods do. It is not sufficient to just display components and relationships.
L20 : Give an example for confirmation bias (in SE)
Confirmation bias is defined as the tendency to verify one's own hypothesis rather than trying to refute them. During all levels of software testing, the goal should be to fail the code to discover defects and hence increase software quality. However, software developers and testers are more likely to choose positive tests rather than negative ones.
L18 : What is external/internal/construct validity?
Construct validity - we are actually measuring what we are trying to measure Internal validity - We are measuring our treatment or are founding factors. External validity - We are finished with our tests, does this work normally. Does the drug work with all age groups.
L11 : What does Conway's law describe?
Conway's law is an aphorism in IT that posits the idea that "organizations which design systems are constrained to produce designs which are copies of the communication structures of these organizations." This idea can be traced back to a programmer named Melvin Conway who developed this principle in the late 1960s. in short, The organisation (the company) eventually looks like the architecture of the product --- "organizations which design systems ... are constrained to produce designs which are copies of the communication structures of these organizations." It means software or automated systems end up "shaped like" the organizational structure they are designed in or designed for. Some interpretations of the law say this organizational pattern mirroring is a helpful feature of such systems, while other interpretations say it's merely a result of human nature or organizational bias.
Extra : Describe is Observer Pattern ?
Defines a one-to-many dependency between objects so that when one object changes state, all of its dependents are notified and updated automatically.
Extra : Describe Strategy Pattern ?
Define a family of algorithms, encapsulate each one, and make them interchangeable. Strategy lets the algorithm vary independently from clients that use it.
Extra : Describe Factory pattern ?
Define an interface for creating an object, but let subclasses decide which class to instantiate. Factory Method lets a class defer instantiation to subclasses.
L12/13 : Describe, conceptually, what the X pattern does.(meaning: don't describe all details, but give a summary of its purpose) GANG OF FOUR
Design Pattern Elements 1) Name: A meaningful pattern identifier 2) Problem Description 3) Solution Description: Not a concrete design by a template for a design solution 4) Consequences: The results and trade-offs of applying the pattern Elements of the Observer Pattern Name: Observer Description: Separates the display of an object state from the object itself Problem Description: Used when multiple displays of data are needed Solution Description: See UML Description Consequences: Optimizations to enhance display performance are impractical
Extrta : There are four patterns in gang of four, what are they ?
Design Patterns Creational Patterns Structural Patterns Behavioural Patterns
Extra : What are design patterns and what's their intention?
Design patterns are a description or a template for how to solve a problem that can be used in many different situations.
Extra : What are design patterns in gang of four ?
Design patterns provide solutions to common software design problems. In the case of object-oriented programming, design patterns are generally aimed at solving the problems of object generation and interaction, rather than the larger scale problems of overall software architecture. They give generalised solutions in the form of templates that may be applied to real-world problems. Design patterns are a powerful tool for software developers. However, they should not be seen as prescriptive specifications for software. It is more important to understand the concepts that design patterns describe, rather than memorising their exact classes, methods and properties. It is also important to apply patterns appropriately. Using the incorrect pattern for a situation or applying a design pattern to a trivial solution can overcomplicate your code and lead to maintainability issues.
L12/13 : What costs exist for software reuse?
Discovering cost such as finding and evaluating reusable parts License cost or purchasing cost Adaptation cost/configuring/extension cost Integration cost
L5 : What are issues when using agile development in regulated environments?
Documentation is missing or little Stakeholders not involved in specification V&V Regulation require waterfall process. The counter argument against saying agile does not work in regulated environment QUAMAS study. Code review Design documentation Data is not correct based on regulated enviroment e.g. GDPR Regulations often have documentation or up-front requirements. This makes it difficult to fit with agile.
L19 : Explain the reasoning behind "Release early, release often"
Easier to spot problems Easier to grow a community Not to big, harder to get into the code. --- A software development philosophy that emphasizes the importance of early and frequent releases in creating a tight feedback loop between developers and testers or users, contrary to a feature-based release strategy. Advocates argue that this allows the software development to progress faster, enables the user to help define what the software will become, better conforms to the users' requirements for the software, and ultimately results in higher quality software. The development philosophy attempts to eliminate the risk of creating software that no one will use.
