216 Matching Annotations
  1. Oct 2019
    1. Different DeFi projects have taken different approaches to implementing this oracle, but they can generally all be classified in one of five ways

      5 ways of price oracle

  2. Jul 2019
    1. Here is the extended code for getting a node in the Merkle Patricia trie:

      todo

    2. first nibble

      [1] [2] [_3_extension_orleaf] [_4_path_len_event_orodd]

    3. [ f, 1, c, b, 8, 10]

      leaf node with odd path: 0xf1cb8

      should prefixed with: 0x3

      -> 0x 3f 1c b8

    4. [ 0, f, 1, c, b, 8, 10]

      leaf node with even path: 0x0f1cb8

      should prefixed with: 0x20

      -> 0x20 0f 1c b8

    5. [ 1, 2, 3, 4, 5, ...]

      odd extension node with path: 0x12345<br> should prefix with nibble: 0x1

      -> 0x11 23 45

    6. [ 0, 1, 2, 3, 4, 5, ...]

      extension node with even path: 0x012345<br> with prefix: 0x00

      -> 0x00 01 23 45

    7. a kilobyte of extra space to store one level per character

      why 1k per level?

      (16+1) slots * 256bits per slot?

    1. This middleware is executed after router processes the request

      and before handler process the request(?)

    2. Handler is processed in the end after all middleware are finished executing.

      middleware first, handler second

  3. Jun 2019
    1. key world: merkle proof

    2. The state in Ethereum essentially consists of a key-value map, where the keys are addresses and the values are account declarations, listing the balance, nonce, code and storage for each account (where the storage is itself a tree).

      state in eth: a k-v map

      • key: address
      • value: account infos: balance, nonce, code & storage (which itself is another tree)
    3. So what is the benefit of this strange kind of hashing algorithm? Why not just concatenate all the chunks together into a single big chunk and use a regular hashing algorithm on that? The answer is that it allows for a neat mechanism known as Merkle proofs:

      Reason why Merkle Tree

    1. For example, summing two numbers costs 3 gas. Multiplying them costs 5 gas. Storing a 256bit word into the blockchain costs 20000 gas, which means storing 1kb of data costs 640000 gas.

      computation is cheap, storing is expensive

      • add: 3gas
      • mul: 5gas
      • storing 32 bytes: 2w
  4. May 2019
    1. For more on objects and prototypes see Object.prototype. For an explanation of object prototypes and the object prototype chains see Inheritance and the prototype chain.

      todo if need to know more about prototype and prototype chain

    2. We have introduced another keyword: new. new is strongly related to this. It creates a brand new empty object, and then calls the function specified, with this set to that new object.

      difference between calling function directly and using the key word: new is all about the meaning of this:

      • directly call: this is the obj current func called upon
      • new: this is a newly created empty object
    3. Person.prototype is an object shared by all instances of Person

      Person() is a function, function is object

      Person.prototype is an object shared by all instances created by the function: Person()

    4. constructor functions

      functions that designed to be called with keyword new:

      constructor functions

    1. A type switch is a construct that permits several type assertions in series.

      好用

    1. An empty interface may hold values of any type

      cool

    2. the empty interface

      like Object in Java

    3. An interface value

      没太懂这个 interface value 有什么特别的


      知道了,注意这里变量 i 的类型是 interface I, 而非具体的 struct T 或 type F


      interface value 是 value:一个值,这个值的类型是满足某个 interface 的具体类型

      比如 T{"Hello"} 这个值,它的类型是满足 interface M 的具体类型: T

    4. Every type implements at least zero methods.

      tricky

  5. Apr 2019
    1. Closing a Short Position means a trader is buying Shares of an Outcome they are short on

      ?

    2. two ways: by selling the Shares they hold to another trader in exchange for Ether, or by Settling their Shares with Augur’s smart contracts.

      2 ways:

      1. settle with another trader before finalized, burn Complete set, get back ETH
      2. settle with augur contract if market finalized, give winning Share, get back ETH
    1. Create Complete Set

      这儿 Alice 和 Bob 赔率上是达成了一致的,即 8:2

      注意 Bob 这儿是想以 0.2 的价格买 B,和想以 0.8 的价格买 A 的 Alice 刚好能够凑成 Complete Set

      只不过 Bob 这儿只想买半个 Share,所以是 Partial Fill

    2. Direct Trade

      Share 可以直接转移和买卖,看来 Share 很可能也是一种 ERC20

      不知道是每个 Market 专属的,还是整个 Augur 通用的。

    3. Note that Bob could have also wanted to sell 1 SHARE of A for 0.8 ETH, which would have been a “Ask Outcome A, 1 SHARE for 0.8 ETH”. This would have had created the same result as shown above, even though he has no SHARES.

