Should notifications be a class in the class diagram? - uml

Suppose I make a class diagram for a social network system such as facebook. Should the notifications and discussion messages have their own classes?
I do really think they should. I made a full class diagram for such a system, with notifications and messages as classes, but my teacher told me to exclude them. Now I am confused.

This is a very interesting question for three reasons.
1. What’s the scope?
This is a core question for any work that you’ll do in your developer career: what’s the scope of the system?
is it just core social networking functionality of one to many communication, like you had on Facebook in its early days?
or is it a full clone of facebook, including its messaging features, but also its advertising and moderating features?
If it’s the first, you’ve done too much. If it’s the second, you forgot important parts.
Rule 1: Whenever there is a doubt about the scope, clarify it with your coach/manager/stakeholder before thinking you know what there is to do.
This will avoid you the frustration of doing work that is not valued. It will avoid your future customers the frustration of not getting what they’ve expected, or paying too much for something they didn’t ask for.
2. What’s the approach?
Whenever you model some software, there’s a purpose. Class diagrams can be used for different purposes. For example:
is it for analyzing the requirements? In this domain, you will certainly have a class for Post, Comment and UserAccounts as well as associations between them. But you’d limit yourself to the “problem space” and not address the software solution and its UI.
is for the design of the system? then it probably should address how the system will work, and give some more details about how the UI will interact with the domain object. This kind of diagram might be more detailed and show the “solution space”.
Rule 2: if asked to do some modeling, always clarify the purpose. In the real world, if not asked explicitly to model, clarify the agreed approach within your team.
3. Always clarify with the person the closest to the source
(the subtitle is already the rule).
Now, is the notification a part of the UI, because they shows posts that changed and it’s part of the solution design? Or is it part of the domain, because the need for notification is independently of the chosen software solution? And because moreover notifications need to be tracked and delivered, and the they will work differently on mobile apps (push) and on web pages (pull)? As you see there is some room for interpretation, and depending on his/her arguments, the teacher is not necessarily wrong.
Conclusion
As you see, it’s not right or wrong: there are a lot of nuances between the two. There are plenty of reasons that could justify your teacher’s position. I see at least two other unrelated ones:
to adapt the time of the exercise to the average capability of your class (which would be a good sign for you)
because the teacher already know the next questions and he/she already know that notifications will make it much more difficult (which would show that the teacher was nice).
My advice: trust your teacher, and in any case engage a discussion to understand the arguments, before jumping to quickly on unproven conclusions.
Key takeaway: requirement analysis and modelling are a communication activity more than a technical activity. Whenever there’s a doubt, engage discussion with your stakeholders before seeking advice from strangers on the net ;-)

Related

Domain Model modelling how complex should the diagram be/become?

I am incredibly new to Domain Models and I am trying to build up my understanding. I have created this domain model around a scenario which I will provide. I feel this model is simple and as a result, feels incorrect and might be missing elements I might not have thought of although, I cannot think of what else might need to be included in a domain model given the scenario. The idea is to demonstrate the relationship between real world class entities which I feel I have managed to achieve.
Scenario: Management Application that allows you to create users, projects, companies and issue tickets. The projects are assigned to companies, the users are assigned to projects and the issue tickets are assigned to the users. Tickets have a status which can be changed.
Changes
Implementing proposed changes. I think this is a better way to represent the idea based on the feedback returned, especially in regards to the use of composition. I have also updated the multiplicities to better represent the scenario.
Further changes
The diagram should stay as simple as possible, but not more.
In this specific case:
The two specializations of User might be too complex for the need: a User stays a User, isn’t it? If you really need to take into account differences between categories of users, and especially if the category changes over time, you'd better consider (object) composition over inheritance (or better worded for UML: prefer association over inheritance).
The associations might be too simple or incomplete. For example, before an Issue ticket gets assigned to a User, isn’t it also associated to a Project or a Company? It is not clear either if User is also associated to Company (e.g. multi-tenant cloud scenario) or if there is no such association (e.g service provider scenario, where the company is in fact a customer company).
Some associations may hide association classes, e.g. do you expect to monitor how many time a user worked on a ticket?
It entirely depends on the purpose of your model.
Some models might be created to stimulate discussion and further discovery. Some might be required for the senior stakeholders to approve. Some might be for developers to work from. Others might be for marketing material.
Your model is ok for stimulating discussion and further discovery.

