IPSec更安全这句话!

看到一本书上这样一句话,IPv6提供网络层上的加密,因此具有更高的安全性。

依据语境,这是指的IPSec的网络层加密功能,相比的是SSL的传输层加密。

那么网络层加密为什么就比传输层安全呢?依据我的理解,数据发送从上到下,ssl发给传输层及以下的数据已经是加密的,这个不存在什么缺点。

网上搜了一下,倒是有这么个观点:SSL VPN比IPSec VPN更安全

所以我说,这书上“IPSec更安全”这句话还是谈正确的!

Continue reading IPSec更安全这句话!

itsnat -- Custom components and friendly URLs

中文版:itsnat--自定义控件入门和友好的url

itsnat  is a interesting java web framework, which implemented TBITS(The Browser Is The Server ), it mocks a Universal W3C Java Browser in the server, the client send the client browser's action to the server by AJAX, then mapping them to W3C Java Dom action, the DOM in the server response with the action and send result to the client, the client use the result to synchronize the DOM in the client browser with the server DOM with javascript, really wonderful idea, right?


To design a custom component, need flowing steps:(these code will create a custom Dialog component)

1: Add Listener to the Template

Java code: 

>String html = "E:/projects/ItsNat/wb/test/WebRoot/apps/pto/frontpage.html"; ItsNatDocumentTemplate docTemplate = getItsNatHttpServlet().registerItsNatDocumentTemplate("pto","text/html", html); docTemplate.addItsNatServletRequestListener(new ItsNatServletRequestListener(){

Continue reading itsnat -- Custom components and friendly URLs

【转】安全的session管理

好文章,转载以备份。原文出自这里

 

前言

session 的管理對網站應用程式非常的重要,不適當或不夠嚴謹的管理也會造成安全上的問題,以下針對 session 管理相關的安全問題分項探討。

 

使用 Framework 內建的 Session Manager

藉由 session 限制與維護使用者的行為是網路安全很重要的一環。大多數的人會使用網站應用程式框架內建的 session 管理,有些人會使用 Perl CGI。網站開發者應盡量避免自行開發 session 管理,因為自行開發常常會藏有許多漏洞,而框架內建的 session 管理經過多次測試與修復相對上較為安全。此外這些框架會持續維護其安全性,因此要確保做好更新與安裝修補程式的動作。

  • 密碼強度
    Session handler 的一個重點是 session token 或 session ID 的密碼強度,Session handler 產生的 token 必須是無法預知並且長度夠長讓人無法猜測的到。Session tokens 必須每個使用者都不同、無法預測、能抵抗反向工程。
  • 適當的 Key Space
    一個加密的演算法也可能因為 Key space 不夠大造成攻擊者使用暴力解來取得內容。因此 token 的 Key space 必須足夠大來防禦暴力攻擊法,並且注意電腦計算能力與寬頻能力已隨著時代進步。
  • Session Identifier(session ID)
    Session Identifier 應該使用最大可用的 character set,如果一個 session ID 要由 8 characters of 7 bits 組成,有效密鑰長度為56位,但如果使用的 character set 只有整數可用 4 bits表示,有效密鑰長度就只有32位。因此一個好的 session ID 應盡量使用越多 characters 越好,但一些特殊字元有轉譯的麻煩,所以大多的 frameworks 採用 A-Z 和 0-9 有些還添加了小寫 a-z。

驗證由客戶端傳來的 Session ID

所有由客戶端傳來的資料都必須經過編碼和驗證,許多 frameworks 會驗證和編碼從 GET 和 POST 而來的 input,但未充分編碼從客戶端 cookie 傳來的 session ID 值。下面的 ESAPI code 片段使用 ESAPI 中的 method 來驗證 session ID 的值:

public String getRequestedSessionId() {
     String id = request.getRequestedSessionId();
     String clean = " ";
     try {
          clean = ESAPI.validator().getValidInput( "Requested cookie: " + id, id, "HTTPJSESSIONID", 50, false );
     } catch (ValidationException e ) {
          // already logged
     }
     return clean;
 }

 

 

確保 idle 和 timeouts 時間夠短

根據業務需求和安全性的考量,session 必須有一有限的壽命,在一定時間後過期。網站應用程式必須將靜止一段時間的 session 設為過期,刪除此 session 並一併更改 session cookie 的內容。

 

在使用者登出後銷毀 session

當使用者登出後網站應用程式需讓 session 無效或者移除此 session,並且如果隨後有別的使用者登入必須取得不同的 session ID。要做到這樣的機制,當使用者 logout 時必須改寫 session cookies 註明已過期並銷毀 session。以下是 ESAPI code 的例子:

public void logout() {
     ESAPI.httpUtilities().killCookie( ESAPI.currentRequest(), ESAPI.currentResponse(), HTTPUtilities.REMEMBER_TOKEN_COOKIE_NAME );

     HttpSession session = ESAPI.currentRequest().getSession(false);
     if (session != null) {
          session.invalidate();
     }
     ESAPI.httpUtilities().killCookie(ESAPI.currentRequest(), ESAPI.currentResponse(), "JSESSIONID");
     loggedIn = false;
     logger.info(Logger.SECURITY, "Logout successful" );
     ESAPI.authenticator().setCurrentUser(User.ANONYMOUS);
}

 

 

public void killCookie(HttpServletRequest request, HttpServletResponse response, String name) {
     String path = "//";
     String domain=" ";
     Cookie cookie = ESAPI.httpUtilities().getCookie(request, name);
     if ( cookie != null ) {
          path = cookie.getPath();
          domain = cookie.getDomain();
     }
     SafeResponse safeResponse = new SafeResponse( response );
     safeResponse.addCookie(name, "deleted", 0, domain, path);
}

 

輪換 Session ID

對於高安全性網站,網站應用程式在處理重要的程序之前,或是經過某一段時間和幾次 requests 後,必須重新產生 session ID。中等或低等的網站,在使用者權限改變時也應該重新產生 session ID ,例如從訪客變成登入的會員或從登入者變成管理者。以下是 ESAPI code 重新產生 Session ID 的例子:

public HttpSession changeSessionIdentifier(HttpServletRequest request) throws AuthenticationException {

     // get the current session
     HttpSession session = request.getSession();

     // make a copy of the session content
     Map temp = new HashMap();
     Enumeration e = session.getAttributeNames();
     while (e != null && e.hasMoreElements()) {
          String name = (String) e.nextElement();
          Object value = session.getAttribute(name);
          temp.put(name, value);
     }

     // kill the old session and create a new one
     session.invalidate();
     HttpSession newSession = request.getSession();

     // copy back the session content
     Iterator i = temp.entrySet().iterator();
     while (i.hasNext()) {
          Map.Entry entry = (Map.Entry) i.next();
          newSession.setAttribute((String) entry.getKey(), entry.getValue());
     }
     return newSession;
}

 

 

保護 Session ID

如果可以的話,網站應用程式應該都以 HTTPS 的方式傳輸。如果無法,至少包含敏感性資料的頁面或處理程序要使用 HTTPS; 如果 HTTPS 無法保護整個網站的 session,在 HTTPS 傳輸時必須搭配 session ID,將此 session ID 和網站伺服器的 session 做配對檢查。

如果必須藉由 URL 參數來傳遞 session ID 時,必須使用 POST。如果 cookies 用來儲存並由 HTTPS 傳送 session ID 時,必須被設為”安全”這樣就不會經過 non-SSL 的管道。

網站應用程式必須提供登出的機制,並確保登出後此 session 過期和被銷毀。

 

作者列表

  1. 2011/03/21 姚辰旻 初稿

參考資料

 

PS:

ESAPI的站点都访问不了?

Continue reading 【转】安全的session管理

【转】Lustre 介绍

http://book.51cto.com/art/201004/196350.htm

Lustre[5]文件系统是一个基于对象存储的分布式文件系统,并且与PVFS一样,Lustre也是一个开源项目。Lustre项目与1999 年在Carnegie Mellon University启动,现在已经发展成为应用最广泛的分布式文件系统。Lustre已经运行在当今世界上最快的集群系统里面,比如Bule Gene,Red Storm等计算机系统,用来进行核武器相关的模拟,以及分子动力学模拟等等非常关键的领域。

Lustre的组织结构在其官方文档中有详细的介绍,如图 5.5所示,Lustre集群组件包含了MDS(元数据服务器)、MDT(元数据存储节点)、OSS(对象存储服务器)、OST(对象存储节点)、Client(客户端),以及连接这些组件的高速网络。

1)元数据存储与管理。MDS负责管理元数据,提供一个全局的命名空间,Client可以通过MDS读取到保存于MDT之上的元数据。在 Lustre中MDS可以有2个,采用了Active-Standby的容错机制,当其中一个MDS不能正常工作时,另外一个后备MDS可以启动服务。 MDT只能有1个,不同MDS之间共享访问同一个MDT。

(点击查看大图)图 5.5  Lustre集群架构

2)文件数据存储与管理。OSS负载提供I/O服务,接受并服务来自网络的请求。通过OSS,可以访问到保存在OST上的文件数据。一个OSS对应 2到8个OST,其存储空间可以高达8TB。OST上的文件数据是以分条的形式保存的,文件的分条可以在一个OSS之中,也可以保存在多个OSS中。 Lustre的特色之一是其数据是基于对象的职能存储的,跟传统的基于块的存储方式有所不同。

3)Lustre系统访问入口。Lustre通过Client端来访问系统,Client为挂载了Lustre文件系统的任意节点。Client提供了Linux下VFS(虚拟文件系统)与Lustre系统之间的接口,通过Client,用户可访问操作Lustre系统中的文件。

