# it-e-51 Concept of Information Security

The issue of information security and data privacy is assuming tremendous importance among
global organizations, particularly in an environment marked by computer virus and terrorist attacks,
hackings and destruction of vital data owing to natural disasters. [1] When it comes to information
security, most companies fall somewhere between two extreme boundaries: complete access and
complete security. A completely secure computer is one that is not connected to any network and
physically unreachable by anyone. A computer like this is unusable and does not serve much of a
practical purpose. On the other hand, a computer with complete access is very easy to use, requiring
no passwords or authorization to provide any information. [2] Unfortunately, having a computer with
complete access is also not practical because it would expose every bit of information publicly,
from customer records to financial documents. Obviously, there is a middle ground this is the art
of information security.
The concept of information security is centered on the following components:
Integrity: gathering and maintaining accurate information and avoiding malicious modification
Confidentiality: avoiding disclosure to unauthorized or unwanted persons
For an information system to be secure, it must have a number of properties:
[3] service integrity. This is a property of an information system whereby its availability,
reliability, completeness and promptness are assured;
data integrity. This is a property whereby records are authentic, reliable, complete, unaltered
and useable, and the processes that operate on them are reliable, compliant with regulatory
requirements, comprehensive, systematic, and prevent unauthorized access, destruction, alteration
or removal of records. These requirements apply to machine-readable databases, files and archives,
and to manual records;
data secrecy . This is a property of an information system whereby information is available
only to those people authorized to receive it. Many sources discuss secrecy as though it was only
an issue during the transmission of data; but it is just as vital in the context of data storage and
data use;
authentication. Authentication is a property of an information system whereby assertions
are checked. Forms of assertion that are subjected to authentication include:
"data authentication", whereby captured data's authenticity, accuracy, timeliness,
completeness and other quality aspects are checked;
"identity authentication", whereby an entity's claim as to its identity is checked.

This applies to all of the following:
the identity of a person;
the identity of an organizational entity;
the identity of a software agent; and
the identity of a device.
"attribute authentication", whereby an entity's claim to have a particular attribute is
checked, typically by inspecting a "credential". Of especial relevance in advanced
electronic communications is claim of being an authorized agent, i.e. an assertion by a
person, a software agent or a device to represent an organization or a person.
Non-repudiation. This is a property of an information system whereby an entity is unable
to convincingly deny an action it has taken.
There is a strong tendency in the information systems security literature to focus on the
security of data communications. But security is important throughout the information life-cycle,
i.e. during the collection, storage, processing, use and disclosure phases, as well as transmission.
Each of the properties of a secure system identified above needs to be applied to all of the
information life-cycle phases.

1, tremendous  [tri'mendəs]
a. 巨大的,惊人的

2, malicious  [mə'liʃəs]
a. 怀恶意的,恶毒的

3, disclosure  [dis'kləuʒə]
n. 揭发,败露

4, promptness  [prɔmptnis]
n. 机敏，敏捷；迅速

5, whereby  [(h)wєə'bai]

6, relevance
n. 中肯,适当,关联,相关性

7, literature  ['litəritʃə]
n. 文学,文献

Continue reading it-e-51 Concept of Information Security

# it-e-50 What's actually involved in programming

What's actually involved in programming the actual process of writing programs? Here's a
quick overview of the process:
Write a program.
Compile the program.
Run the program.
Debug the program.
Repeat the whole process until the program is finished.
Let's discuss those steps one by one.
I have a small amount of bad news for you: you can't write programs in English. It would be