Sequence Diagram: Consuming Web Service from Android

I am really consufed and i can't indetify the parts of an sequence diagram. I see ppls make simple sequence diagrams for some process, and other ppls make it extremly detailed.
Can you please help me to find an good (not the best) sequence diagram for the following actions: Login Register
Let me explain you:
There is an Android application that Call web service in IIS Server
When user ask for login, get back as response Full Name if success (i don't want to represent failure in diagram)
In case of registration, user send data in Web Service. The Web service create an folder in HDD with user name. (It is file server, so we create user folder)
So, How i can represent the upper bullets in sequence diagram?
This is what i've done. I have no idea if it is right.
Sequence Diagram 1
Sequence Diagram 2
There is no right or wrong here. The level of detail exposed in your sequence diagrams is a choice your team should make. The only 'wrong' way of doing it, is when you have multiple SDs for the same application, showing different levels of detail.
Who are going to use these sequence diagrams? Let's assume that they are developers who must implement it and, in the future, technical designers who must know how the current version of the product works, in order to design extensions to it.
In my opinion, the level of detail should be such, that the SDs give a clear overview of the flow, which provides enough information to know where to look in the source code (once it's finished) if you want to know more details.
You should sit together with the developers and your fellow designers and decide which lifelines (the official word for the participating objects) are valuable to show in the SDs. Once you know which lifelines to draw, I think it is the best strategy to include all messages interchanged by these lifelines.
If your audience consists of people like architects or product owners, then sit together with them. They may be interested only in a global view, in which case you should include less details.
Looking at your SDs, you seem to be in doubt whether to include 'Login Activity' as a lifeline. Personally, I'd say yes, so I'd prefer Sequence Diagram 2.
For more information about sequence diagrams for web applications, check my paper, chapter Scenarios.
All you want are method calls and return values, so basic SD things.
Make a life line for the Android app and send a message from it to the IIS.
Show the return value (full name) in the return message.
You can send a message to a file service in the web server after authentication to create a folder. Eventually use an alt-fragment to show that it's doing that only on positive authentication.
So that's it. It's pretty much straight forward.

Establishing project requirements - anyone had any eureka moments?

I repeatedly find that establishing user requirements is one of the hardest parts of my job. This is for several reasons, for example, lack of shared technical vocabulary, incomplete understanding of domain on my part, inability of user to 'imagine' completed UI / product, etc etc.
Since this appears to be an ongoing challenge for me, has anyone here had a 'eureka' moment that has really helped them with this part of developing? For example, I have heard of the book 'Domain Driven Design', but not read it yet. Has anyone found a book, online resource of piece of advice that has really turned things around for them?
I won't aspire for eureka experience, however, if you are interested in DDD, which is about establishing common language for you and the users (among other things), than if you don't have access to the book, look for the Domain-Driven Design Quickly on DZone.
Generally speaking, any time user cannot imagine the thing and therefore state proper requirements, go for the prototyping (if you can). Recently I was pleased by really super simple tool which is a Firefox extension called Pencil, which enables easy and quite fast prototyping even for non-programmers. It is far from perfect, but it enables you to create own components and it is extensible.
Are you creating the user requirements on your own or are you actually interacting with the user to generate the requirements?
If you are creating a piece of software without a customer then starting with a simple high-level mock-up of what I want to create is where I will usually start and will formulate my User Requirements how I think a user would use the software.
If you have a customer I would suggest breaking the software into smaller modules (manageable chunks) and sitting down with the user to talk to them, step-by-step, how they want the module to function.

Company seeking my personal projects during non-work at home?