Lustre集群中的各个节点通过高速的以太网或Quadrics Elan、Myrinet等多种网络连接起来。

(点击查看大图)图 5.6  Lustre文件系统架构

在Lustre官方手册中给出了Lustre文件系统的架构,如图 5.6所示。Lustre文件系统也是一个3方架构,包括了MDS、OSS和Client这3个模块。文件的打开(open)和关闭(close)、元数据以及并发访问控制都在Client和MDS之间进行;文件I/O操作以及文件锁在OSS和Client之间进行;文件备份,文件状态获取以及文件创建等在MDS和OSS之间进行。目前Lustre文件系统最多可以支持100000个Client,1000个OSS 和2个MDS节点。

同PVFS类似,Lustre系统中既可以运行一个功能模块,也可以同时运行2个或3个功能模块,这取决于系统的规模。不过Lustre一般运行于高性能计算机系统之上,为了提高Lustre文件系统的性能,通常MDS、OSS和Client是分开运行在Lustre不同的节点之上的。

实验与应用已经证明,Lustre文件系统的性能和可扩展性都不错。不仅如此,Lustre文件系统还拥有基于对象的智能化存储、安全的认证机制、比较完善的容错机制等优点,值得注意的是,Lustre还实现了部分文件锁。Lustre确保从不同Client端挂载的Lustre文件系统看到的都是一个单一的、同步的、一致的命名空间。由于Lustre部分锁机制的存在,多个Client端在同一时间点可以写同一文件的不同区域,其它Client则可以读取文件的其它区域。由于部分文件锁的存在,极大的提高了多用户对同一文件进行并发访问时系统的性能,对同一文件并发访问这在像数据库这种应用里是极为常见的。

相对于PVFS,Lustre的可用性和扩展性以及性能上都有较大的提高。然而,Lustre需要特殊设备的支持,并且Lustre目前还没实现 MDS的集群管理,虽然相比PVFS的单MDS,Lustre的双MDS在可用性上还是提高不少,但是当系统达到一定的规模之后,MDS还是很有可能成为 Lustre系统中的瓶颈。

Continue reading 【转】Lustre 介绍

【转】Ari Zilka谈Ehcache的进程内堆外缓存BigMemory

转自infoq,文章不错,而且译得也不错。

Ari Zilka谈Ehcache的进程内堆外缓存BigMemory

作者 Srini Penchikala 译者 王丽娟 发布于 2010年11月29日

Ehcache的BigMemory提供了一个进程内的堆外缓存,用来存储应用相关的大批量数据。Terracotta上周发布了BigMemory模块的GA版本,该模块支持Ehcache企业版。BigMemory是Ehcache标准API的一部分,为cache定义两个新属性(overflowToOffHeap和maxMemoryOffHeap)就可以使用了,代码片段如下所示:

<cache name="sample-offheap-cache"
    maxElementsInMemory="10000"
    eternal="true"
    memoryStoreEvictionPolicy="LRU"
    overflowToOffHeap="true"
    maxMemoryOffHeap="1G"/>

BigMemory在内存存储策略上有别于传统的缓存解决方案。它不把数据存储在Java堆里,从而避免了JVM的GC问题。BigMemory这种特别的存储被称为堆外(Off-Heap)存储。传统的缓存解决方案为了规避这些问题,都将数据分布在缓存节点组成的集群上。BigMemory提供了一种新的架构选择方案,允许应用运行在堆小于1G的JVM上,利用堆外的内存来加快数据访问的速度。

InfoQ有幸采访了Terracotta的CTO Ari Zilka,请他谈了Ehcache框架里的BigMemory新特性、BigMemory有助于应用性能提升的用例场景,以及BigMemory的局限性。

InfoQ:为Ehcache框架添加BigMemory特性的主要动机是什么?

主要动机是为了解决我们在Terracotta服务器里遇到的GC问题。服务器里的GC会引起响应时间和大规模GC事件出现变化,可能会致使(一级缓存L1的)缓存客户端故障转移到备份的Terracotta服务器上去。我们意识到这个解决方案的好处后就立即扩大了它的应用范围,包括为独立Ehcache追加一个内存存储,这个内存存储后来就发展成了BigMemory——Ehcache企业版的一个插件。

InfoQ:BigMemory堆外存储提供的方式能避免Java GC的复杂性,你能谈一谈实现的具体细节么?

BigMemory把缓存对象存储在Java堆之外,但仍然在操作系统的Java进程里。所以它仍然是个进程内的缓存,具备所有与此相关的高性能,但它不使用堆,这样就可以给应用配置很小的堆空间,从而避免GC问题。BigMemory使用了JDK 1.4引入的DirectByteBuffers。所有的Java实现都可以运行BigMemory,所以任何人都可以使用BigMemory,而不用更换JDK。

操作系统内存管理器的功能差不多就要完成了。届时我们会在放入数据时分配内存、移除数据时释放内存,我们能做这些事情是因为BigMemory是个缓存,而不是一般用途的Java程序。DirectByteBuffers分配内存很慢,但用起来非常快。所以我们会在启动的时候就从操作系统获取所有需要的内存。

BigMemory的关键之处在于,怎样判断某个对象不再被使用、关联的内存被释放了,这也是很多人一开始最难理解的地方。对缓存来说,这其实非常简单。Map主要涉及put、get和remove操作。我们在放入数据的时候分配内存(malloc),移除数据的时候释放内存(free)。我们实现了一个内存管理器,它使用的是很好理解的计算机科学算法,还有我们专门为此实现的增强。

在被问及BigMemory什么情况下能提升应用性能时(从只读、经常读、读写操作来说),Ari回答说,在“90%读/10%写”的常见情况和“50%读/50%写”的写操作过多的情况下,他们都见过比较好的性能结果。这是因为缓存是进程内的。只读操作会受到分布式缓存的影响。读取活跃数据集要比读取其它数据快很多,那些不活跃的数据必须通过网络获取。

InfoQ:BigMemory解决方案有什么局限性?

鉴于BigMemory是纯Java的、进程内的,而且和常见的JVM、容器兼容,所以它没有明显的局限性。我们找到的最大的内存盒有384GB内存,我们在上面测试的结果显示,在BigMemory始终有350GB内存的空闲情况下,性能都是线性的,没有明显的增长。

我们要向用户强调的限制只有一个,那就是使用堆外存储的话,放置在BigMemory中的对象必须进行序列化。对通常就存储在缓存里的那些数据来说,这并不是什么问题。

一旦对象被序列化,在返回Java堆的时候必需反序列化才可以使用。这确实是一笔性能开销。因此在没有GC的时候,BigMemory会比堆内存储慢。但BigMemory还是要比底层可用的存储快很多,不论是本地磁盘、网络存储,还是RDBMS等原本记录数据的系统。

还应指出的是,序列化/反序列化的性能开销远没有很多用户想象的那么大。BigMemory已经针对字节缓冲区做了优化,本身也包含一些优化机制,可以对使用标准Java序列化的对象进行优化。举例来说,测试版发布之后添加的那些优化机制能使复杂Java对象的性能提升两倍,使byte数组的性能提升四倍。Terracotta Server Array正是用byte数组存储数据的。用自定义的序列化则能进一步减少性能开销。

InfoQ问Ari,架构师和开发人员在应用中使用BigMemory时应该注意哪些最佳实践和问题。Ari回答说,任何成功的商业应用都要处理伸缩性问题。缓存是最稳妥、最容易实现的解决方案之一。现在比较新颖的是,不用非得引入缓存集群了。

最好的做法就是用新眼光来审视一下你的性能架构,看你能否从大型的进程内缓存获益。BigMemory可以让架构师对服务器和进程密度进行优化,以满足特定的需求,而不用受制于Java的局限性。

最大的问题则是大多数人已经针对Java本身的局限性做了优化。比如说,大多数Ehcache用户会运行32位的JVM。根据OS的不同,32位 Java的地址空间会是2到4GB不等。所以这些用户在用Java时就放弃了使用很多内存。应用目前可能都运行在RAM很小的硬件上。所以用户要是想使用 BigMemory来运行100GB的进程内缓存,可能就意味着要更换新的硬件,即便现在硬件很便宜。

InfoQ:Ehcache框架以后的路线图是怎样的?BigMemory有什么特殊的么?

我们正在开发Ehcache和Terracotta的下一个版本(代码以澳大利亚弗里曼特尔的别称Freo命名),计划本月发布测试版。我们计划在这个版本中添加一系列功能特性和性能增强。比如Ehcache Search,它能让Ehcache用户在缓存里进行搜索,就像使用数据库一样。Ehcache Search已经发布了测试版,文档也已经全部可用了。

至于BigMemory,我们还在继续提升性能,同时会增加一系列比较实用的增强,例如提供更多的工具,帮助人们更好地理解最适合他们用例的设置。

查看英文原文:Ari Zilka on Ehcache BigMemory

---------------------------------------

PS:

另外一篇:http://www.infoq.com/interviews/zilka-bigmemory

Terracotta是一款由美国Terracotta公司开发的著名开源Java集群平台。

参见:http://blog.csdn.net/ansonchan/article/details/1873001

这有个人问的问题:

    请教老马,这个产品在当前有没有成功又稳定的项目中使用的经验,由于该项目中使用大量自旋竞争锁操作,导致cpu偏高,所以带来的稳定性一直是个问题

问的有水平。哪些人用了?

Continue reading 【转】Ari Zilka谈Ehcache的进程内堆外缓存BigMemory

串口为什么比并口快以及IDE容量

教科书上说,并口一次传多位,速度快。但是实际上为什么SATA硬盘比IDE/PATA硬盘要快?