Extra : Describe Singleton Pattern ?
Ensures a class has only one instance, and provides a global point of access to it.
Vasa : Name few antidotes to unethical behaviour
Ethical work environments and work cultures personal adherence to a code of ethics
L21 : What factors make it difficult to become more diverse?
Explicit Bias Implicit Bias
L19 : What contract types exist for software projects?
Fixed Price - FP, cost is predefinded Time and Material, pay per hour Risk Sharing, if the scope changes then the client pays, Agile Contract
L6/7 : What does system testing target?
Focuses on interaction between components, checks if the components are interacting correctly. System testing reflects the waterfall, system testing tests requirements and checks if they are working correctly. System testing is the system in whole. The complete system, including COTS components and other systems.
Extra : Explain what DevOps is ?
Focuses on the operational side of operational side of the software engineering. Gets the feedback from the operrations back to the planning and assess how the project is going. It is monitoring how features are used, by collecting surveys, click rates, latency and user experience overall. From that they can improve the features or add new features. This goes on in an iterative loop.
L17 : What consequences can bad measurements have?
For example if you are counting code lines how well do you know how good the code is. Is it based on standards, based on code smell, does it need refactoring. When you write multiple lines can you simplify the code. More code does not mean that it is a good code. --- Ineffective communication Missing problems Making wrong decisions Investigate bugs that don't exist No trust in future ('yeah, that test always fails...')
L19 : What is the difference between free software and open source software?
Free software - Four freedoms and open software Open Source has its own political ideas. OS, CV building, Selling support, selling adons, open innovation. Forced because of licenses. --- "Free Software" as in free speech, everyone should be able to re-use it. The FSF sees free software as a way towards democracy. Open source is a restriction on this idea and has very different ideas in general. Licensing is a key aspect of Open source.
L19 : What are the four freedoms promoted by the FSF?
Freedom 0 - Run the application on that way you want Freedom 1 - Research and change the application you want Freedom 2 - Redistribute copy of the code that will help others Freedom 3 - Distribute your modified version of code to others.
L16 : What is a meta model?
General-purpose language such as UML, Python, etc. A model describing all models of a specific type.
L14 : What are typical trade-offs with a higher security? Give examples!
Harder to access data Given the different types of access to the data e.g. Multi-Factor-Authentication requires another device to access software service. --- Performance may degrade with higher security, a layered architecture with high security may slow down the system encryption, more layers Usability the system can become harder to use or more annoying with many security factors.
L2 : What is functional requirements ?
Has the traditionally focused on what the system should do.
L11 : How does the architecture influence the communication in an organisation?
If we look at this based on layered architecture, each team needs to communicate to the layer bellow. The teams need to agree on the interfaces. Processes must also follow this. Waterfall design is a good way to do this where arhitecutre is frozen and you don´t change the interface. Agile is not as good, because then you need to change the interface and you need to talk to other teams. --- The software interface structure of a system will reflect the social boundaries of the organization(s) that produced it, across which communication is more difficult.
L14 : Discuss the protection vs. distribution security trade-off and give examples.
If you distribute data, it´s less secure because you have more attack points. If you have data on more than one server, it is harder to protect them all. Microservices does have good impact where each service has only access to specific pie of the data. More points makes each team think how it is protected. If the data is encrypted then the attacker has nothing to do with the data. --- Distributed software is harder to secure but if "attacked" less information is leaked. If the system is not distributed then it is easier to protect but if attacked all information is leaked Splitting up patient names and treatment history
L6/7 : What is test coverage? Give examples for different coverage criteria.
If you have if and else if statements you need to test them all. You organize the code into tree, you go into all the cases and from there you can get more coverage. Don´t just do one case. Function coverage, test only once Statement coverage, each statement must be tested, e.g. if else if and else then you need to test 3 statements. Edge coverage, you test all statements, same as statement coverage. example of that would be a variable that can only have from 0 to 9 in input, what happens if you do minus number such as -30 or a character what happens and does the system react based on that edge case. Condition coverage, must all be true and false, each statement if(b > a and b > 0) then you must test this in different ways. --- Test coverage is how much of the program is covered by tests. ● Function coverage - Each function at least once ● Statement coverage - Each statement (box) at least once ● Edge coverage - Each edge (arrow) at least once ● Condition coverage - Each (sub-)condition evaluated to true and false?