Ok, so I'm building "Web 2.0/3.0" sites to make extra money. I currently run my own personal project sites with some advanced technology in the backend (AI stuff, recommendation system) that I've developed over the years. It's a subscription site for me to make money on the side.
Now, my company (they do web application/software technology, ad network) somehow found out I run several websites. They were like, "Hey Joe, you run so and so websites! Why not put them on our ad network?? The stuff you're doing is a threat to our technology -- we don't want you competing with us on the side. Let us have your websites and put it on our portfolio/ad network."
Ok, basically it seems they want the rights to my technology and personal project. Somehow they must've googled my name and linked it to some projects I'm working on on the side. Is this ethical for a company to do? Trying to own my personal project since it's got some cool technology and trying to own the rights to it? Just because I work for the company doesn't mean I'm gonna make an offer to them, right?
You probably need to consult a lawyer. What were the terms of your employment that you agreed to when you were hired? Was there a non-compete clause? Was there a required disclosure clause?
Depends on your employment contract. Your contract might say something like "anything you do, while in the employ of company XYZ, be it during work or non work hours belongs to us". It's time to talk to a lawyer, not ask StackOverflow, this isn't a technology/programming question.
Ethical? Yes, why not. If you're putting stuff out on the web and they can find it via Google, then why shouldn't they? If you don't want people to find stuff you've done on the web then don't put it on the web or use a robots.txt to hide it from Google. It's not completely unreasonable for them to at least wonder if you may be using technology that you developed while you were working for them.
Legal--maybe so, maybe not. Depends on the employment agreement that you signed when you joined the company. I'd consult an employment lawyer for real advice rather than asking here.
They may have web logs that demonstrate that you were working on your private web sites during work time--if you did so. I'd be very careful in how I proceed if I were you.
check your contract, and/or your state laws and case precedents. Talk to a lawyer.
IMHO it is unethical for them to attempt to take your intellectual property without compensation, even if you have a 'all your codez are belong to us' kind of work-for-hire agreement. But talk to a lawyer, and be prepared to walk, get sued, and countersue, if necessary. Someone trying to steal your lunch money is a bully and a thief, but they may just have a legal claim.
Unfrotunately, this is not a joke. Talk to a lawyer right away.
If what you do in any way competes with what your company does or uses technology, intellectual property, information or contacts that you gained because of your employment with your company, then you may have issues and should check your contract and see a lawyer.
The other side is: did you ever work on your sites (and this can include sending emails and the like) your personal projects at work? If so, you may be in trouble there too.
IANAL so that's all I'll say on the legalities.
You need to consult a lawyer to get a definitive answer to this question. The answer might depend on your employment contract, and the laws in your locale. Don't rely on anything people say on the internet regarding legal matters.
Regardless of whether or not it's within their rights to do so, I think it's unethical and foolish of them to pressure you like this. I imagine they have just lost any employee loyalty you might have had.
I think a proper response could be, "if you think there's ad revenue potential in my websites, make me an offer that reflects their value, and I'll consider it." After all, you started those sites to make money, right?
But first talk to a lawyer, to be sure you're in a position to negotiate.
Well a friendly way to go about it, and that they should probably be willing to accept if they are a reasonable lot, is to buy/lease your technology. This way you can get a nice sum of money for your work (since you mentioned the purpose of this site was to make extra money in your question).
Otherwise (if its a pet project first and foremost) you might as well tell them in a friendly manner that you keep that site as a hobby, and you'd prefer to not share it if thats ok, unless they let you work full time on your and a cut in the earnings, etc... (something most people would love to do, work on their pet projects and get paid a stable salary for it).
As always first try to reason with the other party in a civilized and friendly matter, it'll likely make both parties happier, and it'll be better than taking the legal route most of the time.
I am Not a Lawyer, and the laws almost certainly vary by country/state/province. But if you are working on a side project on your own time, on your own equipment, using only your own network resources, etc., then in my opinion, they have no right to your work.
If you signed some sort of vague non-compete contract, or something that says all the stuff you do on your own time is theirs, then you have less of a leg to stand on.
Your best bet is to ask a lawyer, if there's enough revenue from your subscription base to justify it.
Consult a lawyer! Regardless of your contractual obligations, any company has a right to be concerned if one of their employees is running a direct competitor on the side, especially if they can demonstrate that you have access to privileged information which you are using to compete (knowledge of their technologies, marketing strategy, customers etc).