两方面的原因:

1:数据同步问题

网上有个例子很形象:

并口啊
举个很切合实际的例子
有10个人走一个门,如果门大可以同时通过,门小要单一同过
大门=并口,小门=串口
10个人排一列不容易跟丢,说明串口适合远距离
10个人排一行,可能会走丢,适合近距离,但是走大门能一下通过,速度快,并口的特点 

这是说多个位同时传送,长时间传送后,有些位先到,有些位后到,这就要取决于最后到的那位了,还要加上数据校验的时间(比特流传输的速度必须减缓以纠正错误)。

2:干扰问题

10个人并排走,这个人把那个人推一下,几个人交头接耳说笑话,-----这说的是互相之间的干扰。

目前并行总线没有能解决好数据干扰问题,所以还要校错。

对于长距离传输,问题一影响较大,对于硬盘,问题二影响较大。

Continue reading 串口为什么比并口快以及IDE容量

OpenID 入门

wiki百科:  http://zh.wikipedia.org/wiki/OpenID

官网: http://openid.net/  规范:http://openid.net/developers/specs/

这篇文章较适入门:  http://www.theserverside.com/news/1364125/Using-OpenID 作者也是open4javba的作者。

使用open4java,wicket

http://www.ibm.com/developerworks/cn/java/j-openid/

下  http://www.ibm.com/developerworks/cn/java/j-openid2/index.html?ca=drs-cn-0427

讲得最明白的还是google: http://code.google.com/intl/zh-CN/apis/accounts/docs/OpenID.html

http://www.seven2.com.cn/archives/786/  Google OAUTH + OpenID 解决方案

open4java 用起来总是报错,说什么xml解析错误,查了半天原来是xml解析包冲突,遇到这种情况要检查一下别的引用是否有冲突的xml解析包。

使用0.9.6 maven一直下载不下来改用0.9.5就可以了。

运行simple-openid这个示例只需要这样的pom:

<project xmlns="http://maven.apache.org/POM/4.0.0"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
	<modelVersion>4.0.0</modelVersion>
	<groupId>test</groupId>
	<artifactId>test</artifactId>
	<version>0.0.1-SNAPSHOT</version>
	<dependencies>		
		<dependency>
			<groupId>org.openid4java</groupId>
			<artifactId>openid4java</artifactId>
			<version>0.9.5</version>
		</dependency>
	</dependencies>	
</project>

简单复述一遍流程:

用户登陆网站(简称A),A提供选择:

1:用A的账户登陆。

2:用google的账户登陆。

用户想“俺有个google openid账户,我不想重新注册A账户”。他就选择用google openid账户登陆。

A站点就要知道google的openid provider endpoint的url,向这个地址请求,这一步叫discovery.

endpoint会返回一个文档(可能是xrds格式或html格式),例如google返回的xrds格式:

<?xml version="1.0" encoding="UTF-8"?>
<xrds:XRDS xmlns:xrds="xri://$xrds" xmlns="xri://$xrd*($v*2.0)">
  <XRD>
  <Service priority="0">
  <Type>http://specs.openid.net/auth/2.0/server</Type>
  <Type>http://openid.net/srv/ax/1.0</Type>
  <Type>http://specs.openid.net/extensions/ui/1.0/mode/popup</Type>
  <Type>http://specs.openid.net/extensions/ui/1.0/icon</Type>
  <Type>http://specs.openid.net/extensions/pape/1.0</Type>
  <URI>

https://www.google.com/accounts/o8/ud</URI>
</Service>
</XRD>
</xrds:XRDS>

可以看到uri里面就是下一步进行认证的地址。

A就要向这个uri请求认证,这个里面要设置一些参数用来进行交互比如说交换用户信息(AX),或是简单注册(Sreg)。当然要传入用户输入的openid账号。以及验证成功后接受google信息的url(openid.return_to)。google验证完成后会请求openid.return_to设置的网址,如果成功,会将需要的用户信息使用参数传入。

在这最后一步需要验证返回是否是安全的(中途是否被修改):

1:检查openid.return_to和请求的地址是否匹配;

2:检查discovery信息。

3:检查openid.response_nonce

4:检查签名

------------------------------------------

我再使用规范2.0的复述一遍:

1 The end user initiates authentication by presenting a User-Supplied Identifier to the Relying Party via their User-Agent. 

用户向RP提交openid.

2 After normalizing the User-Supplied Identifier, the Relying Party performs discovery on it and establishes the OP Endpoint URL that the end user uses for authentication. It should be noted that the User-Supplied Identifier may be an OP Identifier, as discussed in Section 7.3.1, which allows selection of a Claimed Identifier at the OP or for the protocol to proceed without a Claimed Identifier if something else useful is being done via an extension.

RP使用openid执行discovery操作。openid中包含了将要请求的OP地址相关信息。OP对discovery返回的信息中包含了OP Endpoint 信息,下一步将要使用这些信息。openid还可能仅仅是OP的标识符而不是用户的openid标识符。

3 (optional) The Relying Party and the OP establish an association -- a shared secret established using Diffie-Hellman Key Exchange [RFC2631]. The OP uses an association to sign subsequent messages and the Relying Party to verify those messages; this removes the need for subsequent direct requests to verify the signature after each authentication request/response.

关联,密钥交换,这一步不是必需的,但是如果使用了这一步,那么最后的验证(7)就不是必需的。

4 The Relying Party redirects the end user's User-Agent to the OP with an OpenID Authentication request.

RP跳转用户到OP的登陆页面。

5 The OP establishes whether the end user is authorized to perform OpenID Authentication and wishes to do so. The manner in which the end user authenticates to their OP and any policies surrounding such authentication is out of scope for this document.

OP完成对用户的验证

6 The OP redirects the end user's User-Agent back to the Relying Party with either an assertion that authentication is approved or a message that authentication failed.

OP跳转用户到RP提供的returnto页面,并提供验证信和其他扩展属性。

7 The Relying Party verifies the information received from the OP including checking the Return URL, verifying the discovered information, checking the nonce, and verifying the signature by using either the shared key established during the association or by sending a direct request to the OP.

RP验证返回的信息是否可靠。(如果使用了association这一步,那么就不需要。因为直接可以通过交换的密钥来验证返回。)

-----------------

要认识到openid和cas的sso是两种风格,openid对于不同公司不同网站,典型的登陆操作是,即使用户已经登陆了provider的网站,但是即使他再打开consumer的网站,consumer网站任然是不知道此用户已经登陆的。用户想要登录consumer网站,还需要进入登陆页面,这个时候给予用户使用provider网站账户登陆的选项。用户选择使用provider网站账户登陆后,由consumer的网站自动与provider网站交互完成登录过程。典型的例子可看 http://translate.uservoice.com/ 中的google登录方式。

但是如果是同一个公司,不同的网站,要通过openid实现类似CAS的方式,也是可行的,每个网站都使用过滤器来检查用户是否已经在主站(provider)登陆,将用户信息拿过来就行了。即discovery这一步是固定的。

 

==========================================

参考:

http://r-j-r-a5438-163-com.iteye.com/blog/611351

http://www.360doc.com/content/08/0507/11/7349_1242557.shtml

http://code.google.com/p/openid4java/w/list

http://code.google.com/p/openid-server/

Continue reading OpenID 入门

javascript是不是函数式编程语言?

javascript是不是函数式编程语言?

答案可以使yes也可以是no. 因为函数是语言也没有统一的定义。

如果从函数支持和λ演算来看它是的。

关于lambda演算一时半会理解不了,粗略理解:

所谓λ演算,是一套用于研究函数定义,函数应用和递归的形式系统。它包括一条变换规则(变量替换)和一条函数定义方式,Lambda演算之通用在于,任何一个可计算函数都能用这种形式来表达和求值。因而,它是等价于图灵机的。尽管如此,Lambda演算强调的是变换规则的运用,而非实现它们的具体机器。可以认为这是一种更接近软件而 非硬件的方式。

如果从immutability, algebraic data types, pattern matching, partial application 等等这些其他方面来看,它又不是的。

我倾向如认为它不是的。

Continue reading javascript是不是函数式编程语言?

Programming Methodology-Lecture01

NOTE:these series of lecture are from SEE http://see.stanford.edu/see/courses.aspx

Instructor (Mehran Sahami):Alrighty. If you could have a seat, please, we need to get

started. There are still a bunch of people coming in the back. Come on down and try to

find a seat somewhere. If you can't find a seat, sit in the aisle[(席位间的)通道] as long as you're not a fire

marshal[消防局长;防火处处长]. Anyone here a fire marshal? Good. We're fine. Come on in and sit in the aisles.

So welcome to CS106A. If you don't think you should be in CS106A, you think you

should be somewhere different, now is probably a good time to go, not that I would

discourage anyone from taking this class. I think we'll have a lovely time in here. But this

class is CS106A or E70A, so if you're, like, "Wait. I thought I was in E70A," you're fine.

They're the same class; it's the same thing. No worries, okay?

There's four handouts[讲义;宣传册子]. They're in the back. If you haven't already gotten the handouts

because you came in and you sat down, don't worry. You can pick them up on the way

out. They're the same handouts. They'll still be there.

So just a quick introduction. That's what the first four handouts actually give you. They

give you a little bit of an introduction to the class, what we're gonna cover, some logistics

for the class and some other stuff. I'm gonna go over all that today so we can sort of get a

good idea for where we're at, okay?

So just a quick show of hands before we get into a bunch of things in the class. This is

kind of an intro-programming course; well, it is. I shouldn't say it's kind of an introprogramming

course. It is an intro-programming course. And it's always good to get an

idea as to how much familiarity you may have beforehand, okay? So just quick show of

hands. How many people can recognize a computer that's on? Good, good. That's the

prerequisite[n. 先决条件] for this class.

