Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 8 months ago.
Improve this question
I have Buyer, Product, Seller, and Offer. The buyer offers to buy a product and the seller either accepts the offer or declines it. I also have the following invariants:
Buyer can't make an offer for a product if there is a pending one already.
Seller can't accept a non-existing offer from a buyer.
I created the following aggregates Buyer, Product, Seller, ProductOffers. ProductOffers contained all offers from all users. ProductOffers also have a method TryMoveOfferToAccepted() which is called when OfferCreatedEvent is raised from the buyer. TryMoveOfferToAccepted() then raises event triedMoveOfferToAccepted which is handled by the Product aggregate which checks whether the product can be bought (checks for sufficient quantity...) and the if successful raises an event ProductBought event which then is handled by ProductOffers (moves the offer from pending to accepted).
Is this a good way to do this? And how can I be sure that someone doesn't call Product's aggregate buy method without first checking whether an offer from buyer exists?
You are over-engineering your problem.
Get back to your use cases:
A buyer makes an offer to buy a product
A seller accepts an offer
You could model that with a single aggregate, Product (root) + Offer (object value or entity). The name ProductOffer should be a good hint that this object should not be a root "aggregate" and is aggrgated to the Product. Also note that single entities are not aggregate, they are entities. The term aggregate describes situations with multiple object.
The seller can use Product.MakeOffer() to make an offer. This will check there is no existing pending offer from that buyer in the Product.Offers collection.
The buyer can use Offer.Accept() to accept an offer. Since the offer is a child item in the aggregate, you need to return the whole aggregate from the repository, allowing you to compare the Offer.Quantity to the Product.InStock for instance.
Addendum:
For rejection, you don't need that complexity. Aggregates MAY overlap into a polysemic model. You could have a separate Offer entity (not the same used by the Product+Offer aggregate) used for the offer rejection use case. This could save some database read performance.
Don’t forget about simplicity. Simplify everything you can. The fewer things you have, the easier it’s to control them. My friend from https://transformagency.com/ has the same philosophy, which I really like. What to make things more complicated? When you can make them more simple. Minimalism is a new must. As you can see, it’s everywhere. We often notice it in design, food, and general lifestyle. So, I think you’ve solved your issue successfully. If any problems happen, let us know.
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about programming within the scope defined in the help center.
Closed 7 years ago.
Improve this question
I work for a company which handles some websites that have educational forms prospective students can fill out if they wish to be contacted by a college.
We have attempts coming in from two overseas countries, which are continually filling out and attempting to submit forms using ridiculously bogus information. The only possible outcome if these were to go through would be that the school would try to call them.
I cannot figure out how this could potentially benefit them, in any way shape or form. It seems like it's probably a bot, because they are inserting integers for first name, last name, and email address. I've even considered that some companies I've heard of boost their site traffic unethically by having people (or bots) falsely cause hits on their pages, etc. I don't think that's the case here but I'm not sure.
This isn't my project, but someone mentioned it to me and I found it intriguing. What possible benefit would a bot or hacker have from doing this? Each attempt has been unsuccessful but even if it got through, what's the point? Did someone actually send a bot to try and spam educational websites where all you can do is submit an inquiry to a school? What's going on here, ideas?
My best guess is that it's a bot someone put out there and it's hitting our site by mistake. I don't get it, but I'm not a security ninja. I would love possible scenarios, preferably evidence/fact-based, not opinions if you can't back it up - nothing personal, it's just that I know these are the rules of Stack Overflow.
So if you have a fact-based hypothesis why this may be happening, I would love to understand the how/why...
I don't think that you will ever find any useful answer to your question, because there are lots of reasons that someone may do this. It may be "for fun", increase google ranking, or there are personal "rivalries" between someone else with the company.
Well, you can see at least if the spam comes from automated bot ( if you can change the html/backend code), using the honeypot method, nested somewhere in the form. If the spam stops, it should be an automated spam bot, and most likely you should consider it as a random spam, otherwise someone may have created a spam script for your site and they may do for fun or for other purposes.
P.S. : Do not use ReCaptcha, as some bots can break it.
It's most likely a bot attempting SQL injection.
How does the SQL injection from the "Bobby Tables" XKCD comic work?
The bot isn't trying to insert data into your database. It is trying to maliciously craft responses so that it can retrieve data from your database, or perhaps just delete all of it.
You need to make sure that all your SQL queries are properly escaped to prevent request data from the bot modifying database queries to work in unintended ways.
If you provide some examples of the requests, StackOverflow will be be able to tell you exactly what's going on.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 9 years ago.
Improve this question
I want to choose a CMS that will be part of my infrastructure for my company websites.
