A packet filter is often used to protect an organization's computers and networks from
unwanted Internet traffic. The filter is placed in the router that connects the organization to the
rest of the Internet.
A packet filter configured to protect an organization against traffic from the rest of the
Internet is called an Internet firewall; the term is derived from the fireproof physical boundary
placed between two structures to prevent fire from moving between them. Like a conventional
firewall, an Internet firewall is designed to keep problems in the Internet from spreading to an
organization's computers.
Firewalls are the most important security tool used to handle network connections between
two organizations that do not trust each other. By placing a firewall on each external network
connection, an organization can define a secure perimeter that prevents outsiders from interfering
with the organization's computers. In particular, by limiting access to a small set of computers, a
firewall can prevent outsiders from probing all computers in an organization or flooding the
organization's network with unwanted traffic.
A firewall can lower the cost of providing security. Without a firewall to prevent access,
outsiders can send packets to arbitrary computers in an organization. Consequently, to provide
security, an organization must make all of its computer secure. With a firewall, however, a
manager can restrict incoming packets to a small set of computers. In the extreme case, the set
can contain a single computer. Although computers in the set must be secure, other computers in
the organization do not need to be. Thus, an organization can save money because it is less
expensive to install a firewall than to make all computer systems secure.
1, perimeter [pə'rimitə]
n. 周长;周界;[眼科] 视野计
2, interfering [,intə'fiəriŋ]
adj. 干涉的;多管闲事的
v. 妨碍(interfer的ing形式)
3, arbitrary ['ɑ:bitrəri]
adj. [数] 任意的;武断的;专制的
Continue reading it-e-59 Internet Firewall Concept
Any one responsible for the security of a trusted network will be concerned when connecting
it to a distrusted network. In the case of connections to the Internet this concern may be based
largely on anecdotal evidence gleaned from widespread media coverage of security breaches. A
closer inspection of the facts and statistics behind some of the media coverage will, however, only
serve to deepen that concern. For example, the US National Computer Security Agency (NCSA)
asserts that most attacks to computer systems go undetected and unreported, citing attacks made
against 9,000 Department of Defence computers by the US Defence Information Systems Agency
(DISA). These attacks had an 88 percent success rate and went undetected by more than 95 percent
of the target organizations. Only 5 percent of the 5 percent that detected an attack, a mere 22 sites,
reacted to it.
It is noteworthy that these sites belong to the US Department of Defence (DoD) and were
not commercial sites, which may give security less priority than the DoD.
NCSA also quote the FBI as reporting that in more than 80 percent of FBI investigated
computer crimes, unauthorized access was gained through the Internet.
Putting a value on the damage done by such attacks is difficult but a 1995 survey conducted
by Ernst & Young, a New York based accounting firm, reported that one third of businesses
connected to the Internet reported up to 100 000 USD in financial loss over a two year period due
to malicious acts by computer users outside the firm. A little more than two percent of connected
companies reported losses of more than 1M USD.
There is amazement in the computer security industry at the level of ignorance to the
problem. To understand the risks often involves a steep learning curve and they have few real
parallels in everyday life, for example nobody worries that a burglar will be able to trick their
front door into opening by posting cryptic messages through the letterbox. When there is a good
"hacker" story to report the press goes into frenzy, but the general level of awareness is still
surprisingly low. For example, the Sunday Times which prides itself on providing accurate
coverage of IT issues published an article recently that claimed that most businesses worry too
much about Internet security. The article goes on to explain that encryption is all that is needed to
be completely secure. The article focuses purely on privacy of communication and completely
misses the possibility of an attack originating from the Internet.