L19 : What is the copyleft principle?
If you use something again you must release it under the same license. --- Under copyleft, derived works may be produced provided they are released under the compatible copyleft scheme. The underlying principle is that one benefits freely from the work of others, but any modifications one makes public must be released under similar terms.
L16 : What are the goals of MBE?
Increased quality Seperation of concerns Reuse of meta-model, models and transformations Engineering capabilities Long-term cost redutions Enabling product lines Increase manageablitity -- The goals of MBE is Increased quality: Defined output, repeatable process, Separation of concerns, Reuse (of meta-model, models, and transformations), Engineering capabilities: Use models for reasoning, (Long-term) cost reductions, Enabling product lines and Increase manageability (complexity, cost, time, ...)
L4 : What are issues with incremental development process ?
Incremental process is not as visible where it is harder to measure progress. Structure of the system tends to degrade when new increments are added.
L6/7 : What is a 'unit'?
Individual component This is functions, methods and classes that must be tested.
L5 : Which aspects are valued over what in the agile manifesto?
Individuals and customers are valued over the process A: Individual and interactions over process and tools A: Working software over comprehensive documentation A: Customer collaboration over contract negotiation A: Responding to change over following a plan
L2: What are different types of stakeholders ?
Internal Project Manager: Generally never involved in the production itself but they control, monitor and manage the activities involved in the production Project Team: Do the actual work of the project, including development, testing, etc. Company: Organisation who has taken up the project and whose employees are directly involved. Funder: Provides funds and resources for the successful completion of the project External Customer: The one who the project is being developed for. Specifies the requirements and helps in the elicitation process of the requirement gathering phase. Government: Makes policies which helps in better working of the organisation. Supplier
L14 : Explain the role of assets in security risk assessment.
Is a definition on how well the data should be protected, data can be valued differently and the assessment should be accordingly. data or something that is valuable to us, we have to decide what level of protection different assets need.
L0 : What is Software Engineering?
Is a design, development, maintenance, testing and evaluation of computer software. It is also theories and tools for professional software development. "The application of a systematic, disciplined, quantifiable approach to the development, operation, and maintenance of software" -IEEE Standard Glossary of Software Engineering TerminologyIncludes: ● Process models ● Requirements Engineering ● Software Modelling ● Architecture ● Design ● Testing
L2 : What is system requirements ?
Is a set of documentation that describes the features and behaviour of a system or software application. It usually is a combination of problems and opportunities what are needed to provide a motivation for a new system.
L3 : What is a distinguishing feature of a model compared to the reality?
Is all about abstraction, leaves details out. Its simplification of real-life process.
L2 : What is domain requirement ?
Is derived from application domain of the system rather from the specific needs of system users. They may be new functional requirements in their own right, constrain existing functional requirements, or set out how particular computations must be carried out.
L14 : Give examples for guidelines to design secure systems.
Is how we design the system, such as architectural design and decisions vs security. The trade-off is how much value is added when we add more security. Example of attacks are like DoS, network, mallware, SQL injection. Authentication Encryption Firewalls --- 1. Base decisions on an explicit security policy 2. Avoid a single point of failure 3. Fail securely 4. Balance security and usability 5. Log user actions 6. Use redundancy and diversity to reduce risk 7. Validate all inputs 8. Compartmentalise your assets 9. Design for deployment 10. Design for recoverability
L2 : What is requirements validation ?
Is the process of checking that the requirements defined for the system is to confirm that it is really that they are actually what the customer wants. To check issues related to requirements then there is performed requirements validation.
L12/13 : What are design patterns and what's their intention?
Is to reuse knowledge that has already been developed. A pattern is a description of the problem and is the essence of the solution. Usually makes of object-oriented development.
L2 : What is the aim of requirements validation?