So if you're worried about how much previous experience you've had or your friend who,

like, worked their way through high school by programming for Google or whatever,

don't worry about it because all you need to know in here is basically either how to turn a

computer on or to recognize a computer that's on if you were to walk up to it and it were

already to be on, all right?

So but a little bit more seriously, how many people have actually used a computer for

anything? All right. I would expect most of you.

So now, we begin to bump it up a notch[再加把劲, 原意是给压力计加压使它再上一个刻度]. How many people have used it for word

processing? Okay. Most folks.

How many people have done web browsing? Yeah, I won't ask you what you look at, all

right? It's just I don't wanna know.

How many people have actually created a web page? Okay. Fair number.

How many people have done any kind of programming before? Fair number. All right.

How about how many folks have done actually programmed in Java before? All right. A

few folks.

How about another language, C, C++, BASIC, anyone program in BASIC? Yeah, oh, I

love — that was the first language I learned, and it was kind of like the warm and fuzzy,

and I felt good. There was actually people who argued that if you learn BASIC as your

first language, you're brain damaged, then you're just beyond help. But if that's the case,

we're all in the boat together because I'm probably brain damaged as well. The truth is I

probably am, but that's a whole different story.

All right. So one thing you should know kind of up front is actually this course is gonna

be provided eventually somewhere down the line as part of Stanford School of

Engineering Free Course Initiative, which means not only are we recording this course to

broadcast to a bunch of companies and industry who are watching this course, but we're

eventually gonna provide it free to the world.

So how does that impact your life? And on the average day, it doesn't at all. The only

way it does impact your life is just so you should know, the lawyers told me to tell you

that your voice, should you ask a question, may actually be recorded as part of the video.

As a result, your voice may end up going out to thousands of people or millions of people

in the world. If you have an issue with that, come talk to me. If you don't, everything is

just fine, all right?

Don't worry. We're not gonna put your picture up or anything like that. You might wanna

be on the video, like, "Hey, ma, I'm on TV." We decided that we're just gonna not show

anyone actually on the video, but your voice may actually get recorded, okay?

Now, along those lines, you may also notice there are some microphones in the room. So

when you wanna ask a question, please make sure to use the microphone because that's

not only good for people in here to be able to hear your question, it's also good for all the

folks that this is getting broadcast to because not only are we gonna broadcast to the

world, but there's actually some folks who are sort of watching this live now in various

companies in Silicon Valley.

So it's real important that you actually use the microphone, so just remember that. And

every once in a while, I might get on your case and be, like, "Please use the microphone."

I'm not trying to be argumentative[a. 爱争论的,好辩论的] or anything. I just wanna make sure we pick up all the

audio, all right?

So with that said, a little bit of an introduction. That's kind of a way of background. I

didn't give you any sort of introduction. So just to introduce myself, my name's Mehran

Sahami. I'm the professor for the class. Don't call my Professor Sahami, way too formal.

Don't call me Mr. Sahami. That, I think of my dad. And don't call me Mrs. Sahami, or

we're gonna have issues, all right? So just call me Mehran. We'll get along. It's just fine,

all right? It's to keep things a little bit more informal, but that way it's a little bit easier to

discuss stuff as you go along.

There is also a head TA[abbr. 助教(teaching assistant)] for the class, Ben Newman, who's standing up there. Get to know

Ben. He has all the real power in this class. I'm just kind of the monkey that gets up here

and gives the lectures. But Ben really is the one who's got all the power.

Along with the head TA for the class, we have a large section leading staff. So the section

leaders here, could you stand up if you're here? They're kind of all over the place, some

over here, some over there, and some over there. As you can see, there's a pretty large

number of folks. And this isn't even all of them. We sort of have more — we just can't

stuff them all into the room — who are section leaders for the class, and these folks are

all here to make sure that everyone in this class has as good an experience as possible

when we're sort of going through the class.

And the best way to reach all of us is email. So on Handout No. 1, you get my email and

Ben's email. We'll tell you how to sign up for section. That's how you'll meet your section

leader and get your section leader's email. That will all be coming soon. But email really

is kind of a happy form of communication to get a hold of us, okay?

So with that said, I wanna tell you a little bit about this class and kind of what we're

gonna do in here and what you should expect and make sure that you don't feel scared off

by this class, okay? Because it really is meant to sort of be an interesting time.

But one question that comes up is why is this class called Programming Methodology,

right? Why don't we just call this class, like, Programming with Java? And the real reason

for that is that programming methodology is about good software engineering principles.

It's about something that's much larger than just programming.

So some people, like, they'll go and get a book somewhere and they'll think they learned

how to program by just reading the book. And they're, like, "Oh, I know how to program.

Isn't that great?" And it's, like, yeah, you might know the mechanics of the language, but

the mechanics of the language are nothing compared to understanding the software

engineering principles that go into actually developing a software system.

And that's what you're gonna learn about in this class. You're gonna learn a lot of those

principles. But in order to be able to use those principles and apply them, you also need

to have the language to program in, and that language that we're gonna use in this class is

Java.

-----很幽默-----

So the way I like to think about it and the way I tell a lot of people is writing a good

program or learning how to program is like learning to be a good essay[散文] writer. And

you're, like, "Oh, but part of the reason I'm taking this class, Mehran, is that I don't like

writing essays." That's fine. It's okay. Trust me. I didn't like writing essays either.

But the whole point is that when you write an essay, it's not a formulated kind of thing.

You're, like, "Well, what about five-paragraph essays?" Yeah, just block that from your

mind. That was a bad time, right? That was just, like, '70s education at work. It's not a

formulated kind of thing.

There's an art to writing an essay, right? In order to write an essay, you need to know a

language. You need to know English or German or Hindi or whatever language you

wanna use, but then you use that language to write an essay. Just knowing the language

doesn't make you a good essay writer though. Being a good essay writer makes you a

good essay writer.

So that's the same difference in programming and software engineering. Knowing the

language, in order to be a good programmer, like a good essayist, you need to know a

language to write your programs in, whether that be Java or C or C++ or whatever. Here

we're gonna use Java.

But just knowing the language doesn't make you a good software engineer and doesn't

make you understand what the principles are of writing good software, which is what

you're also gonna get in this class in addition to the language, and that's kind of a key

thing to stress.

So if you're sort of worried, if you were kind of looking around and you saw a bunch of

people raising their hands when I asked, "Do you have any previous programming

experience?" and some folks raised their hands, and you got a little worried and you're

like, "Oh, am I gonna be in some sense at a disadvantage because I haven't done any

programming before?" The answer, plain and simple, is no, okay? You're gonna learn

everything you need to learn from the first principle because as a matter of fact, in some

cases you might be in slightly better shape. That's not necessarily to say that that's the

way it will be.

But how many people are Star Wars fans? Just wondering. Anyone? I'm talking about the

old-school, original, like, three movies. Those were so good, and we're not — no George

R. Binks here, all right? So if you remember — and sort of I'm a big Star Wars fan, and

that's just a whole separate point. But in the second movie, Yoda actually said something

which I thought was quite profound, which is he says sometimes you have to unlearn

what you have learned.

And one of the things we actually find is that some people who are self-taught

programmers, some of them are just fine, and some of them are very good. But some of

them have picked up some really bad habits along the way, and it's like being a bad essay

writer. And to go from being a bad essay writer to a good essay writer, in some cases, can

actually be harder than from not being an essay writer to being a good essay writer

because you have to unlearn the bad habits.

So if you're worried about, "Oh, I've had no previous experience," don't worry. You're

okay, blank slate, you're just fine. And now if you're thinking, "Oh, I have some previous

experience. Do I have bad habits?" Don't worry. You'll be fine, too, okay? So it's all

gonna work out.

So the next question that kind of comes up — hopefully that helps put some of your fears

aside. Another one of the things is that we really strive to make everyone successful in

this class, okay? At some other schools, people wanna do computer science or they

wanna do an engineering major or whatever. And you come into the first day of class,

and they say, "Oh, only one third of you are actually gonna make it through this program.

And look to the person to your left and look to the person to your right, and only one of

you will make it through." And you're, like, "Oh, man, that's real nice." It's not like that

here.

As a matter of fact, we want all of you to be extremely successful in this class, which is

why we have a huge course staff, which is why over years and years we've refined how

we do a lot of the teaching in this class to make sure you have the best possible

experience and to make sure that everyone gets through.

And the important thing about that is that you're not competing against anyone except

yourself in this class. It's not like we're gonna have a curve and we're gonna say, "Oh, we

have a certain number of "F"s and a certain number of "D"s and a certain number of

"C"s." All we really have going into it is an expectation that when you get out of here,

there's a set of stuff we want you to know. And if you know that stuff well, you get an

"A." And if everyone knows that stuff well, everyone gets an "A." And I got no problems

with that. Registrar might have a problem with that, but that's okay. You don't need to

worry about that.

So you don't need to think about, oh, is someone else doing better than you or whatever.

And we'll talk about issues of collaboration in just a little bit. All you need to think about

is learning the stuff yourself as well as you possibly can, and you'll be just fine and you'll

get a good grade, okay? So that's really all we ask, which is not a trivial amount, right? It

requires you to really understand the material.

So another question that comes up is are you in the right place, right? This isn't the only

introductory programming class at Stanford. And so I wanna spend a little bit of time

making sure you actually are in the right place by going over some of the different

options.

----------------------

So right now, as you know, you're in CS106A. And CS106A, we're sort of happy over

here, right? As a matter of fact, we're not only happy, we're happy and we're also a little

bit loopy[adj. 多圈的;呆头呆脑的], right? There is no previous programming experience required, as I mentioned,

right? All you need to know is basically if you can get to a computer and know how to

figure out that it's on, you're in good shape.