      "Sell 1 Share of Yes for 0.8ETH" is the same as:

      "Buy 1 Share of No for 0.2ETH"

      以上两个动作分别记做 Action-Y 和 Action-N

      两者都是在对事件押注,Action-Y 表示说我觉得事件发生的概率是 0.8,即不发生的概率是 0.2

      这儿所谓的 is the same, 是不是指的:

      当没有 Share of Yes 的时候,我想 sell Yes, 其实不是在卖Yes,而系统实际上是在买 No ?


      本质是在一个达成共识的赔率上,做两边的下注。<br> 而在一个达成共识的赔率上,到底下注哪边,其本质反映的是我心理预期的概率和实际赔率的不一致。

      如果我心理的概率和赔率完全一致,比如硬币正反面对赌,赔率是 1:1,那么我还参加这个赌局,就是完全碰运气而已了。

      但是如果正反的赔率是1:2,我肯定买正面,因为我心理预期的概率是1:1,当前赔率和预期发生了偏离,我觉得有利可图,于是买正面。


      所以 Augur 里的 Complete Set,指的是一个在达成共识的赔率上形成了对手方的对赌。

      上面到底是买 Yes,还是卖 No,其实是不同的事情,是在同一赔率下,我觉得 Yes 实际的概率会更大,于是 Action-Y,这时,为了形成有效赌局,我需要一个人来买该赔率下的另一边,也即是等一个觉的 No 的概率大于赔率所示的另一人来下注。

  6. Mar 2018
    1. 代码设计模式

      skipped for now, worth reading in future

  7. Oct 2017
  8. www.silhouette.rocks www.silhouette.rocks
    1. provider is a service that handles the authentication of an identity

      authorization?

  9. www.silhouette.rocks www.silhouette.rocks
    1. // As the body of request can't be parsed twice in Play we should force // to parse empty body for UserAwareAction

      ?

  10. www.silhouette.rocks www.silhouette.rocks
    1. An endpoint in Play is either an Action or a WebSocket and Silhouette provides mechanisms to secure both of them.

      endpoint: an action, or more specifically, an url to call

      simple and stupid

  11. www.silhouette.rocks www.silhouette.rocks
    1. In Silhouette a provider is a service that handles the authentication of an identity.

      a service that handles the authentication of an identity

      那和 Authenticator 有啥区别?

    2. Events

      worth to looking at

    1. It can be stateless with the disadvantages that the JWT can’t be invalidated.

      我理解这儿 stateless 的意思是不需要后端的数据库的支撑,直接通过 privatekey 来校验 jwt 的合法性,但是无法使其过期(或者说提前过期)

    2. Authenticator

      这儿 Authenticator 看起来更应该理解成 工卡一样的东西,是一个用于验证的东西?

    3. stores only some data

      Authenticator 就是存了一些数据而已?

    4. Authenticator

      没太搞懂这个是干啥的

      按字面意思,应该是一坨做认证逻辑的代码,不过看这儿的描述,不太像这个意思。反倒是这儿提到的 Authenticator Service 可能是做这个的

    1. provider

      这儿的 provider 指的是啥?

      Twitter或者facebook这种?

    2. Authenticator

      Authenticator 定义了验证身份的方法(?)

    3. Identity

      identity 定义了 用户(?)

  12. Sep 2017
  13. Mar 2017
  14. Feb 2017
  15. Jan 2017
    1. 注意,经过上面的设置,无法调节系统的声音大小了。等用完了录屏的需求,可以按下面的操作恢复系统音量调节的功能。

      Mac 录屏,收录系统音的解决方案

  16. Dec 2016
    1. 类之间的关系是我们需要关注的
      1. 虚线箭头, 实现
      2. 实现箭头,继承
      3. 空心菱形,聚合
      4. 实心棱形,包含
    1. Best doc to explain Heap & Stack memory in Java

    2. Heap memory is used by all the parts of the application whereas stack memory is used only by one thread of execution.

      scope

    3. Java is pass by value

      pass by value

      value can be primitive value or reference of object

    4. stack memory contains the reference for it

      stack mem holds reference for object in heap

    5. 这篇好啊,特别是这张对应代码的图,对Heap & Stack 的作用展示的很清晰

    1. The current thread must own this object's monitor. The thread releases ownership of this monitor and waits until another thread notifies threads waiting on this object's monitor to wake up either through a call to the notify method or the notifyAll method. The thread then waits until it can re-obtain ownership of the monitor and resumes execution.