It is a process that ensures that the specified requirements meet the customer needs. Its focus is on finding problems with the requirements. Fixing requirement problem is greater than repairing design or code errors. Go through the requirements and see if they are valid. Something that needs to be done on a regular basis and include different stakeholders in the process. Read through and see if something is being forgotten. Also to check if everything is consistent and aligned and there are no contradictions between the different requirements.
L2 : What potential purposes can a requirements specification serve?
It can provide documentation about what the the system or user should be able to do and or what it cannot do. Driving development, contracting, explaining stakeholders, documentation. Provides critical information to multiple teams and keeps everyone on the same page. Can prevent projects from failing.
L11 : What impact does Conway's law have on the communication?
It impacts how the organization communicates. Example from a project where you have a backend, you need to understand what is in the api. The team that creates the UI is slower than usual, they need to ask for changes and wait. --- because the organization is shaped like the architecture of the system, the communications tend to be similar to the once in the system ( repository team has to communicate with everyone but the other component teams only have to talk to them)
L6/7 : What does unit testing target?
It is a defect detection process. It detects defects or problems in individual functions or classes. Tests functions and classes, individual components in isolation. Unit testing tests implementation
Extra : Explain Continous Delployment CO ?
It is basically on how we deploy our application automatically and regularly over GIT commits.
L0 : Why is there a need for Software Engineering?
It is important because software is needed in almost every industry, in every business and for every function. The failure of software projects costs Time, Money and risks lives. Software engineering tries to minimize the risk of failure.
L3 : What is a system model ?
It is to understand the system, but it is not complete representation of the system. It is abstraction of the system.
L3 : What are problems preventing the use of models?
It is to understand the system, who are the involved stakeholders and high level abstraction. The purpose is to find deadlocks, missing transistion. You have to understand why you use the model. We draw this with boxes and lines. Tooling - tools are complicated, old and hard to use Feedback- no or little feedback, is the model right? Organisational resistance - require introduction on a large scale at once.
L10 : What is a repository/layered/pipe-and-filter architecture?
Layered architecture is where each layer communicates with layer bellow, the layer bellow provides service to the layer above. Repository architecture is where all data is managed in central location where the system can access it. Pipe-and-filter is a code that can pass data from one component to another discreetly. --- A: Repository: It is a system that will allow several interfacing components to share the same data. Each component interfaces the same dataset that is utilized system wide. Data manipulation taking place in one component will reflect an identical representation of data in another component A: Layered: A pattern that consists of various layers, each of which corresponds to a different service or integration. Because each layer is separate, making changes to each layer is easier than having to tackle the entire architecture. For data to make it to the "bottom" layer, it must travel through all the layers in between. Common layers are presentation -> business -> persistence -> database. A: Pipe-and-filter: A design pattern that allows for stream/asynchronous processing. There are many components which are referred to as filters that transform or filter data, and connectors between filters that are called pipes.
L19 : What potential advantages have FP type contracts over T&M type contracts?
Mix, each has its own advandages, scope change is one issue because it is tricky to agree on what you know what might change. --- There is a known price (advantage for the client) There is a defined deliverable (advantage for both, however deliverable may not be what the client 'needs'). Some studies show FP projects give more profit to the Provider (advantage for provider)
L16 : What is the difference between Model-Based Engineering (MBE) and Model-Driven Eng (MDE)
Model-Driven Eng. (MDE) : "Models everywhere" System is completely generated from models MBE: Models are just an important aspect of the development
Vasa : Name few antidotes to excessive schedule pressure
Objective estimates More resources Better resources Prioritized requirements Descoped requirements Phased releases
Extra : Describe Facade Pattern ?
Provides a unified interface to a set of interfaces in a subsystem. Defines a higher-level interface that makes the subsystem easier to use
Extra : Describe Abstract Factory Pattern ?
Provides an interface for creating families of related or dependent objects without specifying their concrete classes
L18 : What are examples for quantitative/qualitative studies?