nice indeed to be able to type "count the number of words in a sentence" into your computer and
have it actually understand, but that's not going to happen for a while (unless someone writes a
program to make a computer do that, of course). Instead, you have to learn a programming
language.
Much of a programming language is indeed in English. Programming languages commonly
use words like "if", "repeat", "end" and such. Also, they use the familiar mathematical operators
like "+" and "=". It's just a matter of learning the "grammar" of the language; how to say things
properly.
So, we said "Write a program". This means: write the steps needed to perform the task,
using the programming language you know. You'll do the typing in a programming environment
(an application program which lets you write programs, which is an interesting thought in itself).
A common programming environment is CodeWarrior, and another common one is InterDev, but
you don't need to worry about those just yet. Some programming environments are free, and
some you have to buy just like any other application program. Commercial (non-free)
programming environments cost anything from $50 to$500+, and you'll almost always get a
huge discount if you're a student or teacher of some kind.
Incidentally, the stuff you type to create a program is usually called source code, or just code.
Programmers also sometimes call programming coding. We think it sounds slightly cooler.
In order to use a program, you usually have to compile it first. When you write a program
(in a programming language, using a programming environment, as we mentioned a moment
ago), it's not yet in a form that the computer can use. This isn't hard to understand, given that
computers actually only understand lots of 1s and 0s in long streams. You can't very well write
programs using only vast amounts of 1s and 0s, so you write it in a more easily-understood form
(a programming language), then you convert it to a form that the computer can actually use. This
conversion process is called compiling, or compilation. Not surprisingly, a program called a
compiler does the compiling.
It's worth mentioning that if your program has problems which the compiler can't deal with,
it won't be able to compile your program.
You'll be pleased to hear that your programming environment will include a suitable compiler
(or maybe more than one compiler: each different programming language your programming
environment allows you to use requires its own compiler). Compilers are just fancy programs, so
they too are written by programmers. Programmers who write compilers are a bit like gods; they
make it possible for everyone else to program.
Now that you've compiled the program into a form that the computer can use, you want to
see if it works: you want to make the computer perform the steps that you specified. This is
called running the program, or sometimes executing it. Just the same as how a car isn't of much

use if you don't drive it, a program isn't of much use if you don't run it. Your programming
environment will allow you to run your program too.
You've probably heard the term "debug" before (it's pronounced just as you might expect:
"dee-bug"). It refers to fixing errors and problems with your program. As I'm sure you know, the
term came about because the earliest computers were huge building-sized contraptions, and
actual real-life insects sometimes flew into the machinery and caused havoc with the circuits and
valves. Hence, those first computer engineers had to physically "debug" the computers they had
to scrape the toasted remains of various kinds of flying insects out of the inner workings of their
machines. The term became used to describe any kind of problem-solving process in relation to
computers, and we use it today to refer purely to fixing errors in our code.
You may also have heard the phrase "it's not a bug, it's a feature". Programmers sometimes
say this when someone points out a problem with their programs; they're saying that it's not a bug,
but rather a deliberate design choice (which is almost always a lie). This is rather like
accidentally spilling coffee all over yourself whilst simultaneously falling down some stairs, then
getting up and saying "I meant to do that".
you'll often find the picture of an insect shown in your programming environment to indicate
debugging). You usually debug your program by stepping through it. This means just what it
sounds like: you go through your program one step at a time, watching how things are going and
what's happening. Sooner or later (usually later), you'll see what's going wrong, and slap yourself
And then you repeat the whole process until you're happy with the program. This is trickier
than it might sound, since programmers are never happy with their programs. You see,
programmers are perfectionists never satisfied until absolutely everything is complete and
elegant and powerful and just gorgeous. Programmers will commonly release a new version of
their program every day for a couple of weeks after the initial release.
As you can imagine, enjoying an intellectual challenge is an important trait to have when
you're going back to correct and enhance your code many times over. You'll actually find that you
can't wait to get back into your program and fix the bugs, make improvements, and refine the
existing code.
And that's the basic process of programming. Note that most programming environments
will make a lot of it much easier for you, by doing such things as:
Taking you to the specific bit of code which is causing the compiler to puke
Letting you quickly look up documentation on the programming language you're using
Letting you just choose to run the program, and compiling it automatically first

Colouring parts of your code to make it easier to read (for example, making numbers a
different colour from other text)
And many other things
So, don't worry too much about the specifics of compiling then running then debugging or
whatever. The purpose of this section was mostly to make you aware of the cyclical nature of
programming: you write code, test it, fix it, write more, test it, fix, and so on.

1, fancy  ['fænsi]
n. 幻想；想像力；爱好
vt. 想象；喜爱；设想；自负
vi. 幻想；想象

2, contraption  [kən'træpʃən]
n. 奇妙的装置
3, havoc  ['hævək]
n. 大破坏,蹂躏
4, valves
n. 阀门；瓣膜（valve的复数）；真空管
v. 装阀于…；以活门调节（valve的三单形式）
5, insects

6, circuits
n. 电路
7, scrape  [skreip]
n. 刮掉,擦掉
v. 刮掉,擦掉
8, toasted
v. 烤（toast的过去分词）；敬酒
9, spilling  ['spiliŋ]

10, whilst  [wailst]
conj. 当...时(可是,虽然,只要)
11, slap  [slæp]
n. 掴,侮辱,拍击声
v. 拍击,侮辱,申斥
12, ridiculously
13, gorgeous  ['gɔ:dʒəs]
a. 华丽的,灿烂的,好极了
14, trait  [treit]
n. 特征,特点,特性