Is it ethical to monitor users? [closed]

As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 10 years ago.
I didn't know I would be getting too many replies so fast. I can provide more details. It is definitely for use within the company. I was looking for some info on whether I should be more careful or anything to watch out for...
My boss is asking me to put some tracking info on what users do with their application. It is not about collecting sensitive data but there might be some screenshots involved and I am not sure if this is a breach of privacy.
Would love to hear any thoughts on this or if you handled something similar.
At work, there is no privacy. Think of it this way, if you work for a financial institution, or a government one, monitoring users may be the difference between keeping sensitive information secret and not. (I want my personal information kept private). They are paid to do work at work. If they are afraid about what they are doing is wrong, then they shouldn't be doing it.
A comment brought up a good point. If you are selling the product and spying on end users, that is totally different. That is highly unethical to take screen shots and report them back to the company. Actually where I work, we'd have you arrested for it if we found out. (yes, you'd be violating a federal law, and I guarantee we'd go after everyone and sort out the mistakes later.) That is a very slippery slope.
If you mean users at large, yes it's a breach of privacy.
If you mean users internal to your company (workers), then no -- there should be no expectation of privacy in the workplace.
Sometimes it is good to collect some metrics and will help in enhancing the user experience. Once, we were able to prove that a certain functionality was never used and we were able to remove support for it. For screenshots, you should be careful to take only the required window instead of a full screen.
If the application is used internally within your organization, and you have a corporate policy that states "no expectation of privacy" that has been communicated to and signed by your users then there is no issue.
Monitoring the actions of employees within a business in the US is very common practice.
Legal issues aside, do you want to work at a company that takes screenshots of your desktop?
Even if legal, this behavior is sure to drive away developers. Remember, in a bad work environment often the best developers leave first; they have the best job prospects.
Here's a corollary example: would you want your boss taping and listening to phone calls you made from the office? You don't give up every right you have just by cashing a paycheck.
Even if this screen capture methodology is legal, it certainly isn't ethical and will absolutely damage the morale of employees by demonstrating that they cannot be trusted.
It's just a bad idea. There have got to be better ways of accomplishing your goals than this.
Screenshots? If it's not opt-in, I'd say that's a pretty clear breach of privacy.
I made a simple CMS in PHP and I had to store all actions of users, but it's a completely different situation. In my opinion what is asking your boss is a bit out of privacy, especially if in your application you don't mention to the user this kind of behavior.
On a work machine? Absolutely; as long as the users know the extent to which they are being monitored. It's their choice to work for the employer, and they are using the employer's equipment.If you don't notify them that they are being watched, then that is kind of a "grey area"....depending upon state lawss, it may even be illegal - depending on what sort of information you are monitoring.
Something that would help on clarification would be is this an internal company application or something that will be on user's personal computers.
Typically when it comes to computers that are owned by the company, if the company decides to do monitoring, it is their choice. Disclosure of the monitoring is often encouraged in an effort to be open and honest, but is not mandatory. A user should not have any expectation of privacy when using equipment owned and managed by the company.
This is not just a matter of custom built applications, but also web browsing, email, phone conversations, etc. If you are using company resources then you are releasing your privacy.
If this is an application going to users outside of the company, then yes it is wrong without permission by the users.
That is greatly depending on the country you are in and what information you are collecting and what you do with it.
There is a huge difference between the US and EU for instance.
The Law, jurisprudence, union contracts and company policy (when not in contradiction to the above) are what determines what is acceptable.
If its for an internal app its completely ethical.
Beyond disclosing to all users that their use of the apps is monitored there is no other obligation of disclosure(excepting federal contracts and union contracts).
What is most important about capturing this kind of data is to focus on capturing the absolute least amount necessary - capturing screenshots of all open windows plus any adjacent data streams does in fact incur liability issues (think HIPPA) as well as producing a mountain of data that no one will ever look thru until a lawyer requests it with a subpoena and you're asked to go thru it and redact all Names, DOB, and SSNs in 160GB of data.
Seems this has already been answered, but it should be noted that there are countries where this is illegal, even at a place of work.
For instance, in Switzerland it is illegal to track which websites each user has been visiting.