Quantitative study, has numercal data. Example survey. clinical trials Qualitative study, non-numeric data. --- Quantitative: "Numeric", Surveys, Controlled Experiments. Surveys: Data from a broad audience. Closed questions to obtain numerical data. Answers "What" questions. Shows patterns, but does not explain them. Good to get a representative picture. Controlled Experiments: Investigation of the effect of a single variable/treatment. Answers whether or not the variable has effect. Qualitative: "Non-numeric". Case studies, Observations. Case studies: Answers "How/Why" questions. Much more depth possible compared to surveys. Typically numerical data is not enough, you need non-numerical data which can be collected with the use of interviews or observations. Observation: Similar to case studies: specific context. Can give information that interview don't (cognitive bias!). Can be valuable as an addition to case study (perception + observation)
Extra : What is the idea of service orientation?
Reuse services across company borders and automatically find services
L11 : What are potential benefits of a microservice architecture?
Scalability, things are independent, easier to work with agile because microservices are disconnected. Service as components, components that are service. Service are smart, they are endpoints, use http but the service must be smart. All is decentralized, each team has it´s own customer. DB is a layer, but in micorservice each service can have it´s own database, so this can be distributed data. Not single point of failure for the DB. Designed for failure, if one service failes then what can we do? You need to check for other services and they check if they can service requirest if the service is down. --- Strong boundaries - clear modular structure (independent teams) Independent deployment - easy to get continuous deployment to work Technology diversity - mix of languages, frameworks and data storage Elasticity of the cloud - multiple services of the same type can easily be instantiated
Extra : How do security and safety differ in the context of software systems?
Security is "the ability of a system to protect itself against accidental or deliberate intrusions". Safety is "the ability of a system to operate without catastrophic failure". Security is a prerequisite for safety.
L14 : How do security and safety differ in the context of software systems?
Security is to assess and evaluate threat to the system such as how can the attacker get data. While safety is more based on how the software resilience is, such as can it respond to system failure. --- Safety: "The ability of a system to operate without catastrophic failure." Safety-critical systems: "Failure may result in injury, death, serious environmental damage." Security: "The ability of a system to protect itself against accidental or deliberate intrusion." Confidentiality, Integrity, Availability. Security is a prerequisite for safety!...
L4 : What is a waterfall process?
Sequential design process which progress is seen as flowing steadily downwards through phases. These phases are : 1. Requirements analysis and definition The system's services, constraints, and goals are established by consultation with system users. They are then defined in detail and serve as a system specification. 2. System and software design The systems design process allocates the requirements to either hardware or software systems. It establishes an overall system architecture. Software design involves identifying and describing the fundamental software system abstractions and their relationships. 3. Implementation and unit testing During this stage, the software design is realized as a set of programs or program units. Unit testing involves verifying that each unit meets its specification. 4. Integration and system testing The individual program units or programs are integrated and tested as a complete system to ensure that the software requirements have been met. After testing, the software system is delivered to the customer. 5. Operation and maintenance Normally, this is the longest life-cycle phase. The system is installed and put into practical use. Maintenance involves correcting errors that were not discovered in earlier stages of the life cycle, improving the implementation of system units, and enhancing the system's services as new requirements are discovered. ----- The waterfall process is a breakdown of project activities into linear sequential phases, where each phase depends on the deliverables of the previous one and corresponds to a specialisation of tasks
L5 : For which products/organisations do agile processes fit well?
Small and medium sized software products. Not critical systems, not while high uncertainty. Custom development with strong customer commitment and few regulations Projects with Co-located teams
L21 : What duties do software engineers have towards the public? (With respect to the ACM/IEEE code of ethics)
Software engineers shall act consistently with the public interest.
L17 : Why should (Software Engineering) organisations measure?
Software metrics are great for management teams because they offer a quick way to track software development, set goals and measure performance. But oversimplifying software development can distract software developers from goals such as delivering useful software and increasing customer satisfaction. Increase return on investment (ROI) Identify areas of improvement Manage workloads Reduce overtime Reduce costs Early identification of problems Justify descision Feel of control -- Effective Communication Tracking of Project Objectives Early identification of problems Support trade-off decisions Justify decisions
L2 : What alternatives exist to natural language requirements specification?
Structural language where the language is based on template such as user stories or other similar kind of documentation. Graphical notations where there is some images that explain the requirements, it might be UML diagrams. Mathematical specifications where there is some kind of documentation that explain or show calculations of algorithms
L18 : What questions does a survey/case study answer?