Continue reading it-e-50 What's actually involved in programming

# maven打包，在manifest.mf里面加入时间戳

<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>buildnumber-maven-plugin</artifactId>
<executions>
<execution>
<phase>validate</phase>
<goals>
<goal>create</goal>
</goals>
</execution>
</executions>
<configuration>
<format>{0,date,yyyyMMdd-HHmmss}</format>
<items>
<item>timestamp</item>
</items>
<buildNumberPropertyName>
current.timestamp
</buildNumberPropertyName>
</configuration>
</plugin>

<plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-war-plugin</artifactId> <configuration> <warName>xxxxx</warName> <archive> <manifestEntries> <Project-name>${project.name}</Project-name> <Project-version>${project.version} </Project-version> <Build-Time> ${current.timestamp} </Build-Time> </manifestEntries> </archive> …… 这样写还没完，直接打包会报错误： java.lang.NullPointerException: The scm url cannot be null. at org.apache.maven.scm.manager.AbstractScmManager.makeScmRepository(AbstractScmManager.java:183) 查了查，说是要加个没用的scm节点才行: <scm> <connection>scm:svn:http://127.0.0.1/none</connection> <developerConnection> scm:svn:https://127.0.0.1/none </developerConnection> <tag>HEAD</tag> <url>http://127.0.0.1/isaynone</url> </scm> 这里面的url都是无用，瞎写都可以。直接复制过去也可。 这样就可以加入时间戳到manifest.mf里面去了。 不过我真服了这样的解决办法。maven有多恶心就多恶心了！ ---------- 这里补充一下jar包的情形： 这个办法容易遇到m2e的老问题 http://ljhzzyx.blog.163.com/blog/static/383803122013440345857/ 所以还是推荐使用buildnumber-maven-plugin的方式，大部分一样针对maven-jar-plugin修改 <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-jar-plugin</artifactId> <version>2.2</version> <configuration> <archive> <manifestEntries> <Copyright>kzg 2013</Copyright> <Project-name>${project.name}</Project-name>

<Project-version>${project.version}</Project-version> <Build-Time>${current.timestamp}</Build-Time>

</manifestEntries>

</archive>

<skip>true</skip>

</configuration>

</plugin>

http://m.oschina.net/blog/95181

# Beginning.iPhone.Games.Development 读书笔记

UIKit:也可用来开发简单的游戏，如果不要求达到60fps,它是可行的。

Quartz 2D and Core Animation：它也可以开发游戏，但是有点慢。Core Animation可以为UIKit的元素创建动画，而且是硬件加速的。

OpenGL ES(6-8章):则是首要工具了，可以绘制3D,2D.

Audio APIs(9-12章):openAL提供声音API.

Networking(13-16章):sockets,streams, Bonjour, servers, clients, Bluetooth, and Wi-Fi.

EAGLView.包装了CAEAGLLayer.

# it-e-49 Program Debugging and Program Maintenance

If your program exits abnormally, then there is almost certainly a logical error (a bug) in
your program. 99% of programming is finding and removing these bugs. Here are some tips to
Before going on, it is necessary to reiterate the standard OLC policy on program debugging:
Do *NOT* ask OLC for help debugging a program.[1] This stock answer is intended to give you
some tips on how to get started in this area; however, in general, program debugging requires
more time and effort than consultants are usually able to provide.
The first step is to find the exact line where the program exits. One way of doing this is with
print statements scattered through your code. For example, you might do something like this in
myplot(int x, int y)
{ printf("Entering myplot()\n"); fflush(stdout);
---- lots of code here ------
printf("Exiting myplot()\n"); fflush(stdout);
return; }
The fflush() command in C ensures that the print statement is sent to your screen immediately,
and you should use it if you're using printf() for debugging purposes.
[2] Once you have narrowed down the line where your bug occurs, the next step is to find out
the value of your variables at that time. You will probably find that one of your variables
contains very strange values. This is the time to check that you have not done the following
things:
Assigned an integer value to a pointer variable; or
Written to a subscript that is beyond the end of an array (remember that in C array
subscripts go from 0 to N-1, not from 1 to N.)
Other mistakes also cause bugs. Make sure that your loops test correctly for their end conditions,
for example.
Other kinds of bugs (programs not exiting, incorrect output) are debugged using similar
methods. Again, find the line where the first error occurs, and then check the values of your
variables. Once you fix a bug, recompile your program, run it again, and then debug it again as
necessary.