1, anecdotal [,ænik'dəutəl]
adj. 轶事的;轶事一样的;多轶事的
2, glean [ɡli:n]
vt. 收集(资料);拾(落穗)
vi. 收集;拾落穗
3, breach [bri:tʃ]
n. 违背,违反;缺口
vt. 违反,破坏;打破
4, citing
vbl. 引用,引证,举例
5, burglar ['bə:ɡlə]
n. 夜贼,窃贼
6, cryptic ['kriptik]
a. 秘密的(使用密码的,意义深远的)
Continue reading it-e-58 Network Security Report
首先声明:一家之言,权当笑尔。
我做web有些时候了,刚开始做.net时遇到一个前辈写的框架,一堆xml配置,配置用什么.net控件,样式是什么。一个页面用一个xml配置就出来了。哎呀我的个天,那个xml真是看着头疼啊,做梦都是xml。一个不小心配错了就报错,但是找错又不直观。动态生成的控件,无法使用vs调试。每添加个新功能还是得改代码。我当时很纳闷,为什么要这样写呢?抛弃了.net提供的优点不说,把个逻辑混成一团分不开,我好郁闷,二次开发就是这么痛!现在想一想,大概是她想保持界面风格一致吧,受够排版的苦了?这也造成了我对xml极度的反感。
后来做java,刚开始很喜欢框架,见个新框架就很激动,抱着这个action看又抱着那个action看。但是实际用的过程中比起.net组件化的架构确实要差一些,后来自己写了个框架sopo。意思是简单好用。
JSF
我最先用的是jsf,那时国内都是struts,而jsf正是刚提出来的时候,大概公司的技术领袖被sun的王婆卖瓜吹得晕乎了,决定使用jsf。我就开始jsf了,要自己开发jsf组件,开发一个还好,开发那么多我就烦了,这是什么个东西??我要开发个组件要配置一堆xml,经常配错就报莫名其妙的错误,你根本想不到是配置造成的。哎我嘞个去,又是这个xml。jsf组件开发也是MVC模型,写个组件起码要3个类(我写个tree组件有十几个类),它还有个绘制器的概念,意思是说哎呀你写个模型可以使用不同的绘制器来展示就可以了,像手机的用手机绘制器,浏览器用html绘制器。刚开始我还蛮认同的,后来一到写绘制器就心里就窝火:你XXX的能在html上站稳脚跟就不错了,还手机的,看我以后还用不用你@#¥@#¥。还有个特点就是慢,如今jsf都这么多年了,我打开一个jsf的网站,感觉就是-----慢。也难怪,本来一步就可以做好的事情,非要拆开一二三四五六,能不慢吗?这也反映了java普遍存在的问题---学院学究,摊子太大,脱离实际!
后来换了家公司,他们也是上了jsf的套,正好找到我来救火,一看,匆匆忙忙组件都不会写,还用的richfaces。richfaces写组件还要依照他们规范来写客户端脚本。不过我倒觉得richfaces做的要好些,他的实现理念还比较创新,与ajax结合的比较好。我还发现了richfaces当时刷新请求机制的顺序问题,让richfaces的开发者改了。这家公司后来也怕了jsf,决定不再使用。
Tapestry
后来听说tapestry性能好,我就开始试用。它是基于模板的展现,但是我一直想找动态创建组件的方法,没有。看了源码,也没什么好办法实现!找资料,很少,而且我觉得tapestry4之前都比较复杂,虽然tapestry5似乎是意识到了这一点,大刀阔斧的删了很多鸡肋。但是一直没有火起来啊!用的人少,自己用的也不是很顺手。我对他的兴趣也越累越淡,弃之。
webwork
口口声声是说基于组件的,但是我想找到动态创建组建的方法,还是没有??页面上要写组件,代码里面还是要通过id才能获得@@。晕……其他的我也不想说了,不是我想要的。
Strust2
Struts出来的早,别人用着都好,MVC嘛,简单就是美,我认同硬道理--实际用的人多就是有道理的。struts2是基于webwork2的, MVC很好,我首先自己开发标签,(开发struts2标签见我的文章 http://kazge.com/archives/71.html)。感觉不爽。
来看看广为流传的struts2的特点:
Struts2 Action有以下特点:
— Action类完全是一个POJO,因此具有很好的代码复用性。
— Action类无需与Servlet API耦合,因此进行单元测试非常简单。
— Action类的execute方法仅返回一个字符串作为处理结果,该处理结果可映射到任何的视图,甚至是另一个Action。
前两点我很赞同,第三点我很痛恨,因为涉及到xml.我还要用到过导航继承,那个配置哦,配得我头都是昏的。我真搞不懂,不就是个导航吗?有必要搞得这么复杂吗?实现个页面要配置几个地方,这是个问题啊。曾经有人问我一个struts2的程序为什么那样写,就是个登陆的功能,这个跳到那,那儿再跳到远方……他看半天没看懂¥%¥%。哎---无语。
struts2还提供多种“特性”,什么多种模板语言啊,titles啊,实际你用起来,觉得完全就是忽悠人,就算是吃饱了撑着一个项目里面用多个模板语言,它实际支持的很不好,这毛病那毛病,你用了就知道。
许多细节地方我都不说了,反正我用struts2很恼火。
SpringMVC
这个和spring结合的话倒是很方便,不过它的映射仍然需要配置或者是写注释。每写个页面要写个模板,控制器,配置mapping。我比较反感的是不能省略配置映射这一步---哪那么多配置的!!不过相对于其他来说,还是比较简洁的。如果以“保持团队编程风格一致”这个理由(我可是很不认同这个观点)来说非得选个框架的话,我就会选它。
我相信许多熟手都会自己掌控住一个灵活的适合系统的框架。通过对底层几种技术的柔和应用来构建系统,而不需要这些另外的框架。毕竟,那只是个框架,它只提供了一种工具而已。
Continue reading 我来谈谈web框架
In recent years, Internet changes our life a lot. We use e-mail and Internet phone to talk with
our friends, we get up-to-date information through web and we do shopping in the cyber-market.
Internet has many advantages over traditional communication channels, e.g. it's cost effective, it
delivers information fast and it is not restricted by time and place. [1]The more people use Internet,