But what 106A does is it's a real rigorous[严厉的,严酷的,严格的] class. You learn programming in here, and you

learn it in a way that makes you ready to be an engineer if you so choose to be an

engineer. That's not to say you're all gonna be engineers. I would love for all of you to be

computer science majors, but statistics in the past show only about 6 percent of you will

be computer science majors. That's not because we turn anyone off to computer science;

it's because we make programming accessible to so many people that you don't have to be

a computer science or a Double E or even an engineering major to do extremely well in

the class.

And we actually have sort of a significant percentage of the entire campus undergraduate

student body at Stanford actually goes through this class and does well, okay? So don't

worry if you're, like, "Oh, but I'm not really a CS person." I hope we'll turn you into one

by the end of the class. No, it's okay. But you'll be prepared if that's what you wanna do.

So this leads into a whole engineering sequence that can go on to other engineering

majors or the computer science majors.

If you're, like, "Huh, I'm not sure if that's really what I wanna do. As a matter of fact, I'm

so sure that's not what I wanna do, I only wanna get the general educational requirement

out of the way, and I'm positive there is nothing else I wanna do. Really, no matter how

much I like it, like, there is no way you're gonna drag me into anything that would

involve anything remotely techie." They're the class CS105. And this is happy, yeah, this

is kind of, oh, we're happy in our little happy world. And I don't wanna say it's holding

hands and singing, "Kumbaya," because that's not what it is. It's a real class. But it's

meant to be a general educational requirement, right? It doesn't lead into the 106s. It's

meant to be its own self-contained class. You do some Java script in there. You do a little

bit of what computers are about.

Computers in society is a good time. We all hold hands. We're all happy. I don't teach the

class, so I don't actually hold hands. But it's a fun time, okay? It just doesn't lead to

anything else. So think of this as kind of a terminal class, right? So it's sort of like, well,

we'll hook you up to the IV drip.

And you're, like, "Well, 106A, you told me I don't need any previous background. Well,

hey, Mehran, I got lots of background. I got so much background, it hurts. I got AP

background, I got working through school doing software engineering background. I'm

not sure I should be here." That could be the case.

We have another class called CS106X, and as the "X" kind of implies, it's sort of the

extreme games version of the class. No, it stands for accelerated, right, because "A" was

already taken, so we had to come up with something else. So the way CS106X works is it

really is a very fast-paced class. It's meant for people who've got previous AP exam

credit, like, got a 4 or 5 on the AP, or have had significant and prior programming

experience before.

If you're not sure which one of these classes is for you, you can come talk to me

afterwards, or I'd also encourage you, you could go to pick up the syllabus for CS106X

and compare it to CS106A. This class is all in C++. And if you're thinking, "Hey,

Mehran, I'm doing 106A. I wanna learn Java and C++," don't worry. You'll eventually, if

you so choose, take a class called CS106B, which is where this class sort of leads to,

which is C++ and all of the other stuff you would have learned in this accelerated class,

okay? So you still certainly have that course path.

So don't let anyone make you think — I know a lot of times, and especially for Stanford

students, you come in here and you're, like, "Well, every class I took in high school was

like an honors or an AP class, or if it wasn't an honors or an AP class, like, I had to tie

half my brain before my head because I'm just that hardcore." And so everyone just wants

to, like, do the most hardcore thing they can, right? And what I'm here to tell you is that

you shouldn't necessarily think about it that way. You should think about it as where you

feel most comfortable.

Some number of years ago, let's just say greater than 10, maybe 15, I was sitting where

you're sitting right now, literally. I was in CS106A in Terman Auditorium as a freshman,

okay? It was perfectly fine. It worked out. I went to grad school, did the faculty thing. It's

just fine. It will open your doors to CS. You're not at any kind of disadvantage by starting

here. So know where you've been, literally. Like, that seat right there was where I was

most of the time. So just something to keep in mind in terms of the different options that

are actually available to you.

Now, with that said, let's just assume for the rest of this lecture that this is the right place

for you. And if it's not, well, afterwards we can kind of talk about it, or if you really are

convinced now that it's not the right place, you can feel free and try to scramble over 20

of your classmates and actually leave the room, which is probably impossible.

All right. So a few other things you should know, some mechanics. So Handout No. 1,

should you wanna follow along at home, is the class web page. And so all the stuff that

we think of as course materials, including online copies of the handouts, things that you'll

need to do for the assignments, announcements related to the class are all on the class

web page, which is www.stanford.edu/class/cs106a. And because that's just kind of a

whole bunch to remember, we make your life easy and so there is an equivalent form of

the URL, which is just cs106a.stanford.edu, which is the easy thing to remember. You

put that in, it'll take you to the class web page, okay?

And you should check that regularly because all the announcements and handouts —

we'll give out hard copies of all the handouts in class, but should you happen to miss

class for whatever reason, you wanna go print whatever copies of the handouts we're

actually giving out, you can find them all on the web page, okay?

Now, there's this funky thing about units. So you may have noticed that this class is for

three to five units, and that kind of brings up the natural question, "Should I take it for

three or five units?" If you're an undergrad, you take it for five units, end of story. That's

life in the city. Congratulations. Five units.

If you're a graduate student, you can have the option of taking it for three units if you

want, if you're gonna run into some unit cap. It doesn't change the amount of work you

have to do. Welcome to graduate school. Same work, fewer units. So that's just the way

life is. If you have a unit cap and you're a grad student, in three units you can take it if

you want. You can take it for five if you want as well. If you're an undergrad, you take it

for five, all right?

So why is it five units? And you might think, "Hey, this class only meets three times a

week. How come it's five units?" Well, it actually has a fourth meeting every week,

which is your section, and that's something you should sign up for. So how you actually

sign up for your section is sections are at a bunch of different times. You don't sign up for

them in Axess, even though they're all kind of listed in the time schedule. That's not

where you sign up for them. In Axess, you just sign up for the class.

How you sign up for a section is you go to a website, cs198.stanford.edu/section and this

will give us a list of preferences for section times that you wanna sign up for, and there's

some matching process that goes on. It takes all your preferences into consideration with

the whole system, and eventually you get an email by sometime early next week that tells

you what section you're in. And section's 50 minutes, once a week. It's required to go to.

It's actually gonna be part of your class participation grade, which we'll talk about in just

a bit, okay?

---------------------------------------

When do these sign-ups happen? They happen between 5:00 p.m. this Thursday is when

they go up. So if you try to go there now, you can't sign up. Remember 5:00 p.m.

Thursday. So they're up, and then they're down at 5:00 p.m. on Sunday, okay? So make

sure you sign up probably this weekend. If you're planning on being out of town this

weekend, you wanna sign up before you go. Sign up early, but don't sign up often

because you only need one section, okay?

If you're an SCPD student — every once in a while you'll hear me refer to SCPD

students. That stands for Stanford Center for Professional Development. They are the

folks in industry who actually take this class via broadcast. If you're an SCPD student,

you're automatically enrolled for a section, so you don't actually need to do this, and your

section will meet at — so for SCPD — and if you're wondering what an SCPD student is,

you're not one, okay? So SCPD section meets Friday from 1:15 to 2:05. It meets live, if

you wanna go there live, in Skilling Auditorium. But if you're watching it remotely, it

meets on Channel E2. I know it seems weird to say it meets on channel — what does that

mean? It meets on Channel E2, okay? That is grammatically the correct way of saying it.

All right. So there's a little bit more administrative stuff. Now, textbooks, right?

Textbooks, there's nothing quite like the extortion that is textbooks. So there are two

textbooks that are required for this class. Well, one's a course reader and one's a textbook.

The course reader is called, Karel the Robot Learns Java. You can pick it up at the

bookstore. It's relatively cheap. It was actually written by Eric Roberts here. And

surprisingly enough, the textbook for the class was also written by Eric Roberts, The Art

and Science of Java, which is available now in your local bookstore, including the

bookstore on campus, so you can go and pick up a copy of this.

So both these things you actually wanna have because they're required for the class. We'll

go through all of them. We'll go through basically everything except the last chapter of

this book. So you sort of get your money's worth. We're just gonna do it a little bit out of

order, but we'll go through the whole thing, okay?

So email, how many of you have email accounts? All right. I will ask the reverse question

because I think at this point, some people just don't wanna put up their hands. How many

people don't have email accounts? Odd how that is not the complement of the folks who

had their hands up previously. Email's required for this class. Chances are, by being at

Stanford, you've already gotten an email account through your SUNet ID, but if you don't

have an email account, get an email account and that's how you'll stay in contact with us.

That's how we'll stay in contact with you, except we'll also meet with you live in person,

but email is kind of the general method for communication.

As a matter of fact, for your first assignment, and part of your first assignment is to send

us an email, just because we love you and we don't get enough email as it is. So you need

to have an email account to be able to do that. So if you have not already, you can kind of

get ahead of the game and go set up your email account. Now, don't worry. You'll get the

first assignment next time. So you still get, like, two days of breathing space before your

assignment goes out, okay?

There is also gonna be lots of handouts in the class. They'll be either given out in class,

well, they will be given out in class, but we'll also post them online in case you miss

them.

And how much real work do you do in this class? That's always kind of an interesting

question. So let's talk a little bit about assignments and a little bit of other logistical

things. So assignments, we'll just call them the dreaded assigns. There are seven

programming assignments. And if you look at the syllabus Handout No. 2, it tells you

when all of them are due all the way through by day, so you can plan out your whole

quarter. It's just that much fun, okay?

And these seven programming assignments are weighted slightly more toward the last

assignments because the assignments will tend to get more complicated. That doesn't

necessarily mean there'll be more programming; it just means conceptually, they'll

become more complicated, so we tend to weigh them more toward the end of the class.

So the later assignments count more than the early assignments.