      执行object.wait()的线程必须拥有该object的锁

      执行 .wait() 之后,线程将释放该锁,并进入等待状态

      直到被其他线程执行的object.notify唤醒,并将在拿到锁之后,继续执行。

    1. Telescope system on moon, 有100 telescopes, 天文学家可以用它们拍照观测,每个观测任务可能会要couple hours和地球通信只能用radio signal,latency会很高;设计系统manage Telescopes, 要fault tolerant,任务调度,deploy update思路:类似long distance data center的manage, moon上多台app server负责控制telescope,每台server会与地球的master用radio作为heartbeat通信;如何deployupdate时,选一台active server发送file,然后分chunk,在moon上peer to peer的用gossip传播update

      Sys Design

      System on the Moon

    1. signing identities

      signing identity 和 certificate 的关系

    2. Developer ID certificate

      what the hell is this?

    3. All team members can create their own development certificate. Only a team agent or admin can create a distribution certificate.

      Best Practice:

      • One dev certificate per coder
      • One distribution certificate per team
    4. Code signing is used in combination with your App ID, provisioning profile, and entitlements
      • Apple ID
      • Provisioning profile
      • Entitlement
    5. Certificate

      Certificate 主要就两种 : 开发 和 发布?

  17. Nov 2016
  18. Oct 2016
    1. This model of microservices that register themselves to a global registry will have a lot of advantages when it comes to building one or multiple applications using a microservice architectural approach. Eureka on its own won't have that much of use, but as you'll see in the future blogposts, Eureka will be the key element to locate all of our microservices.

      How to use Eureka locate our microservices?

      all Eureka clients register itself in the register center(Eureka Server)

  19. Sep 2016
    1. Server RPC interfaces started to be declared as part of protocol files, with the protocol compiler generating stub classes that users could override with actual implementations of the server's interface.

      ?

    2. Java, C++, Python, Java Lite, Ruby, JavaScript, Objective-C, and C#

      Java Python Ruby JS Obj-C

    1. If omitted, the protocol buffer compiler generates a warning and "proto2" is used as the default. This warning will be turned into an error in a future release.

      syntax = "proto3";

    1. Course.parseFrom(protobufStream)

      2 manually transform protobuf response into JSON

    2.     @Bean    ProtobufHttpMessageConverter protobufHttpMessageConverter() {        return new ProtobufHttpMessageConverter();    }

      convert response to protobuff msgs

    1. Feign is a handy project from Netflix that lets you describe a REST API client declaratively with annotations on an interface.

      Feign: Annotate a REST API

    1. http://ACCOUNTS-SERVICE"

      这也能行?

    2. @EnableDiscoveryClient

      register itself with the Discovery-Server using annotation:

      @EnableDiscoveryClient

    3. @EnableDiscoveryClient

      Magic

    1. User DataSource User EntityManagerFactory (userEntityManager) User TransactionManager (userTransactionManager)

      a little scary

      需要测试一下可行性,以及可能的坑

    1. IaaS

      IaaS: Aliyun AWS<br> Paas: SinaAppEngine GoogleAppEngine<br> Saas: Everything on web...

    1. Spring Security 提供了对访问控制列表(Access Control List,ACL)的支持,可以很方便的对不同的领域对象设置针对不同用户的权限

      一颗赛艇

  20. Aug 2016
    1. the instance of the recurring event that needs to be set as an exception

      Get instance of event that needs to be set as an Exception

    1. Reminders are alarms triggered at a specified time before an event starts. Notifications allow users to find out about changes to events in their calendar.

      Reminder: alarm<br> Notification: info updates

    1. Calendars

      全局向

    2. CalendarList

      用户向

    3. They can occur between two specific points in time (timed) or span a consecutive series of days (all-day).
    4. Calendars can have multiple owners.

    1. has the team calendar as an organizer

      A calendar owns an event(?)

    2. Susan's calendar list includes her primary calendar as well as calendars for her team and cello lessons.

      1 person can have(subscribe to) a list of calendars

    1. 4fc39ce3-63b3-4e17-b1c4-5e1ed96fb021

      session id

    2. Custom RedisSerializer

      Might be useful

    3. maxInactiveIntervalInSeconds

      expiration?

    4. It is important to note that no infrastructure for session expirations is configured for you out of the box. This is because things like session expiration are highly implementation dependent. This means if you require cleaning up expired sessions, you are responsible for cleaning up the expired sessions.