Survey, what questions, what do you like about the class, not how case study is to explain how something works, should answer how and why questions.
L20 : What are productivity factors in SE related to the team/individual?
Team Camaraderie: Social and friendly atmosphere. Clear goals: How clearly defined are the group goals? Communication: The degree and efficiency of which information flows in the team. Psychological safety: The atmosphere is safe for risk-taking. Sense of eliteness: The feeling in the team that they are superior. Support for innovation: To what degree assistance for new ideas is available. Team cohesion: The cooperativeness of the stakeholders. Team identity: A common identity of the team members. Turnover: The amount of change in the personnel. Individual Analyst capability: The skill of the system analyst. Application domain experience: The familiarity with the application domain. Developer personality: Individual personality and the mix of different personalities on the team. Developer happiness: Positive experiences leading to positive emotions. Language and tool experiences: The familiarity with the programming language and tools. Manager application domain experience: The familiarity of the manager with the application. Manager capability: The control of the manager over the project. Platform experience: The familiarity with the hardware and software platforms. Programmer capability: The skills of the programmer.
L8 : What architectural challenges come with DevOps?
Teams are dependant on each other, you must integrate tools into your code. Can be challenging with teams depending on each other codes. Microservices architecture is a solution. To get a hold on devops, take testing seriously, become an expert in CI, using Git branching. How do you design your system in a way that it can always be deployed: That "wrong" changes can easily be rolled back That you can obtain the information you need at all times Change what information you need?
L6/7 : How does partition testing work?
Test case strategy for unit testing It identifies different types of components that have common characteristics. Identify groups of inputs with common characteristics and test each group at least with one test case
Extra : What is the difference between architecture and design (in software systems)?
The architecture of a system describes the high-level relationships that is the components and subsystems, the quality trade-offs. It is a long term strategy. The design of a system describes its code-level design that is classes, functions and variables.
L20 : What is cognitive bias?
The brain turns of facts that our favorite player did something wrong. Paperclip is not norwegiean --- "the way a particular person understands events, facts, and other people, which is based on their own particular set of beliefs and experiences and may not be reasonable or accurate" - Cambridge Dict.
L4 : How does the incremental development process differ from a waterfall?
The development is in incremental steps which means that some of the costs of changes is reduced while waterfall model needs to go through the whole life cycle before changes can be added. Documents that has to be redone is less than waterfall model. Customer feedback is much easier using incremental steps where changes can be made within the development. Release of the software can be earlier than with the waterfall model because some of the features can be implemented later state. Incremental development is not plan driven like the waterfall method. It is easier to react to change then in the waterfall method. It is possible to use the system before it is 100%. But it can often be confusing for managers for the lack of a grand plan, like in the waterfall method. Architecture creep is another problem that often comes up. As the system is not designed according to a large scale plan. And if you keep adding small things the system can in the end become inefficient. Then a rebuild might be required.
L2 : What makes requirements elicitation difficult?
The most common problem with elicitation is insufficient input from stakeholders. This can lead to incorrect design of system, processes. Conflicting interests of stakeholders and inconsistency. The user often do not know what the requirements should be. It is not enough to ask what the requirements should be. You need to take into account the requirements of all stakeholders. Also requirements can change during the development of the program.
L8 : What are challenges with continuous deployment?
Tight deadlines and research schedules. Poor communication across teams. Infrastructure cost. Poor testing. Open source confusion. Over reliance on automation. Hard to automate test on UI. Manual review is not possible anymore, this is all automatic. Is your test suite good enough? Platform (Android/Apple) issues. Dependencies on other systems. Manager signoff.
L16 : What are challenges of MBE?
Tooling is tricky, organisational resistance, developers don´t like it.
L10 : What are the benefits of having defined an architecture upfront (before implementation)?
Understanding how the software should be designed, organized. Identify requirements. Is a critical link beteween design and requirement engineering. Also see how the components should be communicating. Note this is not interior design but rather high level design. Architecture is the whole system, but design is individual components or small modules. To imagine architecture is like to see the floor plan/blueprint of a house but does not show the interior setup such as wallpaper. --- Communication - groups can work independently on different components, don't constantly have to talk to each other. Reuse - architectures can be reused, often similar across a range of systems System analysis - the architecture can be picked with the quality requirements in mind
L4 : What is the V model?