Using printf() is a primitive method of debugging, but sometimes it's the only one that will
work . If your program is too big for a debugger (such as Saber or Ddbx) or if you are working
on a non-Athena platform, you may not have a debugger available. Usually, though, it is quicker
and easier to use a debugger. Athena has several sophisticated debugging tools available. Saber is
the tool of choice for C programmers. Gdb and Dbx may also come in handy, and both of these
work with Fortran as well as with C. There are stock answers that introduce Saber and Dbx, and
Saber even comes with a tutorial.
It is a fact of life in program design but there seems to be always one last bug or error to be
corrected. We can broadly classify the errors as:
Syntax errors this class of error means that a mistake is made in the language used to
state the algorithm.
Logic errors the algorithm is syntactically correct but doesn't do what is intended.
Data range and data type errors the algorithm is syntactically correct and logically
correct but can be threatened by the wrong kind of data or by values which are out of
range.
[3] The syntax errors aren't a serious issue during the program design phase since in practice,
after designing and testing the design, the program will be implemented in a computer program
language and it is at this point that syntax errors become a problem. Even so syntax errors are a
minor problem since the process of building the program will capture the errors. The program
simply won't build until all the syntax errors are removed.
The logic errors are a much more serious problem since there is no way to eliminate these
other than rigorously testing the program design.
The data errors are also serious errors and in some respects are harder to deal with than logic
errors.
Once launched, the program needs to be maintained. Definition for program maintenance is
that updating programs from time to time keeps abreast of changes in an organization's needs or its
hardware and software. Based on the maintenance tasks needed to be performed, the program
administrators should determine on-going financial and staffing needs and how they will be met.
Program maintenance represents a major portion of the total expenditures on application programs.

OLCThe Online Learning Center

1, expenditures
n. 开支，支出（expenditure复数形式）

2, staff  [stɑ:f]
n. 全体人员,同事
n. 杆,棒
vt. 配备员工

Continue reading it-e-49 Program Debugging and Program Maintenance

# it-e-48 OOP Is Much Better in Theory Than in Practice

Like many ideas that sound good in theory but are clumsy in practice, object-oriented
programming (OOP) offers benefits only in a specialized context—namely, group programming.
And even in that circumstance the benefits are dubious, though the proponents of OOP would
have you believe otherwise. Some shops claim OOP success, but many I've spoken with are still
"working on it." Still trying to get OOP right after ten years? Something strange is going on here.
Certainly for the great majority of programmers—amateurs working alone to create
programs such as a quick sales tax utility for a small business or a geography quiz for
Junior—the machinery of OOP is almost always far more trouble than it's worth. OOP just
introduces an unnecessary layer of complexity to procedure-oriented design. That's why very few
programming books I've read use OOP techniques (classes, etc.) in their code examples. The
examples are written as functions, not as methods within objects. Programming books are trying
to teach programming—not the primarily clerical and taxonomic essence of OOP. Those few
books that do superimpose the OOP mechanisms on their code are, not surprisingly, teaching
about the mysteries of OOP itself.
Of course professional gang programming has specialized requirements. Chief among them
is that the programmers don't step on each other's toes. For instance, a friend who programs for
one of the world's largest software companies told me he knows precisely what he'll be working
on in one year. Obviously, OOP makes sense in such a bureaucratic system because it needs to be
intensely clerical. Helping to manage large-scale, complex-programming jobs like the one in
which my friend is involved is the primary value of OOP. It's a clerical system with some built-in
security features. In my view, confusing OOP with programming is a mistake.
Consider the profound contradiction between the OOP practices of encapsulation and
inheritance. To keep your code bug-free, encapsulation hides procedures (and sometimes even
data) from other programmers and doesn't allow them to edit it. Inheritance then asks these same
programmers to inherit, modify, and reuse this code that they cannot see—they see what goes in
and what comes out, but they must remain ignorant of what's going on inside. In effect, a
programmer with no knowledge of the specific inner workings of your encapsulated class is
asked to reuse it and modify its members. True, OOP includes features to help deal with this
problem, but why does OOP generate problems it must then deal with later?
All this leads to the familiar granularity paradox in OOP: should you create only extremely
small and simple classes for stability (some computer science professors say yes), or should you
make them large and abstract for flexibility (other professors say yes). Which is it?
A frequent argument for OOP is it helps with code reusability, but one can reuse code
without OOP—often by simply copying and pasting. There's no need to superimpose some
elaborate structure of interacting, instantiated objects, with all the messaging and fragility that it

introduces into a program. Further, most programming is done by individuals. Hiding code from
oneself just seems weird. Obviously, some kind of structure must be imposed on people
programming together in groups, but is OOP—with all its baggage and inefficiency—the right
solution?