How you're gonna be actually doing your programming is using a little tool called

Eclipse. And Eclipse thankfully is free, so you don't have to pay for it. As a matter of

fact, you can download it from the CS106A website. And if you're wondering how you

do that, don't worry. We'll give you a handout next class that explains to you the whole

grueling process of downloading and installing Eclipse.

And you can use this either on the Mac or the PC. So if you have your own computer,

you can certainly work on this yourself. You just download it to your own machine. We'll

explain the whole process in a handout. If you don't have your own computer, the public

computer clusters on campus will have Eclipse installed on them, and so you can use

Eclipse there. So you're sort of happy to go either way, okay?

Now, the important thing, remember I mentioned that whole notion of software

engineering in the class, and that's something we take really seriously, so seriously as a

matter of fact that when you turn in your assignments, one thing we could do is we could

take your assignments and we could just kind of look at it and go, "Yeah, interesting, 'B.'

Here you go. Thanks for playing." And you don't learn a whole lot from them. So in order

to actually learn a lot from your assignments, we could take your assignment and write a

whole bunch of comments on it and hand it back to you. Even that's kind of not enough.

What really is a little bit more that makes it more fun is every week after you turn in your

assignment and your section leader looks it over and grades it, you'll actually meet with

your section leader for about 10 to 15 minutes every week or every time an assignment is

due to actually go over in something referred to as interactive grading.

And it's a chance to sit there and talk with an actual human being about what's good in

your assignment, what are some of the things you need to work on, what are some of the

software engineering principles you need to develop. And that way, you can really sort of

get more detailed information and be able to ask questions to develop yourself as a

programmer as well as get help if you need help, okay?

And that's in addition to going to section, going to class and all that stuff. So it's another

15 minutes a week. You'll actually schedule that time with your section leader on a

regular basis when you're gonna have interactive grading or just affectionately referred to

as IGs because at Stanford, everything's just short and we just can't say, like, psychology;

we have to say psyche. So it's IG. Just remember that, all right?

And then how are these things graded? So the other thing we could do is I told you we

could just write "B" and hand it back to you. But we found that that's not really great

because people get all wrapped around the axle about the grade.

And so for a while, we did numbers and we're, like, huh, why don't we give a number

between 1 and 20? And so what happens there? People get all wrapped around the axle

about numbers.

So then we thought, huh, what was a happier time when we were in school? I remember

when we were in school, and we used to get back assignments and they had, like, smiley

faces on them. Well, we can't do that because then it doesn't appear to be a rigorous

Stanford class.

So instead of the smiley face, we come up with something else, which looks surprisingly

like this. It's kind of involved to actually draw, so I need to erase the board to do it.

Check. That's kind of the beginning of our grading scale, okay?

And the way our grading scale works is we start off with a check in the middle, which

says this is a pretty solid program. It meets all the requirements for the program. Maybe

it's got a little problem here or there, but it's a check. Then we have sort of two grades on

the two sides of it: check plus and check minus.

Check plus is, like, solid. You did a great job; you got everything right; things look good,

a nice style in your program, nice software engineering, and the program works

flawlessly. Good job. This is like total "A." Check is kind of like, yeah, you're sort of

there. It's kind of like "A" minus, "B" plus, maybe on some occasions "B." But it's kind

of like it's pretty good work; you're in pretty good shape here. And so a lot of grades in

this class ends up being check pluses and checks, and if that's the case, you're perfectly

fine grade-wise.

Check minus, as you can imagine, this is kind of thinking about "B," "B" minus. It's,

yeah, there are some slightly more significant problems with your program.

But that's not where it ends, right, because we wanna be able to even shoot for in some

sense bigger gustoes. There was a plus and a minus. So plus is like, oh, nice job, kind of a

hearty pat on the back. If you get pluses all the way through on all your assignments,

you're in a pretty good candidate to get an "A" plus.

And minus, like, just take good over here and replace it with bad, it's kind of like, oh, bad

times, right, or maybe, you know — but even there was, like, more significant problems

with this program or just the style on the program is just really bad. But even there, we

don't stop. And you're, like, "Come on, man. Like, I thought the whole reason was to

simplify this." Don't worry.

And it gets even better because we have a plus-plus and a minus-minus. And at this point,

we've run out of board space, so we can't go any further. But a plus-plus is just

outrageous, right? It's the kind of thing — so this is the kind of thing your section leader

can't actually give you without coming and talking to Ben and I first because they get a

program that just goes — it has to actually exceed the requirements for the assignment.

It's by a long shot. Like, you'll get all your assignment requirements, and what we

encourage you to do is you can do a grade assignment and get everything right and have

good style, and you'll be in this category. And for the later assignments, you may be in

this category if it's flawless.

But we'll actually — if you want to go for the plus-plus, go beyond the assignment

requirements. And the way we think about the plus-plus, it's a program that makes you

weep in a good way. It's just like your section leader sees it, and they're just, like, this is

so good, I've gotta show someone else. And they come and show Ben and I, and we're,

like, sitting there looking at this on a monitor, and, like, tears are just welling in our eyes,

and there was, like, soft violin music playing in the background and we get out the wine

and cheese.

So this is just, like, this is the kind of thing that gets you, like, remembered and the, oh, if

you want a letter of recommendation, just ask because you got a plus-plus. Like, oh, it's

awesome, right?

There are very few of these in a quarter. So just by sort of way of comparison, in a class

this size, probably throughout the span of the whole quarter, I'd expect there to be maybe

ten plus-pluses, I mean, ten assignment plus-pluses, not ten students who get plus-pluses

across the board. So it's really something to strive for, but if you strive for it, like, we're

giving you the credit for it. And this gets remembered and you get, like, extra credit and

everything.

So we're left with this, right? This assignment also makes you weep, but not in the good

way, right? It makes you kind of weep in the sense, like, I look at them and I'm, like, oh,

man, like, what did I teach? Like, where did I go wrong, right? I, like, blame myself. I

blame you a little bit, but I blame myself. And this is really just, like, the program is just,

like, it's a shell. Like, there really wasn't much effort that was put into it. Yeah, you

slapped something together or it doesn't really work, that whole deal.

And then if you don't turn anything in, we do kind of reserve the zero to distinguish from

the "made really bad effort" versus "didn't make any effort at all." And we just won't talk

about these, right? Let's just hope we can avoid those if possible. But that's kind of how

the grading scale works now.

Now, at the same time, I trust all of you to be responsible people. And every once in a

while, something bad happens to a good person, and there's an assignment that you'd like

to be able to turn in, but for whatever reason, you can't turn in on time. And I just wanna

treat you like adults. I don't want you to have to worry about coming in and asking for an

extension or, like, "Oh, I had this really hard thing in another class, and I couldn't do it at

the same time." Up front, everyone gets two free extensions, okay? So in terms of late

days — we refer to these as late days, strangely enough — you get two free ones.

What a late day is, is a class day. They're not 24-hour days, but class days. So if

something is due on a Wednesday, you turned in on a Friday, that's a late day. That's one.

You turn it in on the following Monday, that's two late days. You can split up your two

late days among two different assignments. You can use them both on one assignment.

But we encourage you to not use them at all because if you use your late days, you fall

behind in the class. The way you should think about these things are these are preapproved

extensions. They're not the kind of thing where you just think, "Oh, yeah, I'm

not gonna do the assignment because I wanna go and play Frisbee golf," right? Think of

it, well, you wouldn't come ask me for an extension — you might, but you probably

wouldn't ask me for an extension if you're, like, "Hey, hey, Mehran, can I turn in the

assignment, like, on Wednesday because I'm playing Frisbee golf this afternoon," right?

If you would feel embarrassed asking that question, you probably don't wanna use one of

your free late days.

But something happens like, oh, it's a tough week, you've got midterms in other classes

and you got this assignment due or whatever, that's a good time to use it. So we just trust

you. And most people, we actually encourage you not to use them because it just makes

you fall behind in the class.

Because we trust you and we give you these two up front, getting extensions beyond your

two free class days is virtually impossible because we sort of up front said, hey, it's your

responsibility. We're giving you two freebies. We're not gonna give you a third extension.

Imagine if you had to come ask us for three extensions. By the third one, we'd be, like,

okay, what's going on, which is why we don't necessarily give extensions beyond these

two.

The only time we might give an extension beyond the two free ones is for something

major, like death in the family or, like, serious medical problems that might require

surgery or something like that. Every once in a while, unfortunately, that happens. I hope

it doesn't happen in this class. But those are the only kinds of things that we give

extensions to beyond the two free late days.

Importantly, don't ask your section leader for extensions. They cannot grant you

extensions. Only Ben, who has all the power in this class, can give extensions, which is

why you should get to know Ben and then hopefully you won't need to talk to him about

extensions, okay?

So other thing to keep in mind is that three days late is the max. Beyond three days late,

which is basically one class week, if you think about late days being class days, we will

not accept an assignment. And the reason for that is at a certain point, you're so late,

you're better off just doing the next assignment, letting the old one go. So to sort of

enforce that policy, after three days, we don't accept that assignment late anymore. It's

just gonna be a zero if it's not turned in, okay? And that just kind of forces you to keep

up.

Couple other minor things, well, I shouldn't say they're minor things. They're actually

kind of important. Exams: There's two exams in this class. There's a midterm and a final.

Both of them are, well, I shouldn't say both. The midterm is out of class. It's from 7:00 to

8:30 p.m. on Tuesday, October 30. And it's on the syllabus. It's there. It's on the syllabus;

it's on Handout No. 1. We repeat it multiple times. The date will eventually be announced

when we get close to the midterm.