the more concerns about Internet security.
In person-to-person community, security is based on physical cues. To name but a few, we
use our signature to authenticate ourselves; we seal letters to prevent others inspection and
modification; we receive receipt with the shop's chop to make sure we paid; we get information
from a reliable source. But in the Internet society, no such physical cue is available. There are
two areas that we concern about in Internet communication. The first one is secrecyhow do we
ensure no one reads the data during its transmission? The second one is authenticationhow do
we be sure that the identity of someone claiming "who it is". Imagine one day you receive an
e-mail, which the e-mail sender is "Bill Gates". How do you confirm the e-mail is actually sent
by Bill Gates?
Encryption is the way to solve the data security problem. In real life, if Tom wants to talk with
Mary secretly, he can choose a room with nobody there and talk with Mary quietly, or he can talk
with Mary using codes understandable by Tom and Mary only. We take the second approach
encryptionto transmit data through Internet. There are two kinds of encryption techniques
symmetric key encryption and asymmetric key encryption.
For symmetric key encryption, both parties should have a consensus about a secret encryption key.
When A wants to send a message to B, A uses the secret key to encrypt the message. After receiving the
encrypted message ,B uses the same (or derived)secret key to encrypt the message.The advantage of
using symmetric key encryption lies in its fast encryption and decryption processes(when compared
with asymmetric key encryption at the same security level). The disadvantages are , first, the encryption
key must be exchanged between two parties in a secure way before sending secret messages. Secondly,
we must use different keys with different parties. For example, if A communicates with B, C, D and E,
A should use 4 different keys. Otherwise, B will know what A and C as well as A and D has been
talking about. The drawbacks of symmetric key encryption make it unsuitable to be used in the Internet,
because it's difficult to find a secure way to exchange the encryption key.
For asymmetric key encryption, there is a pair of keys for each party: a public key and a
private key. The public key is freely available to the public, but only the key owner gets hold of
the private key. Messages encrypted by a public key can only be decrypted by its corresponding
private key, and vice versa. When A sends message to B, A first gets B's public key to encrypt
the message and sends it to A. After receiving the message, B uses his private key to decrypt the
message. The advantage comes in the public key freely available to the public, hence free from
any key exchange problem. The disadvantage is the slow encryption and decryption process.