      Session Expiration should be handled by ourself?

    5. A SessionRepository is in charge of creating, retrieving, and persisting Session instances.

      Maybe we can call it DAO of session

    6. ExpiringSession

      A session with attributes of expiring

    7. This section describes how Spring Session provides transparent integration with HttpSession. The intent is so that user’s can understand what is happening under the covers. This functionality is already integrated and you do NOT need to implement this logic yourself.

      How SpringSession works, briefly

    8. By passing in a custom HttpServletRequest implementation into the FilterChain we ensure that anything invoked after our Filter uses the custom HttpSession implementation.

      Wrapped HttpServletRequest in a wrapper, and makes all the invokes in the FilterChain after use our custom HttpSession

    9. SessionRepositoryRequestWrapper
    10. SessionRepositoryFilter
    11. the Spring Bean by the name springSessionRepositoryFilter is registered with our Servlet Container for every request.

      how can this be impled?

    12. EnableRedisHttpSession

      create springSessionRepositoryFilter

    1. This guide describes how to use Spring Session to manage multiple simultaneous browser sessions (i.e Google Accounts).

      Just like Google Account

      1 user can login in several accounts at the same time.

      keep track of several sessions for 1 user

    1. We customize Spring Session’s HttpSession integration to use HTTP headers to convey the current session information instead of cookies.

      Use HttpHeader instead of cookie

    1. It is extremely important that Spring Session’s springSessionRepositoryFilter is invoked before Spring Security’s springSecurityFilterChain.

      springSessionRepoFilter must before springSecurityFilterChain

      this ensures that spring security has the HttpSession to use

    1. Multiple UI Applications and a Gateway

      Part VI /double

      加了一个gateway,但是不知道是怎么 proxy 请求的

    2. Here we show how to use Spring Security OAuth together with Spring Cloud to extend our API Gateway to do Single Sign On and OAuth2 token authentication to backend resources.

      SSO+OAuth2

    3. First the UI server, declaring explicitly that we want all headers to be forwarded (i.e. none are "sensitive"):
    4. Here we show how to build an API Gateway to control the authentication and access to the backend resources using Spring Cloud.

      Two parts

      1. use gateway control authentication
      2. distribute reqs to backends using SpringCloud
    5. The Resource Server

      Part III

      Separate out Resource Server

      /vanilla

    6. The Login Page

      Part II

      authenticate a user via a form (instead of a plain http basic authentication)

      /single

    7. A Secure Single Page Application

      Part I

      setup a simple hello-world app with SpringBoot as backend & Angular as frontend, request call guarded by SpringSecurity

    8. 一篇雄文。。。 太特么长了

    9. Here we show how to write and run unit tests for the client-side code using the Javascript test framework Jasmine.

      Test AngularJS app

    10. Here we show how to modularize the client-side code, and how to use "nice" URL paths without the fragment notation (e.g. "/#/login") which Angular uses by default, but most users dislike.
      • Modularize Angular code
      • rm the fragment notation
    11. a UI (HTML and JavaScript) and a Resource server

      这儿和一般常用的术语不太一样的地方是:

      UI指得就是平常的界面 (html & javascript) 而 resource 所谓的资源,并非常常指的静态资源,而是API resource,实际是接口数据。

    12. extracting the authentication responsibilities to a separate server (the Single Sign On pattern).

      whoooo, SSO rocks

    13. Cookies

      没太看明白。。

    14. Remember from Part II of this series that Spring Security uses the HttpSession to store authentication data by default. It doesn’t interact directly with the session though: there’s an abstraction layer (SecurityContextRepository) in between that you can use to change the storage backend. If we can point that repository, in our resource server, to a store with an authentication verified by our UI, then we have a way to share authentication between the two servers. The UI server already has such a store (the HttpSession), so if we can distribute that store and open it up to the resource server, we have most of a solution.

      share the storage of authentication between 2 servers

    15. Here we start by breaking out the "greeting" resource that we are using as the dynamic content in our application into a separate server, first as an unprotected resource, and then protected by an opaque token.

      separate resource and backend server?

    16. The HTML resources need to be available to anonymous users, not just ignored by Spring Security, for reasons that will become clear.

      anonymous is a kind of authentication too

    17. $rootScope.authenticated

      application wide flag

    18. So, even though the resource is protected and you can’t curl it directly, the browser was able to access the content.

      why this happened?

