Thursday, August 29, 2013

Homework #4

Chapter 11
Dependability and Security

 11.4  Giving reasons for your answer, suggest which dependability attributes are likely to be most critical for the following systems:
An internet server provided by an ISP with thousands of customers
*Availability would be the critical attribute needed here.  With thousands of customers relying on this internet server, the services need to be accessible all day everyday or the customers will leave their provider...attention Comcast.

 A computer-controlled scalpel used in keyhole surgery
*Safety is the critical attribute in this situation.  This scalpel needs to ensure safety to keep patients safe throughout the procedure.  Since we are dealing with a persons life/body- safety is important here.

 A directional control system used in a satellite launch vehicle
*I think reliability is most important during a satellite launch.  I'm assuming that a satellite launch is very expensive- so you want to use a system that will successfully launch the satellite vehicle into orbit the first time.  

An internet-based personal finance management system
*Security is the number one attribute needed in this system.  If this financial system is hacked, it can be very costly since it contains a lot of personal financial information.

 11.7 In a medical system that is designed to deliver radiation to treat tumors, suggest one hazard that may arise and propose one software feature that may be used to ensure that the identified hazard does not result in an accident.

 This medical system might deliver too much radiation to the patient, not only endangering/potentially killing the patient, but also healthcare workers.  In this case, I'm considering human error- the wrong amount of radiation was entered into the machine.

 One way nurses try to prevent human error is having another nurse check medications/dosages/etc with them before administering.  There could be a check in the software where nurses would show the amount of radiation to be administered to another nurse and check that against the doctor's orders, and have that nurse sign off on the radiation machine (enter their Id number/ scan their badge)- that way two sets of eyes have reviewed and confirmed that this is the right dosage.

 11.9 Using the MHC-PMS as an example, identify three threats to this system (in addition to threat shown in in Figure 11.8).  Suggest controls that might be put in place to reduce the changes of a successful attack based on these threats.

 #1  Threats to the confidentiality of the system and its data- so an unauthorized person has gained access to the system by guessing the username and password and now plans to find personal information on a well paid sports star and potentially expose it to the media.  
Control:  The unauthorized user tries to find personal information on patient, but it is detected and put to a stop.  Also if you have a celebrity in the hospital, you can have extra security measures...an alias name, another password to get into patients file, etc.

 #2  Threats to the integrity of the system and its data.  The unauthorized user has gained access to sports stars' personal file, but there isn't enough "juicy" material.  So the unauthorized user adds/deletes/ changes this data, positive that this will make a much better story for the gossip columns.
Control:  Software that detects data modification and stops further access while alerting the proper people.

 #3  Threats to the availability of the system and its data.  Access to patient files is essential when working in a hospital setting.  Not being able to access these is a major issue and could potentially harm the patient.
Control:  There needs to be a way for the authorized user to get into the system another way...a Plan B...a back-up plan (I'm not sure how realistic that is).  
Posted by at No comments:

Monday, August 26, 2013

Homework #3

Chapter #10
Sociotechnical Systems

10.6  A multimedia virtual museum system offering virtual experience of ancient Greece is to be developed for a consortium of European museums.  The system should provide users with the facility to view 3-D models of ancient Greece through a standard web browser and should also support an immersive virtual reality experience.  What political and organizational difficulties might arise when the system is installed in the museums that make up the consortium?

This is a system, not for one museum, but for many.  All the museums may not have the same supplier for equipment, which would affect the review and assessment phase of the spiral model in the textbook.   The book mentions that the user environments may be different from what the developers anticipated- adapting the system to cope with diverse user environments can be difficult.  When problems arise with the new system, who is responsible for technical support?  The museum staff?

When introducing a new system like this, there obviously has to be training of staff so they can demonstrate to users how to use the new system.  This sounds uncomplicated enough, but people don't usually like change and there might be some resistance towards this new system at first from staff members.  I worked on a NICU floor for almost 4 years and change was ALWAYS met with resistance...but who can really blame them, new changes usually meant more responsibility/work on top of already long and difficult shift work.

10.10  You are an engineer involved in the development of a financial system.  During installation, you discover that this system will make a significant number of people redundant.  The people in the environment deny you access to essential information to complete the system installation.  To what extent should you, as a systems engineer, become involved in this situation?  Is it your professional responsibility to complete the installation as contracted?  Should you simply abandon the work until the procuring organization has sorted out the problem?