[2]Almost all encryption schemes used in the Internet uses asymmetric key encryption for
exchanging the symmetric encryption key, and symmetric encryption for better performance.
Asymmetric key cryptography seems to attain secrecy in data transmission, but the authentication
problem still exists. Consider the following scenario: when A sends a message to B, A gets B's
public key from the Internetbut how can A know the public key obtained actually belongs to B?
Digital certificate emerges to solve this problem.
Digital certificate is an identity card counterpart in the computer society. When a person
wants to get a digital certificate, he generates his own key pair, gives the public key as well as
some proof of his identification to the Certificate Authority (CA). CA will check the person's
identification to assure the identity of the applicant.[3] If the applicant is really the one "who
claims to be", CA will issue a digital certificate, with the applicant's name, e-mail address and the
applicant's public key, which is also signed digitally with the CA's private key. When A wants to
send B a message, instead of getting B's public key, A now has to get B's digital certificate. A
first checks the certificate authority's signature with the CA's public key to make sure it's a
trustworthy certificate. Then A obtain B's public key from the certificate, and uses it to encrypt
message and sends to B.
Authentication is an important part everyday life. The lack of strong authentication has
inhibited the development of electronic commerce. It is still necessary for contracts, legal
documents and official letters to be produced on paper. Strong authentication is then, a key
requirement if the Internet is to be used for electronic commerce. Strong authentication is
generally based on modern equivalents of the one time pad. For example tokens are used in place
of one-time pads and are stored on smart cards or disks.
[4] Many people pay great amounts of lip service to security, but do not want to be bothered
with it when it gets in their way. It's important to build systems and networks in such a way that
the user is not constantly reminded of the security system around him. Users who find security
policies and systems too restrictive will find ways around them. Security is everybody's business,
and only with everyone's cooperation, an intelligent policy, and consistent practices, will it be
achievable.
1, cue [kju:]
n. 提示,暗示;线索
vt. 给…暗示
2, chop [tʃɔp]
n. 厚肉片,排骨
v. 剁碎,砍,切
3, secrecy ['si:krəsi]
n. 保密;秘密;隐蔽
4, symmetric [si'metrik]
a. 对称的
5, asymmetric [,eisi'metrik]
a. 不对称的
6, consensus [kən'sensəs]
n. 一致,合意,交感
7, cryptography [krip'tɔɡrəfi]
n. 密码学;密码使用法
Continue reading it-e-57 Internet Security
It might be a stretch to call the recent "Melissa" virus a positive event because it disrupted
thousands o government and commercial computer systems. But it did put the focus on content
filtering, a network security technology that observers say has been undervalued. In the long run,
many believe this new focus will prove beneficial to users.
As a macro virus attached to an e-mailed Microsoft Corp. Word document, Melissa would
not have been picked up by traditional security solutions such as firewalls or intrusion-detection
systems, which are designed to detect items that break certain global access rules. The only way
to detect a virus such as Melissa is to examine what is inside the e-mail, which can only be done
through content filtering, supporters of the technology said.
Filtering products have been around for years, but manufacturers have been struggling to
meet the needs of organizations that employ varying security policies among different users.
Recently, however, vendors have released filtering products that can be tailored to the needs of
user groups, and industry has begun working on standards that allow these products to work with
firewalls.
Content filtering encompasses several areas of protection. As well as guarding against
viruses, it includes:
E-mail filtering, which controls incoming e-mail that contains spam, file attachments that
are too large or hoax e-mails. It also can be used internally to make sure confidential information
is not accidentally or intentionally sent outside of the organization.
Uniform Resource Locator filtering, which blocks access to inappropriate sites not connected
to a user's work needs.
Malicious-code protection, which prevents hostile code embedded in Java and ActiveX
scripts in otherwise innocuous World Wide Web pages from reaching the user's browser and
being executed.