      还是需要用户名密码的

    19. but it is best practice for a production application to consolidate scripts to avoid chatter between the browser and the server (or content delivery network).

      reason why use need preprocessing & packaging front end assets

    20. XHR

      XMLHttpRequest

    21. The header is not automatically sent, so the origin is under control.

      header & cookie

    22. self.login

      try to login

    23. var authenticate

      authenticate through server

    1. 实时消息回调

      聊天基本是一个黑盒子,基本被环信承包了,这儿回调就是暴露了部分,供我们来做额外的操作,比如在自己服务器上保存聊天记录等

    2. 需要回调的类型,目前有两种消息类型可以回调(chat 和 chat_offline)。

      可以配置回调的类型:

      * chat 上行消息 
      * chat_offline 离线消息
      
    1. 消息历史记录只会保留14天

      只在环信的服务器上存储14天,如果需要跨设备存储长期聊天记录,需要我们自己的服务器处理。

    2. 客户端通过环信服务器进行通信

      环信服务器作为中间人,收发 SDK 的信息

    1. persistence.xml files should provide a unique name for each "persistence unit". Applications use this name to reference the configuration when obtaining an `javax.persistence.EntityManagerFactory reference.

      use persistence unit name to reference an EntityMangerFactory

  21. Jul 2016
    1. SecurityContextRepository

      将SecurityContext存在HttpSession中,以供HttpRequest使用

    2. If a valid SecurityContext cannot be obtained from the HttpSession for whatever reason

      this means SecurityContext is retrieved from HttpSession

    1. 为什么需要两次获取凭证,而不是直接用户授权拿到凭证后就直接获取资源呢

      code & access_token

  22. Jun 2016
    1. A persistence context is a set of entity instances in which for any persistent entity identity there is a unique entity instance

      A set of entities is persistence context?

      Persistence Context:

      一堆实例,其中,每一个每一条数据库记录(持久化实例的ID)都对应一个单独的实例。

    2. used to interact with the persistence context.

      used to interact with entity instances

    1. representing a conversation between the application and the persistent store

      hibernate.session

    1. The key to the whole business is the mapping: Which field and which class matches which column and which table.

      mapping

    1. 5 mismatch problems

      5 mismatch problems of Java <-> RDBM

    2. Persistence simply means that we would like our application’s data to outlive the applications process.

      更直白些就是 写数据到数据库

    1. Jackson的三种模式(High level -> low):

      • DataBinding - 利用ObjectMapper在json string和class之间转换 mapper.readValue(src, MyClass.class)
      • TreeModel - mapper.readValue(src, JsonNode.class)
      • Streaming API - 直接利用 JsonGenerator 写 json
    2. construct a Tree (for the User example) from scratch

      construct a JsonTree by yourself

    3. Tree Model

      toJsonNodes

    4. Raw

      这里的raw是相对我们熟的自定义 class 而言

      raw 生肉 Java 自带的类型, Map String List<br> 熟肉 我们自定义的class

    5. Data Binding

      所谓绑定,指的是plain json 和 object 之间的绑定

    6. Data Binding

      string <-> custom class

    7. Streaming API

      low level parse, JsonGenerater & JsonParser

    8. Tree Model

      String <-> JsonNode

    1. objectMapper.writeValueAsString(car);

      obj -> string

    2. The Jackson tree model is represented by the JsonNode class.

      the JSON tree, represendted by JsonNode

    3. a built-in tree model

      tree model?

    1. This standard message resolver expects to find messages for /WEB-INF/templates/home.html in .properties files in the same folder and with the same name as the template, like:

      default name for externalizing txt file: home.properties

    1. 如果网页授权的作用域为snsapi_base,则本步骤中获取到网页授权access_token的同时,也获取到了openid

      通过code换取access token 的同时,也获得了openid,scope 为 snsapi_basic 的流程结束

    2. 这里通过code换取的是一个特殊的网页授权access_token,与基础支持中的access_token(该access_token用于调用其他接口)不同。

      登陆专用

    1. 商户系统和微信支付系统主要交互:

      后台 《-》 微信支付

    1. 商户后台收到来自微信开放平台的支付成功回调通知,标志该笔订单支付成功。

      唯一和后台有关的部分?

    1. The CascadeType.REMOVE is automatically inherited when using CascadeType.ALL, but the entity removal is not only applied to the link table, but to the other side of the association as well.

      dangerous Cascase.ALL in many-to-many

    2. MERGE

      what does MERGE mean

    3. The Post entity plays the Parent role and the PostDetails is the Child.

      what is a parent & what is a child?

      parent is who defines a cascade property?