V model is an extension to the waterfall model and also known as V & V model or Verification and Validation model. The v model is where process executes in a sequential manner in v-shape. The association of v-model is the testing phase of each corresponding development stage. The V-model is a type of SDLC model where process executes in a sequential manner in V-shape. It is also known as Verification and Validation model. https://www.geeksforgeeks.org/software-engineering-sdlc-v-model/ Note that the v model in the book is slightly different, located on p.43 (9th edition) or slide 194 in MonsterMerge
L19 : Explain Linus' Law ("given enough eyeballs...")
Very large community will find bugs in a program more easily than 2-3 programmers. If everyone can see everything then bugs will be found. --- Linus's law is the assertion that "given enough eyeballs, all bugs are shallow".A more formal statement is: "Given a large enough beta-tester and co-developer base, almost every problem will be characterized quickly and the fix obvious to someone." Presenting the code to multiple developers with the purpose of reaching consensus about its acceptance is a simple form of software reviewing. Researchers and practitioners have repeatedly shown the effectiveness of various types of reviewing process in finding bugs and security issues.
L4 : In what context could a waterfall/incremental/agile process fit well?
Waterfall model can be used where it is interfaced with hardware, can be used in critical systems and or where the security are really high. In highly regulated environments where requirements are well known and fixed. Somerville states: Waterfall is used for large system engineering projects across several sites (locations) Incremental is used where stakeholders are more in the development process, where the feedback is easier and also the changes can be done more rapid. MS Office is a good example of the incremental process. The programs are usable and it's easy to add or remove features as needed. Agile is used when the process is itarative and is to reduce overheads of the software process. Works best in small, co-located teams/companies for specific systems. Systems where requirements change often, where there's high uncertainty, low criticality, and no regulation
L18 : What is empiricism?
We know more now than yesterday. Knowledge is based (exclusively) on experience. empiricism asserts that knowledge comes from experience and making decisions based on what is known. Scrum employs an iterative, incremental approach to optimize predictability and control risk. Three pillars uphold every implementation of empirical process control: transparency, inspection, and adaptation."
Extra : What are the benefits of having defined an architecture upfront (before implementation)?
When we have defined an architecture we understand how the system should be organized, we've designed the overall structure of the system and have identified the main structural components in the system and their relationships. This gives us an advantage in the system analysis and we can reuse it for other similar systems
L6/7 : What is the difference between code inspection and testing?
code inspection is to find problems in the code, defects, checking for standards. Code inspection does not execute the code. While testing executes the code and finds out if there is problems with running the code, it is also called unittesting. Problems with testing that one error can mask other issues. If you solve one error another error pops up. Performance is hard to test, we can inspect the code to see if the algorithm is correct, but the best way to test performance is to stress test the system. Inspection: Static analyses (no execution, manual or tool based). Testing: Dynamic verification (Executing and observing actual behaviour)
L21 : What arguments support diverse teams in software engineering?
improved creativity problem solving higher productivity (Study of Github projects)
L5 : What is the difference between a plan-driven and an agile process?
plan-driven method is planed in advance, while agile is not plan driven but rather is more iterative process where the software is frequently released. Plan-driven methods focus on developing a comprehensive document set, requiring documentation for all aspects of development relevant to the problem. Agile methods require "just enough" documentation to complete the current implementation iteration. In plan-driven processes all process activities are planned in advance and progress can be measured against that plan,In agile processes incremental planning is done in small increments making it hard to measure progress but easy to react to change.
Extra : Describe Adapter Pattern ?
the design pattern that translates one interface for a class into a compatible interface
What questions do case studies answer?
"How/Why" questions.
L4 : What are counter-indications for a waterfall/incremental/agile process?
Waterfall: Should not use if the system is not well thought out and the requirements are not clear and fixed. Slow reaction to change. Does not allow much reflection or revision. Incremental: Should not be used if the whole system has not been clearly defined. System structure tends to degrade. Architecture creep - requires major refactoring. Agile: Should not be used in highly regulated environments are hard to match. Scaling is difficult. "Do what you want" mentality.