What do you think are the questions I need to ask before I really choose one?
Choosing a CMS is almost like choosing a framework.
Thanks
Your two starting questions should be about people:
Who will be building and maintaining the technology? If your organisation's IT department is in love with Microsoft solutions, then find the best .NET CMS that meets your needs (Umbraco, Kentico, DotNetNuke etc). If you have no money but you're fairly IT-savvy and have a couple of Web designers on tap to help you out, then a designer-friendly free system like MODX Revolution makes sense. If some of your people have worked with a big system like Drupal, then that's your leading candidate.
Who will be adding content to the system? Internal users will want an interface that rewards use - it must react fast, protect the user from losing their work, make content easy to find, and ease tasks like creating new pages and including links and images. That might push you towards CMS Made Simple, or even WordPresss if your needs are otherwise modest. And if most of the content will be contributed by a user community, the CMS must support a strong forum capability.
After that, take a look at Step Two's document How to evaluate a content management system. These guys know their stuff. You may even want to buy their Content Management Requirements Toolkit. Their evaluation document gives you a starting point for your evaluation.
Do bear in mind, though, that not all requirements are created equal. For instance, many CMS texts stress the importance of complex workflow and versioning. In large publishing businesses, these sometimes matter a lot. In most smaller organisations they don't matter as much. Your workflow may consist of one person putting content into the system and another approving it to go live - the sort of task that can be accomplished with a staging server and email. Versioning may be adequately covered by a regular back-up.
And remember above all that when you put a CMS in an existing organisation, you're engaging in politics. You need to find out what people want, show you're delivering it, explain to them the considerations which they don't know about but which have to be taken into account, and convince them you're acting to bring them the best possible tool. Good luck.
I was wondering if anyone could share any best practices around the design of a concurrent user e-commerce discount engine.
In my system, users can be allocated purchase credits that allow them to purchase things for free. So, for example, the user will select a basket of products that is passed to a discount engine where rules will be applied based on the credits assigned to the user's account. Say the user has 5 credits, how do I ensure that, a credit can be used once and only once? Will I need to introduce some form of database locking? Would I store a count of credits in a single table or maybe create distinct records to model each credit?
I suppose this is analogous to a ticket booking system where it is imperative that a single ticket can't be sold to more than one customer at a time. It seems to be about ensuring that, even in a highly concurrent environment, no purchase credit can be used twice.
Hopefully I'm making at least a little bit of sense!
Just us an SQL database that doesn't suck at transactions, stick the operation of using up a credit into a single transaction (possibly by having the DB constrain the number of credits to being non-negative or something) and it should not be possible for two concurrent transactions to use the same credit. Databases are REALLY good at that sort of thing, it's exactly what they are for.
Basically just shove everything shared in a database and wrap operations that go together in a transaction and your front end code can just pretend there's no concurrency at all. Which is of course the entire reason RDBMS's exist after all.
EDIT: Your schema won't affect the correctness of this approach (although where you begin/end transactions will), it will affect your performance, as will how the DB is implemented. I'm only bringing this up because you tagged the question with 'database-schema' and don't seem to be aware that an ACID DB will just make what you want happen if you write your queries correctly.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 12 years ago.
Improve this question
I want to port an open source program to iPhone, the license prohibited any commercial use of the code. I emailed the author and he sent back an email saying freeware is ok.
Of course I cannot (should not) charge anything on top of the code. Still, I want to get compensation for my work on UI design, graphics and integration work.
So I wonder:
Is donation (via PayPal) OK for my case?
Is in-app purchase OK? i.e. the program is free, the user has the option to buy addition theme graphics?
Thanks
EDIT:
Let me modify this to a hypothetical question. What if:
some course code is found on the net
there is a license coming with it, stating freeware is ok
the author cannot be contacted
Then
someone compiles and ports the code to a new platform
and adds some graphics
any necessary code changes are published
in the program, a donation link is added
in the program, (iPhone version), an in-app purchase option is added
Any comments on the above scenario?
Why are you asking us? We don't have the copyright and we cannot license it to you.
You've already been in contact with the creator, these questions are better suited for him.
Personally, I would think both your scenarios are okay since no-one is forced to pay you for the use. But, as I said, I'm not the copyright holder. You need to either have a lawyer look over the licence or get a very explicit release from the author stating that what you want to do is okay.
Okay, based on your edit.
Here is what my employer would most likely do (a company deadly serious about IP issues).
They would evaluate the relative costs of getting into trouble misusing the program (getting their considerable legal department to evaluate the licence) against that of just clean-rooming the program. They would choose the cheaper option and go with that.