The most obvious benefit of filtering products is the ability to boost network security, but
many organizations also use them for internal network control. For example, URL filters can be
used to block access to certain sites and to maintain productivity. Message Inspector, an e-mail
filter produced by Elron Software Inc. uses context-sensitive filtering to weed out offensive or
sensitive communications in e-mail, newsgroups or FTP sites. Message Inspector is an example
of the newer generation of filter products that examine messages for words and phrases used in
conjunction with each other to narrow the range of filter targets. This strategy differs from the
one employed by traditional products that block communications based on factors such as
keywordsa process that can generate a lot of "false positive" alarms.
Melissa presented a clear idea of why people need a gateway-based virus-detection product,
"Viruses need to be kept out of the enterprise altogether because you just can't update all
virus-detection software on desktops in time to catch them."
The International Computer Security Association is working on what it calls the Common
Content Inspection program to define a general application program interface (API) that would
enable filter vendors to fit their products to a range of firewalls.
1, disrupt [dis'rʌpt]
vt. 破坏;使瓦解;使分裂;使中断;使陷于混乱
adj. 分裂的,中断的;分散的
2, hoax [həuks]
v. 欺骗,哄骗,愚弄
n. 愚弄人,恶作剧
3, boost
n. 推进,支援
v. 推进,提高
Continue reading it-e-56 Content Filtering Sifts out Viruses
Backdoor programs are typically more dangerous than computer viruses, as they can be
used by an intruder to take control of a PC and potentially gain access to an entire network.
Backdoor programs, also referred to as Trojan horses, are typically sent as attachments to
e-mails with innocent-looking file names, tricking users into installing them. They often enable
remote users to listen in on conversations using the host computer's microphone, or even see
through its video camera if it has one. Back Orifice (BO) 2000 is a backdoor program designed
for malicious use. Its main purpose is to maintain unauthorized control over another machine for
reconfiguration and data collection. It takes the form of a client/server application that can
remotely control a machine without the user's knowledge to gather information, perform system
commands, reconfigure machines and redirect network traffic.
With BO an intruder has to know the user's IP address to connect, or could scan an entire
network looking for the victim. Once connected, the intruder can send requests to the BO 2000
server program, which performs the actions the intruder specifies on the victim's computer,
sending back the results.
BO is installed on the server machine simply through the execution of the server application.
This executable file is originally named bo2k.exe, but it can be renamed. The configuration wizard
will step through the various configuration settings, including the server file (the executable), the
network protocol, port number, encryption, and password. Once this process is complete, running
bo2kgui.exe executes the user interface for BO.
It is very difficult to detect BO, because it is so highly configurable. In addition, backdoor
programs are multi-dimensional, so several detection methods are recommended to achieve maximum
protection and awareness of the installation of BO 2000 on a machine or series of machines on a
network.
We recommend coupling the use of an updated version of anti-virus software to detect
which machines on the network have BO installedand intrusion detection software to identify
attacks over the network.
Users are urged to follow three important precautions:
Do not accept files from Internet chat systems.
If you are connected to the Internet, do not enable network sharing without proper security
in place.
Do not open e-mail attachments: never run any executable files sent to you (.exe files or .zip
files with a.exe in them). It is safer if these are run through a virus checker first, but they could be
new backdoor programs or viruses that a virus scanner will not detect. It is safe to open Word
documents and Excel spreadsheets if the Microsoft Auto-Run feature is turned off. Allowing
macros to run automatically can spread e-mail viruses such as Melissa. Many people send each
other animations in e-mail: it is easy to put a backdoor program into one of these and users
cannot tell when they infect their computers with Back Orifice 2000.
1, potentially [pə'tenʃəli]
adv. 可能地,潜在地
Continue reading it-e-55 Backdoor
我使用ftpxp遇到这个问题网上都说要将-》选项-》连接-》代理服务器/防火墙-》去掉“使用被动模式。
而我一看设置,本来就是没有勾选的。我试试将其勾选,再连接竟然解决了,与网上的说法恰恰相反。真不知怎么回事??