But if you have a conflict with this time, you need to send me email, okay? You can send

me email a little closer to the midterm because I'll announce it again for people who have

conflicts. But since it's an out-of-class exam, you need to send me email if you have a

conflict. I'll get all the constraints from people who have conflicts and try to schedule an

alternate time if there's enough people with conflicts. But 7:00 to 8:30 is when you need

to know about the midterm.

And to make up for the fact that we have an out-of-class midterm, I actually give you sort

of a belated free day, which is the Friday of the week of the midterm, we don't have class

to make up for the fact that we made you come to the midterm outside of class. But the

midterm's an hour and a half, and we can't compress time. If we could, we'd have

different issues. We can't compress time and fit it into a 50 minute class, which is why it's

out of class, but you get a free day for it, all right?

Last but not least, few things about grading. Grading, one of those things as you might be

able to tell from this little board over here or something, if I didn't have to do it, I

wouldn't do it because honestly, as corny as this sounds, I just believe in the love of

learning. Like, I think if you're passionate about something, you just go do it and you

learn it. But I'm naïve, and so that's not the way learning always works. So sometimes we

actually need grading to make sure that learning takes place.

And so this is how your grade breaks down: Forty-five percent of your grade is on the

programming assignments, okay? Fifteen percent is the midterm, which we'll just call the

mid because we like to abbreviate everything. Thirty percent is the final. It's a three-hour

final exam in the regular final time slot for this class.

If you think or are under the delusion that you should take two classes at the same time,

that's a bad idea because their final exams are at the same time, okay? So you should not

take two classes as the same time because our final exam is scheduled for — I believe it's

December 13, which is a Thursday, 12:15 to 3:15. That's the regular final exam slot for

this class. And any other class at the same time will conflict with that slot. Thirty percent

of your grade is the final.

And that, if you add it all up, it's not just that I'm bad with math. It's because 10 percent

of your grade is actually participation. And this is things like did you go to your

interactive grading sessions? Did you regularly attend section? Did you participate in

section? Did you participate in class, right?

And so, in order to help you participate in class, there's a little incentive to participate in

class, which is sugar in the afternoon. So someone raise their hand. All right. Yeah,

sometimes I'm not a good shot. And this will tell you, if you're sitting in the back of the

room, I can't throw a Kit Kat back there because they're a little too light. Oh, yeah, sorry.

If you sit in the back of the room, the roof prevents me from actually being able to hit

you. So if you want the food, come up. But if you ask questions in class, hey, that's a

good time. It's just a little way to be able to reward you for actually participating in class

or to keep your blood sugar up if you need it, all right?

So that's participation. It's 10 percent of your grade, and as a matter of fact, at the end of

the quarter, I ask every one of your section leaders to actually tell me how much you

participated in class, and some of them just say, "Oh, this person was wonderful. They

came every time. They participated. It's just a great thing." And that helps your grade out

a lot, okay?

Now, the final thing, and as you can kind of tell, most of the time, I'm not the most

serious person in the world. I just like to have fun with things, and I think it's important

for you to have fun with things. There is just one place where I get real serious, and it's

one place where Stanford gets real serious. Anyone wanna guess what that is? Plagiarism

and the honor code. As a matter of fact, that's what we call a social. So we had someone

down here who got it and then a whole bunch of people who I don't know, so we just

spray. All right.

So the honor code, in terms of the honor code, the question comes up is what is the honor

code all about, and how does that affect working in groups and computer science, etc.?

Does that mean we shouldn't talk to each other? No. The answer to all those is no, okay?

If you look at Handout No. 4, which is all about the honor code, we encourage you to talk

to each other. We encourage you to talk about concepts in the class, talk about different

strategies to problems, to think about the ways that you could potentially approach some

problem or the way different control constructs when we eventually get to them work in

the class. And discussion is perfectly fine, especially among the course staff, but also

amongst yourselves. That's a great thing.

So where do we draw the line? And we try to make a bright line for where you've crossed

the line for the honor code, which is don't share code, plain and simple, in any respect,

okay? Don't give a file to someone else that's got your code in it. Don't get code from

someone else. Don't look at someone else's printout. Don't give them a printout.

If you have two people who are sitting looking at the same screen together, that code

can't belong to both of you. It belongs to one of you. I don't know which one, but it

becomes an honor code violation. So you shouldn't both — two people shouldn't be

staring at the monitor together. If it ever gets to the point where you're looking at

someone else's code, that's where you're gonna reach an issue, okay? Discuss as much as

you want. That's great. Write your own code. That's all we care about.

And you're, like, "Well, what is code, Mehran? What does that word mean?" Code is

geek speak for your program, so when you program, the program that you write is what

we affectionately refer to as code. And the idea of programming is what we refer to as

coding, strangely enough. Computer scientists need to make everything more

complicated than it really is so we can get people under the illusion that they should pay

us lots of money to do what we do. I mean, you're, like, "Oh, I just write programs." And

they're, like, "Oh, yeah, I should pay you half." And you're, like, "No, no, no. I write

code." And they're, like, "Oh, yeah." Suddenly, it's much more impressive. So don't share

code.

The other thing is if you talk to other people, like if you have a study group to talk about

solution approaches or you go, let's say, talk to the TA or your section leader to how you

should approach a problem, and they give you a lot of hints as to how to do it, cite

collaboration. So cite and collaboration gets you out of trouble. Any collaboration that

you cite you cannot be held responsible for under the honor code.

You can actually copy someone else's program and say, "I copied this program from

Mary Smith." And I'll look at that and say, "They cited it," and it will warm the cockles

of my heart. And Mary Smith will get full credit, and you'll get a zero because you copied

your program from Mary Smith, but it's not an honor code violation because you cited the

work, okay? So the bottom line is keep yourself safe and cite your collaborations. And I

guarantee you most of the time, you'll be just fine.

Now, you might wonder why do I make such a big deal about this. And the reason I make

a big deal about this is for a while, thankfully it's not true anymore, but for a while, the

computer science department actually had more honor code violations than the rest of the

university combined. Take everything else in the university, put them all together, they

were like over here. And we're, like, we're computer science, which is not a fun

distinction to have, let me tell you.

And you might wonder why is that? Is that because computer science people are just

mischievous and dishonest? No. It's because it's easier to catch honor code violations in

computer science. We have a whole bunch of tools that allow us — then we take all your

programs and we run them through this tool, and it compares them not only to everyone

else in here, but, like, to everyone from the last, like, X years where X is the large

number of people who've ever gone through the classes, right? And it's an extremely

good tool from finding where honor code violations happen, from where they don't. And

it doesn't find spurious violations.

To be honest, I've never lost an honor code case. When I find an honor code case, it is

blatant. And you take it to judicial affairs, and they look at it, and they're, like, yeah, this

is blatant. And I take it to the student, and every student I've ever confronted them with

never said, "No, no, no. I didn't cheat." They said, "You caught me," okay? So it's blatant.

It's not like, oh, there's some little line in it, "Oh, am I gonna need to worry about an

honor code violation?" Remember those rules, you have nothing to worry about in this

class. It's people who go and, like, fish out printouts from the recycle bins and copy other

people's code that are the people we catch, right? It's blatant cheating that we catch. But

we catch it. We catch it all the time. So I hope, I pray it doesn't happen in this class.

But the reason I make a big deal about it is historically if I look at the evidence, it

happens and we catch it. And when we catch it, we're required by the university to

prosecute. And I feel bad because usually it's someone who just made a bad call, like,

they were up way too late the night before working on something else, and they're not

thinking straight. And rather than just taking a late day or turning in their assignment late

and getting a slight penalty on it beyond their two free late days, they decide to cheat.

And that's just always the wrong call, okay? So you just don't wanna put yourself in that

situation. So I get real serious about it for a moment, and hopefully it won't be an issue

and we can just kind of go on, okay?

So with that said, that's a whole bunch of logistical stuff. Any questions about the

logistics of this class or anything I just talked about? Uh huh?

Student:You had briefly mentioned the late penalty.

Instructor (Mehran Sahami):Oh, the late penalty, good point. So remember our little

bucket scale. If you go beyond your two free late days, every day you turn in an

assignment late beyond those, it drops down one bucket. So let's say you already used

your two free late days on Assignment No. 1. And on Assignment No. 2, you turned in

something one day late and you would have gotten a check normally, it becomes a check

minus. So that's how it is. It's one bucket per late day beyond your two free ones. Uh

huh?

Student:Are the sections first come, first served?

Instructor (Mehran Sahami):Yeah, the sign-ups, well, they take into consideration your

preference, but part of your preference is to do the match is first come, first served. So

you wanna sign up early. Oh, thanks for your honesty. As a matter of fact, I dig honesty,

all right? Any other questions? It's just honesty's cool. Uh huh?

Student:How much time should we plan on studying [inaudible]?

Instructor (Mehran Sahami):Oh, good question. How much time should you plan? And

this is something that I say for classes in general at Stanford, which is not always true,

which is take the number of units that a class is, multiply it by three. That's how many

hours you'll spend per week in that class, total, on average. So what that means is in

106A, a 5 unit class, you multiply by 3, you get 15. Five of those hours are roughly spent

between class, section, interactive grading, other stuff. That means on average about ten

hours a week will be spent on your assignments in this class. Again, that's an average.

Sometimes when I go to computer science conferences, I sit there and joke around with

plans. And we're, like, "Oh, how long did your assignments take?" And I say, "Oh, on

average, ten hours." And what I really mean when I say on average 10 hours is they take

between 3 and 45, okay? It's a large variance event, right? Ten is the average. Some

people take a really long time. Some people get through it really quickly, but that's about

the average you can plan for. Uh huh? Another question?

Student:[Inaudible] late days [inaudible] class days?

Instructor (Mehran Sahami):Yeah, all late days are class days, so the free ones — the

halfway mark's really my reach. That's about it. All right.