Now here's what I would do, not having my own personal Nazgul of lawyers.
If I couldn't contact the author, then he's probably a one-man show - he'll be able to afford legal representation about as well as I can so will be unlikely to push that hard, in a legal sense.
I would argue that my application is indeed freeware since I'm not charging anything for its use. If a customer chooses to ask for extras (in-app purchase) or make a donation, that money transfer is not tied to the acquisition of my freeware at all.
Of course, if your freeware is near-useless without an in-app purchase, it could be argued that the connection is there between money and product transfers.
But I think I would be quite safe going the donation route. There is an absolute unbundling of the two events (product transfer and money transfer) there and one does not require the other.
Some people have even just asked for donations without a reciprocal arrangement (Save Karyn), although I wouldn't give money to some clown who'd already proven themselves inept at managing it.
Standard disclaimers apply: I am not a lawyer, I am not your lawyer, I don't even look like a lawyer from a hundred yards away.
How much are you compensating the author of the open source program for their work?
I am not sure whether donations would be considered "commercial" under the terms of the license, but from your description it doesn't really seem in the spirit of software you are porting.
And why are you asking us when you can just e-mail the author as you did before?
Note that open source licenses allow commercial use and distribution (see #5 and #6 of linked page). So this is not open source, and whether your scenarios are allowed depends on the actual license.
Ask the original author, he should have the canonical interpretation of his license.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 3 years ago.
Improve this question
I work for a small one-product one-customer company that is transitioning to a one-product, multiple-customer company. Even though we've had just one customer, we've had different projects with different delivery dates, but for each project we've been able to deliver the latest monthly release which we've kept in a separate code branch in case we've had to deliver bug fixes for that specific release.
Recently, we've acquired a number of new customers and a new problem has arisen: The head branch will typically solve (without breaking functionality) many different customer specific problems, and not all customers want all the changes, but would rather prefer to cherry-pick fixes and features.
Do you have any experience with that situation, and how to handle it practically without being overloaded by testing and work (our monthly release tests take about 3 days of computer time)? And version control wise, how do you manage (I guess cvs will finally have to go...)?
The most simple solution is to cut the product into a core product and each feature into a plug-in. That way, every customer can cherry pick the features they want. But even this solution can quickly overwhelm a small company.
In reality, you usually are in a worse situation: You have a new feature which helps customer A and breaks something for customer B (say, customer B is not ready to modify their database and the new feature doesn't work without the change, so this in fact makes the new version unusable for customer B). If you were big, you could simply ignore customer B.
As it stands, you really need to find a way to convince your customers to move on. The most simple way is money: Tell them how much it will cost them to get a tailor made product and how much all them will save if you can find a solution that suits everyone. Invite your customers over, build a list of changes together and have everyone agree on the plan.
Also, you really must have automatic unit tests, so you can be 100% sure that the product which leaves the house today can't possible be worse than what you sold four weeks ago.
Even with the best version control system out there (for me, that would be git), you can't solve the fan-out you get if you can't get everyone pull into the same direction (except, of course, you can really split each customer into a plug-in).
We have a similar setup of one (fairly specialist) product and multiple (but only the order of hundreds) customers who all want their own pet feature.
As far as I can see you can either go down the 'off-the-shelf' route where your product is non-customer specific, and any features you add are for the good of the product (possibly at customers' request); or you go down the bespoke, consultancy route where every customer has their own unique version of the product.
If your customers all require basically the same product then you should go down the first route and that means all features go to all customers.
Hiding features is easy, maintaining multiple concurrent versions is a nightmare!
A solution which could work if your customers demand to cherry pick their features is to maintain branches for each of them and then very carefully copy relevant changes from your head branch.
This means that your commits need to be as atomic as possible - only fix exactly one issue - and that no changes should go directly into customer branches. But that approach is still very dangerous.
Its possible to use CVS in this situation (altough I would recommend you take a look at other options like SVN).
I worked on some similar projects. and what we did was having a Commom branch, for core features of the system and a "Customer" branch for each variation of the product, this way you can implement specific features and bugfixes of each client and still use the same changes in "commom" to all variations of the product.
This approach takes a lot of configuration management effort though (merging and building), so you might want to have a specific person to handle theses tasks.
EDIT:
Additionaly, you should (if don´t already) have a bug tracker system, in which you should document the client/branch you are working on.
Only support the head/main trunk, unless there is a branch that has a bug fix/feature that is not present in the main line.
I know you said some customers do not want that, but I have seen the end result of the many branch support. You do not want that. It is a nightmare and will cripple your development, product and test teams.
Don't do it.
Be firm.