1, dubious  ['dju:bjəs]
a. 怀疑的,可疑的

2, proponents
n. 支持者；建议者（proponent的复数）

3, quiz  [kwiz]
n. 小考,随堂测验,恶作剧
v. 简单测验,恶作剧

4, clerical  ['klerikəl]
n. 牧师
a. 书记的,事务上的,抄写员的

5, essence  ['esns]
n. 本质,精髓

6, bureaucratic  [,bjurəu'krætik]

7, intensely

Continue reading it-e-48 OOP Is Much Better in Theory Than in Practice

Chrome / Safari:

chrome还是不一样

Firefox:
linkNode.sheet 在 css 插入 DOM 中后立刻有值，插入前为 undefined
在文件下载并解析好后，
同域时返回 cssRuleList
只要是跨域(不管对错)抛出 NS_ERROR_DOM_SECURITY_ERR

IE6-9 / Opera:
linkNode.sheet 和 cssRules 在 css 插入 DOM 后都立刻可访问，cssRules 为 []
当文件下载完成时，cssRules 为 cssRuleList

缺陷：Opera 遇到 404 时，需要降级到 timeout

# 使用反向代理问题

public static String buildUrl(String strHost, String strContext, String argAbsolutePath)
{
if (!argAbsolutePath.startsWith("/"))
{
argAbsolutePath = "/" + argAbsolutePath;
}
return MessageFormat.format("http://{0}{1}{2}", new Object[] { strHost, strContext, argAbsolutePath });
}

# it-e-47 Object Orienta tion

OO can model a complex reality in a very natural way.
An example is "the cup of coffee". This shows interaction between customer, waiter and
kitchen.
Customer and kitchen don't know each other. The waiter is the intermediary. (Encapsulation).
Waiter and kitchen act differently to the request "a black coffee" (Polymorphism)
Both waiter and kitchen supply coffee (Inheritance).
The benefits of OO are higher for complex business processes. The more complex the better.
Different responsibilities, lots of exceptions, and processes that "look alike". Those are the ideal
ingredients for an OO approach.

Encapsulation means as much as shielding. Each
OO object has a shield around it. Objects can't "see" each
other. They can exchange things though, as if they are
interconnected through a hatch.
Customer, waiter and kitchen are three shielded objects
in the "cup of coffee" example. Customer and kitchen do not
know each other. The waiter is the intermediary between
those two. Objects can't see each other in an Object-oriented
world. The 'hatch' enables them to communicate and exchange coffee and money.
Encapsulation keeps computer systems flexible. The business process can change easily.
The customer does not care about the coffee brew process. Even the waiter does not care. This
allows the kitchen to be reconstructed, is only the "hatch" remains the same. It is even possible to
change the entire business process. Suppose the waiter will brew coffee himself. The customer
won't notice any difference.
Encapsulation enables OO experts to build flexible systems. Systems that can extend as your
business extends. Every module of the system can change independently, no impact to the other
modules.
Objects can respond differently to the same message. Both waiter as kitchen respond to"a
black coffee".
The actions are different though.
The waiter passes the message to the
kitchen, waits for response, delivers
coffee and settles the account.
The kitchen brews fresh coffee and
passes it to the waiter.
The same message with different
implementations, that is polymorphism.
Polymorphism makes Object-oriented systems extremely suitable for various exceptions and
exceptions to exceptions.
Inheritance
Similar, but just a little bit different. The world is full of exceptions and similarities. Object
Orientation places everything perfectly in a class tree.
Both waiter and cook are employees. So they both
have an employee number. This generic
employee number gets a generic place in
Employee.
Both return a cup of coffee to the question "A
cup of coffee please". That similar behavior

also gets a generic place in Employee.
There are some exceptions. Waiter and
Cook have different methods to get a
cup of
coffee. Those specific methods get a
specific place, reusing the more generic
part in Employee.
situation is, Object Orientation can cope with
it.

1, intermediary  [,intə'mi:diəri]
n. 中间人；仲裁者；调解者；媒介物

2, hatch  [hætʃ]
n. 孵化；舱口
vt. 孵；策划
vi. 孵化

3, cope  [kəup]
v. (with)竞争,对抗,对付,妥善处理
vi. 对付,妥善处理

Continue reading it-e-47 Object Orienta tion

## Pagination

Total views.

Powered by Hydejack v6.6.1