This is a frustrating position to be in.  Obviously you can not complete your work without proper information, but you can't abandon the work all together.  Communication is key here.  Let human resources or whoever you are dealing with know what is happening on your end.  Call and email.  Postpone the work on this contract until you have the necessary information.  You can't do your job until they do theirs.
Posted by at No comments:

Homework #2



George V. Neville-Neil
Interesting tidbits on the authors:


George V. Neville-Neil is the author of Cherry-Picking and the Scientific Method.

A little about him:  he is on the editorial board of ACM's Queue magazine and developed the column Kode Vicious- this is where our article comes from.  He is the coauthor of the book entitled The Design and Implementation of The FreeBSD Operating System (It got 5 stars on amazon.com).  He is a software engineer who currently builds systems for the global financial market.




"TomZ"

Thomas Zimmerman is the coauthor of Software Analytics:  So What?

Thomas Zimmerman is a researcher at Microsoft Research.  He is also a Professor at the University of Calgary.  His research revolves around programmer productivity by creating techniques and tools that focus on learning from past mistakes or successes.






Tim Menzies

Tim Menzies is the coauthor of Software Analytics:  So What?

Tim Menzies is a professor at WVU for various Computer Science courses.  (He's actually on ratemyprofessor.com with an overall rating of 3.6).  He was a former research chair for NASA before becoming a professor.





Frederick P. Brooks, Jr

Frederick P. Brooks, Jr is the author of Essence and Accidents of Software Engineering.

Frederick P. Brooks, Jr became the manager for the development of the System/360 family of computers and the OS/360 software package for IBM.  Apparently he coined the term "computer architecture".  He also founded the Department of Computer Science at UNC Chapel Hill.







Article summaries/personal thoughts:

Cherry-Picking and the Scientific Method
Summary/Thoughts:
In this column, readers write in and get their questions answered.

The first questions is about when to give up cherry-picking and merge.  I wasn't really sure what cherry-picking meant (related to computer science) so after a quick google search, this gave a nice description:  http://technosophos.com/content/git-cherry-picking-move-small-code-patches-across-branches.  Because of my lack of experience, I'm not really clear on what the issue here is, but I'm assuming when you are moving commits piece by piece, there might be a few loose ends and it would be better to merge everything together as one cohesive piece.  I'm sure I'll have a better grasp of this after hands on experience.

The second question is about fixing bugs and how to prove the corrections are correct.  The author recommends approaching a problem by using the scientific method:  write down your theory and develop hypothesis about problem.  The key advice the author gives is to write this information down- he gives an example of his note taking system.  This way in the future, it is easy to see what was tried, what worked, what didn't, etc.  I liked his idea of keeping notes, something I will consider doing in the future.

Software Analytics:  So What?
Summary/Thoughts:
This is one of two volumes on the subject of software analytics.  The article first covers what software analytics is defined as.  It specifies that analytics must be real time and actionable.  It also talks about how software analytics today is focusing on sharing general methods to enable the discovery of local lessons.  It has been realized that there is no global model, instead the focus is now on local models.  This article also talks about general principles for analytics:  how it's not about the hardware or software, but about the skilled data scientists.  The last part of the article is dedicated to discussing the different and distinct kinds of analytics.

The distinction I found most interesting was internal vs external analytics and how privacy is a major issue, since altering data can damage the signal in that data, thus skewing results.  My sister graduated from College of Charleston with a Data Science degree, so it was really fun reading and keeping her in mind.  It will be interesting to see where software analytics take us in the future.

Essence and Accidents of Software Engineering
Summary/Thoughts:
This article goes through proposed bullet after proposed bullet to ultimately prove that there is no silver bullet that will improve productivity, reliability, or simplicity of technology or management technique in software engineering.  But by proposing these bullets, there have been advances (some small/some large).

The idea of graphical programming is really interesting to me since I am a very visual person.  Unfortunately no strides have been made in this subject and the author believes that no strides will ever be made for these reasons:  the flowchart is useless as a design tool, the current screens are too small (the programmer would only be able to view a few things at once), and the author believes that software is very difficult to visualize.  This article is about 26 years old, based on an advertisement on the last page, so I wanted to google and see if anything new has happened with graphical programming, but it doesn't look like anything has.  I did find this blog:  http://www.realsoftwareblog.com/2011/08/can-programming-language-be-completely.html.  It did a great job of running through a list of visual programs that the author was familiar with that failed and why- really interesting and worth reading.  This was a lengthy article, I got lost a few times, but stuck with it- really in depth and interesting read.