Continue reading FTP连接后出现无法显示列表或列表错误问题的解决方法
Just as human viruses invade a living cell and then turn it into a factory for manufacturing
viruses, computer viruses are small program that replicate by attaching a copy of themselves to
another program. Once attached to the host program, the virus then lock for other programs to
"infect". In this way, the virus can spread quickly throughout a hard disk or an entire organization if
it infects a LAN (Local Area Network) or a multi-users system.
[2] Skillfully written virus can infect and multiply for weeks or months without being detected.
During that time, system backups duplicate the viruses, or copies of data or programs made and
passed to other systems to infect. At some pointdetermined by how the virus was programmed
the virus attacks. The timing of the attack can be linked to a number of situations, including: a
certain time or date; the presence of a particular user ID; the use or presence of a particular file; the
security privilege level of the user; and the number of times of a file is used.
Likewise, the mode of attack varies, so-called "being" viruses might simply display a
message, like the one that infected IBM's main computer system last Christmas with a season's
greeting.
Malignant viruses, on the other hand, are designed to damage your system. One common
attack is to wipe out data, to delete files, or to perform a format of disk.
There are four main types of viruses: shell, intrusive, operating system, and source code.
Shell viruses wrap themselves around a host and do not modify the original program.
Shell program are easy to write, which is why about half of all viruses are of this type. In
addition, shell viruses are easy for programs like Data Physician to remove.
Intrusive viruses invade an existing program and actually insert a portion of themselves
into the host program. Intrusive viruses are hard to write and difficult to remove without
damaging the host file.
Shell and intrusive viruses most commonly attack executable program filethose with.
COM or. EXE extensionalthough data are also at some risk.
Operating system viruses work by replacing parts of operating system with their own
logic. [4]Very difficult to write, these viruses have the ability, once booted up, to take
total control of your system. According to Digital Dispatch, known versions of operating
system viruses have hidden large amounts of attack logic in falsely marked bad disk
sectors. Others install RAM-resident programs or device drivers to perform infection or
attack functions invisibly from memory.
[5]Source code viruses are intrusive programs that are inserted into a source program
such
as those written in Pascal prior to the program being compiled. These are the least
common viruses because they are not only hard to write, but also have a limited number
of hosts compared to the other types.
New computer viruses are written all the time, and it's important to understand how your
system can be exposed to them and what can do to protect your computer. Follow the suggestions
listed below to substantially decrease the danger of infecting your computer system with a
potentially dangerous computer virus.
Be very cautious about inserting disks from unknown sources into your computer.
Always scan the disk's files before operating any of them.
Only download Internet files from reputable sites.
Do not open e-mail attachments (especially executable files) from strangers.
Purchase, install, and use an anti-virus software program. The program you choose must
provide three functions:
Detection.
Prevention.
Removal.
As new viruses are created everyday, upgrade your anti-virus software regularly.
1, invade [in'veid]
vt. 侵略;侵袭;侵扰;涌入
vi. 侵略;侵入;侵袭;侵犯
2, replicate ['replikit, 'replikeit]
vt. 复制;折叠
vi. 重复;折转
adj. 复制的;折叠的
n. 复制品;八音阶间隔的反覆音
3, wipe [waip]
n. 擦拭,用力打
v. 擦,消除,拭去
Continue reading it-e-54 Computer Viruses
待整理:
webGL学习资源:
官方教程:
http://www.khronos.org/webgl/wiki/Tutorial
另外比较有名的:
http://learningwebgl.com/
国内的翻译http://www.html5china.com/course/20110118_1520.html 翻译得……
初步:
http://www.cnblogs.com/pandora/articles/1918392.html
webGL比canvas2D好
http://muizelaar.blogspot.com/2011/02/drawing-sprites-canvas-2d-vs-webgl.html
自己机子上运行不了webGL,可能是驱动的问题。
说到装驱动,驱动精灵确实好用,但是它也有装不了的问题,比如这个显卡驱动就安装失败,我只好到intel官网去找。http://www.intel.com/p/en_US/support/detect/graphics [建议用ie跑]
它检测我的机器说是由电脑制招商自定义的驱动。我就找到了dell,输入我的机器service tag,嘿嘿,就列出一大堆可更新的驱动。果然有显卡的。安装重启,还是运行不了。后来才发现,每个浏览器都默认不是打开webGL支持的。
对于firefox,打开about:config,查找webgl,把看着像的代开就可以了。(这么说主要是每个版本都不太一样,例如FF4.0.1要设置webgl.force-enabled=true)。
在chrome里则需要添加启动参数(winXP下),见http://code.google.com/p/chromium/issues/detail?id=72975
--ignore-gpu-blacklist
不过目前最新safari只能在mac os系统下面才能提供webgl 见http://www.khronos.org/webgl/wiki_1_15/index.php/Getting_a_WebGL_Implementation#Safari。
webGL demo:
http://www.khronos.org/webgl/wiki/Demo_Repository
怎样兼容openGL和Directx [抽象]
http://www.gamedev.net/page/resources/_/reference/programming/striving-for-graphics-api-independence-r1672
webgl官方规范初始化代码是getContext('webgl'),而实际可用的是getContext('experimental-webgl')。官方解释是最终会向webgl过渡。
GLSL资源:(copy别人)
OpenGL Shading Language Specification
http://www.opengl.org/documentation/oglsl.html
OpenGL低级着色语言与高级着色语言
http://gameres.com/Articles/Program/Visual/3D/OpenGLOctane3d.pdf
OpenGL Shading Language Tutorials
http://www.clockworkcoders.com/oglsl/
OrangeBook's Web Site
http://www.3dshaders.com/
下面依据http://learningwebgl.com/的教程来做笔记:
在进入课程前先看看它的示例代码,从第一课的下载链接中下载:(示例代码和教程写的不一样?)
要在javascript使用webGLContext编译GLSL。GLSL的写法涉及到的功能可能会导致浏览器报错(例如example0-3就报错)。
微软最近说的不支持WebGl是由于安全原因,很大部分都是说对图形卡功能的直接操作。我想他大概指的就是GLSL这种基于c形式的图形语言吧。(不过微软这种说法我觉得很勉强!)
实际上目前的webgl示例,我稍微改动一下,就导致FF在之后的绘制中一直不正常,重启FF就好了(估计是把webgl引擎搞坏了)。刚起步,我能理解……
但是到了第五课就运行不了了,只好改为chrome,可以运行。
在webglutils.js中的requestAnimFrame函数是浏览器专门为动画提供支持的函数:
见http://www.otakustay.com/animation-and-requestanimationframe/
有的需要ajax请求模型文件,所以需要发布后运行。
一个macbook的模型数据有1.2M,压缩后120k,怪不得3d文件这么大。
查了一下openGL 2d,大都说:
看nehe教程1-6即可。
z坐标固定,正交投影(较慢)。
跨平台下可考虑SDL。
www.opengl.org里面有webgl手册卡,打印出来很好用。
第十二课展示了两个物体贴图的示例(月亮和箱子)。
Continue reading webGL入门
In the traditional, manual working environment, information (in the form of texts, numbers,
etc.) and medium (such as paper) were closely intertwined. Long experiences in their usage and
the application of anti-counterfeit technology have made traditional forms of information very
difficult to alter. Similarly, it was also difficult to send bogus information by an impersonator.
Even those who succeeded in doing so usually were discovered very easily. In today's world of
information and technology, the Internet is rapidly changing many ways people do things.
Similarly, it has also introduced many management problems. For man and information to
interact, there is a need to establish a reliable information system working environment in which
we grasp, distribute, store and manage information. Such an environment must be able to provide
ample protection against tampering, stealing, delaying, transmission by fictitious parties, denial
of having faxed a document, illegal intrusion and the like. Only so can we build a strong
foundation for an information society.