So I do wanna give you your very beginning of an introduction to programming before

we sort of break for the day. How are we doing on time? And so in order to kind of see

this, there's a few things that we wanna keep in mind.

Actually, let me show you a little picture, okay? Sometimes when we talk about writing

programs, we talk about debugging programs, right? How many people ever heard the

term debugging or bugs in programs? A bug in a program is an error in a program, so

sometimes when you hear us say, "Oh, come see," like, your section leader to help debug

or see the helpers in LaIR.

That's another thing. In the Tresidder computer cluster is the LaIR. It's a computer cluster

that we have helpers there to help you get through this class. What is it? Sunday through

Thursday, every week, from around 2:00 in the afternoon 'til midnight every day, okay, to

help you get through the class. So that's a good place if, you know, you can work in your

dorm room certainly, but if you also want help, go to the Tresidder computer cluster, and

there will be helpers there. There's a little queue you sign up for to get help, and that's a

great place, and it's all explained in Handout No. 1, but that's just something to keep in

mind.

Where the term debugging comes from, it turns out this is an apocryphal story, but I'll tell

you anyway. Back in the days of yore, in 1945 actually, there was a computer called the

Mark II at Harvard. And there was a woman named Grace Murray Hopper. Anyone ever

heard of Grace Murray Hopper? A few folks. She was actually the first woman who was

an admiral in the navy. And she was also one of the very early pioneers of computer

programming. She did a lot of computer programming when she was actually a captain,

and she was stationed at Harvard as part of some sort of navy thing. I don't know why,

but that's what happened.

And they had this huge computer there, and they were noticing the computer was on the

fritz, and they couldn't understand what was wrong. And this is one of these big old

machines in the days of yore that has vacuum tubes and stuff inside it. So they walked

inside the computer, right, because then you could actually open it up and walk inside

your computer.

And they saw this, and I don't know if you can see that, but that's a moth. It was a moth

that had sort of given its life to be immortalized because it had actually shorted out across

two relays in the computer and was causing these sort of errors to happen on the fritz.

And so they took the bug out, and once they actually plucked this little charred bug out of

there, the computer started working fine again, and she taped it in her log book.

And this log book's actually preserved in the Smithsonian Institution now, which is where

all this comes from. Here's all the standard disclaimer information: "Image used under

fair use for education purposes. Use of this image is exempt from Creative Commons and

other licenses," just so you know. Now the lawyers are happy. But this is where we think

of sort of the modern term debugging actually came from.

Now, it turns out the actual story is that the term debugging came from the 1800s, in the

late 1800s from mechanical devices. People actually referred to debugging as fixing

mechanical devices. But this is kind of the apocryphal story for how it comes up in

computer science.

Now, with that said, what is the platform in which you're gonna sort of do your first

debugging or your first work on? We talked about Java, but in fact in this class, we're not

gonna start with Java. We're gonna start with something even sort of simpler than Java

because as I mentioned, sometimes what happens in computer science is people learn all

the features of some language. And they think just knowing the language makes them a

good software engineer. And they get so worried about all the features of the language

that they don't kind of think about the big picture.

And so there was a guy named Rich Pattis, who oddly enough was actually a grad student

at the time at Stanford, and he said, "You know what? If we're gonna teach computer

science, when we first start out, why don't we have people not worry about all of the

different commands of the language and all the different things they can do? Let's start

with something really simple so you can learn all the commands real quick. And then

you've mastered everything there is to master about that language, and you can focus on

the software engineering concepts." And it turns out to be a brilliant idea, which has

actually been adopted by a bunch of people.

And so Rich, who's a wonderfully friendly guy — sometime if we get him to come to

Stanford, I'll introduce you; he's just very nice — came up with this thing called Karel the

Robot. And the term, "Karel" actually comes from Karel Capek. Anyone know who he

is? Oh, free candy. Uh huh?

Student:He coined the term, "robot."

Instructor (Mehran Sahami):He coined the term, "robot." He was a Czech playwright

who actually wrote a play called, "RUR," which was about robots. And the word robot

actually comes from a Czech word, the Czech word for work. And so the robot is named

after Karel. And some people say Karl, which is kind of actually closer to I believe if — I

don't know if there's anyone who speaks Czech in the room — but closer to the actual

pronunciation. But we say Karel these days because it's kind of like gender neutral, okay?

And so Karel the Robot is basically this robot that lives in a really simple world. And so

I'll show you all that you can meet Karel the Robot. He's friendly; he's fun. I'll show you

Karel the Robot. So we gotta get Karel running. He's at the factory. He's getting souped

up. We're energizing Karel. You gotta add some color to it. Otherwise — all right. We're

begging for him. Come on, Karel. There he is. Oh, yeah. That's Karel the Robot. He looks

like one of the old Macintoshes if you remember the original Macintoshes that look like a

lunch pail, except he's got legs. One sticks out his back. That's just the way it is.

And the way Karel works is he lives in a grid. To you, it may not be exciting, but to

Karel, it's way exciting. So Karel lives in this little grid, and the way the grid works is

there are streets and avenues in the grid. Streets run horizontally, so this is First Street,

Second Street, Third Street. And then over here, we have avenues, First Avenue, Second

Avenue, Third Avenue, Fourth Avenue, Fifth Avenue. It's kind of like Karel lives in

Manhattan if you wanna think about it that way, okay? So Karel always is on one of these

corners. So right now, he's at the corner of First Street and First Avenue, or we just refer

to it as 1 1 if you wanna think about sort of Cartesian coordinates, right? But just think of

them as streets and avenues. That's where Karel lives.

And Karel can move around in this world. There's a bunch of things that Karel can do. He

can take steps forward. He can turn around to face different directions, and he can sense

certain things about his world. So there's some things that exist in Karel's world, okay?

Things like walls that Karel cannot move through, right, so his world has walls all around

it that he can't go through, so he can't fall off the end of the world. And there's other walls

like this one if Karel were over here, he can't step through that wall.

There's also something referred to as beepers in Karel's world. And what a beeper is, is

it's like a big diamond, okay? But what a beeper really is, is basically just some marker

that he puts in the world. You can think of a beeper like a piece of candy. And Karel just

goes around, like, putting pieces of candy in the world. As a matter of fact, not only does

he put pieces of candy in the world, he carries around a whole bag of candy.

So he has a beeper bag with him, and sometimes that bag has a whole bunch of beepers in

it; sometimes it only has one beeper; sometimes, it's sad Karel, and he has no beepers.

But he's still got the bag. There just don't happen to be any beepers in it. So he can

potentially, if he come across a beeper in his world, he can pick it up and put it in his bag,

or he can take, if he's got beepers in his bag, he can take them out of his bag and put them

places in the world. And corners in the world can have either zero — if they have no

beepers, they just appear like a little dot — or one or more beepers on them that Karel

can potentially pick up, okay?

So any questions about beepers or Karel having a little bag of beepers? And that's it.

That's Karel. That's his world. His world, we can make it larger if we want. We can put in

walls in different places. We can put beepers in different places. We can have Karel be in

a different place.

But starting next time, what you're gonna realize is with this extremely simple world,

there's actually some complicated things you can do. And after about a week — so this

first week, we're gonna focus on Karel — you'll notice that Karel is actually a very nice,

gentle introduction into Java. And a lot of the concepts that we learn, sort of software

engineering concepts using Karel, will translate over to the Java world, okay? So any

questions about Karel or any of the other logistics that you've actually heard about in the

class?

Alrighty then. Welcome to 106A. I'll see you on Wednesday.

[End of Audio]

Duration: 50 minutes

Continue reading Programming Methodology-Lecture01

it-e-75 Distributed Database System

A decentralized system-known in the database world as a distributed system can be highly responsive to differences in data gathering, storage, and access. It can adjust to differences in user psychology-between, say, a multinational corporation's employees in individualistic Greece and in disciplined Japan. It can also adapt to the management styles of strong managers in different locations.

An organization that prefers homogeneity and top-down control will naturally choose a centralized database system. It may also prefer the hierarchical data model.

By contrast, an organization that prefers local improvisation and free wheeling may well choose distributed database system. It may also choose the network data model,which is well suited to searching and updating data in a distributed system.

Communication between distributed commutinies of computer is required for many reasons.At a national level, for example, computers located in different parts of the country use public communication services to exchange electronic messages(mail) and to transfer files of information from one computer to another: Similarly, at a local level within, say, a single building or establishment, distributed communities of computer-based workstations use local communication networks to access expensive shared resources-for example, printers, copiers, disks and tapes, etc.-that are also managed by computers.Clearly, as the range of computer-based products and associated public and local com-medication networks procreate, computer-to-computer communication will expand rapidly and ultimately dominate the field of distributed system.

Historically, computers were so expensive that most large organizations did all their data processing on a single, centralized machine. While very efficient for such tasks as payroll and generating accounting reports, the centralized approach was very useful to those who needed a quick response to a unique, local problem.

With today's inexpensive micros and minis, there is no reason why a branch office, the engineer-in department, or any other group needing computer support cannot have its own computer. By linking these remote machines to a centralized computer via communication lines, local activity can be monitored and coordinated. This approach is called distributed data processing.

 

1, arbitrary  
a. 任意的,恣意的,专制的

2, homogeneity  [,hɔməudʒe'ni:əti, ,həu-]
n. 同质;同种;同次性(等于homogeneousness)

3, improvisation  [,imprəvai'zeiʃən]
n. 即兴创作;即席演奏

4, procreate  ['prəukrieit]
vi. 生育(子女);产生
vt. 生殖

5, payroll  ['peirəul]
n. 工资单

Continue reading it-e-75 Distributed Database System

Pagination


Total views.

© 2013 - 2019. All rights reserved.

Powered by Hydejack v6.6.1