Posted by at No comments:

Wednesday, August 21, 2013

Homework #1

1.3  What are the four important attributes that all professional software should have?  Suggest four other attributes that may sometimes be significant.

#1  Maintainability:  software is written in a way that can evolve with new needs of the customer
#2  Dependability and security:  If a system fails, there is no physical or economic damage left in it's wake- also hackers and death eaters are not able to access or damage the system
#3  Efficiency:  Waste not, want not.  Software should not waste system resources.  Efficiency refers to responsiveness, processing time, memory utilization, etc.
#4  Acceptability:  Users must accept the software to the point that they understand and are able to use the software and that it is compatible with other systems that said user...uses and does not create ugly side effects.

So here goes my input:

#1  Fixability:  I'm fully aware that this is not a real word.  It's not even defined on urbandictionary.com - I checked.  So what I mean by "fixability" is the ability to fix - How easy is it to understand what went wrong - does the software handle errors well and how do we find the problem.  In short- fixability.
#2  User Friendliness:  I guess this can technically go under Acceptability up above, but I think it is extremely important that the user not only understand how to use the software and is able to, but that they enjoy it.  As a user, I'm not likely to use software that annoys me or I simply do not like.  After all, the customer is always right.
#3  Affordability:  Again- I'm going back to the user- ultimately it's important and if you follow the four important attributes of professional software, the cost should be kept down since the maintaining software is the costliest.
#4  Flexibility:  I have just entered the computer science world, so I do have have a lot of real life working knowledge, but I keep hearing my friends (who are in the real world working) complain about how inflexible their companies existing software is.  So therefore, I'm going to go with them on this one and say flexibility- meaning that changing/adjusting the software is relatively easy.

1.8  Discuss whether professional engineers should be certified in the same way as doctors or lawyers.

I see a lot of gray areas when thinking about this.  Ultimately I think the general certifications we have in place now are good enough, but when you get into software that affects someone's life/health- that's when I feel we need more certifications in place.

1.9  For each of the clauses in the ACM/IEEE Code of Ethics shown in Figure 1.3, suggest an appropriate example that illustrates that clause.

#1 PUBLIC:  software engineers shall act consistently with the public interest.

Sophie the software engineer volunteers her time and skills to good causes, ideally education related.

#2  CLIENT AND EMPLOYER:  Software engineers shall act in a manner that is in the best interests of their client and employer consistent with the public interest.

Sophie the software engineer does not gossip about confidential information, that she has learned at work, out in public.

#3  PRODUCT:  Software engineers shall ensure that their products and related modifications meet the highest professional standards possible

Sophie the software engineer properly tests, debugs, and reviews projects that she works on.

#4  JUDGMENT:  Software engineers shall maintain integrity and independence in their professional judgment

Sophie the software engineer does not bribe, double bill, or do anything else that is financially distasteful.

#5  MANAGEMENT:  Software engineering managers and leaders shall maintain integrity and independence in their professional judgment

Sophie the software engineer's boss will not punish her if she raises ethical questions about a project.

#6  PROFESSION:  Software engineers shall advance the integrity and reputation of the profession consistent with the public interest

Sophie the software engineer gets involved by participating in professional organizations and always supports others in her field.

#7  COLLEAGUES:  Software engineers shall be fair to and supportive of their colleagues

Sophie the software engineer takes a new coworker "under her wing" and aids this coworker in his/her professional development.

#8  SELF:  Software engineers shall participate in lifelong learning regarding the practice of their profession and shall promote an ethical approach to the practice of he profession.

Sophie the software engineer would never violate this Software Engineering Code of Ethics and Professional Practice- "uphold the code" she chants.

1.10  To help counter terrorism, many countries are planning or have developed computer systems that track large numbers of their citizens and their actions.  Clearly this has privacy implications.  Discuss the ethics of working on the development of this type of system.

This is invasion of privacy.  This system goes against some of the Software Engineering Code of Ethics, especially the first one- PUBLIC.  I would report to the appropriate authorities...but...wait.


Posted by at No comments:

Hello World!


This blog is a requirement for a Software Engineering course that I am currently taking at the College of Charleston taught by Dr. Jim Bowring.  Coincidentally this will be my first blog.  Ever.  As I understand it, I am to post my completed assignments here for the perusal of Dr. Bowring and anyone else who wishes to...peruse.  The required text for this class is Software Engineering, 9th Edition, by Ian Sommerville and this, along with various other articles are mainly what my blog will revolve around, for now, that is.





Posted by at No comments:
Subscribe to: Posts (Atom)