Security in the process of transmission, data resemble all the cash in a bank armored van. It
can be lost or robbed anytime. With the purpose of maintaining data transmission security on the
Internet, most people use encryption technology. Data to be transmitted is first encrypted as a
way to prevent snooping or theft. The "Public-Key Cryptographic System" has the functions of a
"digital signature" and requires no prior exchange of keys while offering the advantages of
"secret communication." To make this system work smoothly, it is first necessary to agree and
certify beforehand as to who or which institution holds a certain key. This goes to say that a
certification management system must first be established to handle issuance or revocation of
electronic certification. In addition to this system, all matters related to its usage and application
services must form part of the basic operations framework of the whole system.
The first important thing in maintaining data security is the periodic making of back-ups.
Personal computer users must periodically make back-ups of data using different back-up tools
(such as diskettes, magnetic tape, removable hard drives, etc.) and store them in a safe location. If
and when data from a personal computer is damaged and cannot be recovered, the back-up copies
will serve their purpose. Thus, the first step in data security is to develop the habit of making
periodic back-ups. It is the most effective way to assure data security under extreme circumstances.
There are many factors that pose a threat to data security. They include viruses, deliberate acts of
sabotage and theft. Users can guard against them using the following methods: Use a protection
password for access to personal computers and the Internet. This prevents the unauthorized from
stealing or damaging data inside personal computers. Handle files with encryption protection and
decipher only when necessary. In this way, even if files are stolen, encryption would still be
necessary to use the files. Files transmitted through the Internet must first be encrypted. The
Internet is an open environment where anybody can intercept data during transmission. Encryption
of such data is an effective way to prevent unwanted disclosure. Respect intellectual property rights
by refraining from using software programs of dubious sources. This way, viral attack can be
avoided or the use of Trojan Horse by the unscrupulous to steal data can be thwarted.
Passwords and names of users of databases and application programs must be kept
confidential. Avoid using birth dates, telephone numbers and other readily accessible figures as
passwords. They must be handled carefully and recorded in secret locations. Periodic changing of
passwords is also recommended. Print-outs of application software programs no longer used must
be shredded to prevent disclosure of data. Build up a no-diskette system environment to avoid
computer virus contamination.
To guarantee data security, the Information Department must, in addition to setting up
comprehensive regulations, ensure cooperation by users. Their usage of computer equipment
according to regulated procedures contributes to the effective maintenance of data security.
It is necessary to build up a data security audit system that includes periodic and random
spot checks and testing of information security and protection operations, as well as conduct
tracking and improvement of deficiencies.
1, intertwined [,intə:'waind]
adj. 缠绕的;错综复杂的
v. 使缠结,缠绕(intertwine的过去式)
2, bogus ['bəuɡəs]
adj. 假的;伪造的
n. 伪币
3, impersonator [im'pə:səneitə(r)]
n. 演员;模拟艺人
4, grasp [ɡrɑ:sp, ɡræsp]
n. 抓住;理解;控制
vt. 抓住;领会
vi. 抓
5, tampering ['tæmpəriŋ]
n. 贿赂
adj. 干涉的
v. 干预(tamper的ing形式)
6, fictitious [fik'tiʃəs]
a. 假想的,编造的,虚伪的
7, van [væn]
n. 先锋;厢式货车;增值网
vt. 用车搬运
8, snooping
v. 窥探(snoop的现在分词);探听
9, revocation [,revə'keiʃən]
n. 废弃,取消
10, decipher [di'saifə]
n. 密电译文
vt. 解释(过去式deciphered,过去分词deciphered,现在分词deciphering,第三人称单数deciphers,名词decipherer,形容词decipherable);译解
11, thwarted
adj. 挫败的
v. 挫败(thwart的过去分词);反对
12, thwart [θwɔ:t]
vt. 挫败;反对;阻碍;横过
adj. 横放的;固执的
n. 划手座;独木舟的横梁
adv. 横过
prep. 横过
13, unscrupulous [ʌn'skru:pjuləs]
a. 肆无忌惮的,无天理的
14, conduct ['kɔndʌkt, kən'dʌkt]
vi. 导电;带领
vt. 管理;引导;表现
n. 进行;行为;实施
Continue reading it-e-53 The Development of Data Transmission
Pagination