Other than specific laws to the contrary, I would agree that it is acceptable to do, since there should be no reasonable expectation of privacy at the workplace. That said, informing the users is the right thing to do.
One other caveat, if the data you are collecting is sensitive enough that an attacker would have use of it (say, the screenshots include CC numbers), then you must ensure that this information is well protected. (I'm not referring to the user's information, but say the bank's clients' account details.)
If it is done without the user's consent, then it is definitely a breach of privacy. Even with the user's consent, it must be made clear exactly what information is being passed back. If the screenshot was to grab the whole screen, not just a window, then you could potentially get all kinds of private info.
Is this an internal app or a something for the public? If it's internal, it's not unethical, even if it's scummy, to monitor users.
If it's something for the public, in order to not be sleazy:
the user has to be able to opt-out
no personally identifying data can be collected
only data about your app (not screenshots of the entire screen) can be collected
It really depends on exactly what is being collected, the disclosure, and if the program could be opted out of. If that passes the smell test, then ensuring the reporting does not provide an attack vector and the data is appropriately safeguarded becomes your concern. If things seem shady get some written 'feature request' to CYA. The basic idea, if done right, is nothing new. Microsoft, for instance, does it with some of their products.
In a work environment, I think it is OK as long as all employees know that they may be monitored. I've seen places (Intuit was one) where employees are tracked all day. Not my cup of tea, however.
In government facilities, there is typically some sort of login screen that states that anything and everything done on that machine is subject to monitoring.
If these are applications that are run by the general public, I'd say that it better be crystal clear that you are collecting data on them. Personally, I'd rather not have programs 'phoning home' with info about my activities, boring as they may be.
If the client is external, this should be disclosed to the client. Actually, if the client is internal OR external, if you do not disclose it, it is totally unethical.
An employment agreement that states that there can be no expectation of privacy constitutes disclosure.
Screenshots? If it's not opt-in, I'd
say that's a pretty clear breach of
privacy.
you've opted-in by cashing your paycheck :)
as many indicated, informing the user is the best the company can do. Informing, not asking to Opt-In.
I would suggest reading:
Privacy. My interpretation is that people will expect some things to be kept private such as their personal information. By interacting with your sites, users are sharing information with you that you should be able to use but not distribute or abuse as if it was your own.
Screen shots is obviously the hot button issue here. While users entering information into a text input field are knowingly giving you information, screen shots go beyond what a typical user would expect and therefore should be disclosed to the user through a privacy policy.
Collecting anonymous usage should be doable without screenshots.
If your app collects any data that is meant to be protected by privacy laws, then you will have to treat the screenshots as containing sensitive information and protect them accordingly. Data protection laws are pretty strict in most countries.
Unless you have a really really small company, privacy laws vary a lot between countries, and the feature is probably more trouble than it's worth. In any country I've even lived in, that idea would never fly.
But don't ask a bunch of hacks on a site like stack overflow. Seriously, ask a lawyer.
I think the question is still a bit vague as to who is going to be monitored for what. From what I understand who'll be monitored are the end users who are using the application and the gathered data will be used internally. Assuming this is the case, I think, I can contribute the following answer:
If you are going to monitor end users to see how they are using your product, you are in human factors/user experience business and what you want to do is really an experiment. Doing such an experiment requires consent of the subject (the end user). In an academic setting (and I think the same goes for industry as well), there is an Institutional Review Board (IRB) which grants permission for such experiments. I believe in the industry scene there are similar organizations (just not sure what they are called). A request for permission for such an experiment is accompanied by a report which details the user experiment in a very specific manner. The IRB than decides whether to issue a permit or not.
The important point is the consent here and users should know about the experiment and agree to be subjects. I think, in the absence of a user consent the experiment is neither ethical nor legal. Again, I approached this based on an assumption and tried to summarize my experience in such experiments.
Collecting screen shots may be illegal even if employees are notified. This is an issue of local law and federal law. You haven't said which country you are in. In California, for example, monitoring screens might violate both workplace privacy laws and wiretap laws. You should get an opinion of your corporate attorney before implementing this.

Resources