Sunday, March 13, 2011

Bezier curve modeling operations Xiangjie

Speaking of Photoshop, Fireworks, CorelDraw software in the design of the "Bezier" tool, you must be very familiar with, understand its importance, but the general sense of this thing a lot of friends, some profound, is not so easily manipulate them. Maybe after you read this article, we should not feel too hard to master it.

Since most of the time drawing with a computer mouse to control the operation of the line of the path (a good tablet is expensive), and hand-painted feel and very different effects. Even a smart painter can easily draw all kinds of graphics, get the mouse to arbitrary drawing is not an easy task. This is the computer must not replace the manual work, so far one can only shrugs. Use the Bezier tool to paint a large extent make up for this shortcoming.

"Bezier Curves" is discovered by French mathematician Pierre Bezier, this vector graphics for the computer basis. Its main significance lies in either straight or curve can be described mathematically.

"Bezier" tool in PhotoShop in called "Pen tool"; in CorelDraw in translation as "Bezier tool"; in Fireworks, called "brush." It is used to draw a line of professional tools. Of course there are many tools you can draw lines to complete the work, for example, we commonly used Photoshop in a straight line, spray gun, brush tool (Figure 1), Fireworks in the line, pencil and brush tools (Figure 2), CorelDraw in the free pens, hand-painted tools, etc. (Figure 3).

Figure 1 (Photoshop on the tool) Figure 2 (Fireworks on the tool) Figure 3 (CorelDraw on the tool)

With "Bethel" tool or whether it is drawing a straight line curve is very simple, readily available. The operating characteristics of the panel with the mouse by placing each anchor, the anchor of the path and described according to the order, producing the effect of straight lines or curves. We all know the path by one or more sections of line segments or curves. Anchor tag path segment endpoint. The curve segments, each selected anchor show the direction of one or two lines, the direction of line with the direction of the end point. Direction lines and direction of the point position to determine the size and shape of the curve. Move these elements will change the path in the shape of the curve, you can see next map. Path can be closed, no beginning or end (eg, circle), it can be open, obvious endpoint (such as wavy lines).

On "Bethel" tool, there are two important concepts to understand, that is, "smooth point" and "corner."

"Smooth Point" means the close of the piece of line is smooth curve, which is located in the central segment. Smooth curve is called smooth anchor point to connect, when the moving direction of line a smooth point, it will also adjust the points on both sides of the curve.

We painted above the curve, to explain in detail a smooth point.
1. With a mouse click in the line direction of the two anchor points.

2. Anchor anchor a second time, press and hold the mouse down drag the point, then it will show the direction of line, and curve to the top of the bend. (Curve of change and direction of line drag in the opposite direction).

3. Press and hold the mouse still, the direction line to the top of the drag, bending under the curve.

4. Anchored a third point, to complete a curve. The second anchor is a smooth point of the curve.

5. Adjustment smooth point can change the shape of the curve.

"Corner" refers to its neighboring segment to which the at least one side is straight, sharp corners connected by a curved path, when the moving direction of line a corner, only to adjust the direction of line with the same side of the curve.

Corner point of the operation process and smooth, like, to understand their basic concept and operation, we now demonstrate the smooth corner point into the process.

This is an example of choice: the mouse to select into a smooth point of the arrow, click the mouse to show the direction of line, move your mouse over the direction of a line, hold down the Alt key to drag the directional line, the direction of the mouse to select the other end of line drag, a smooth anchor point has now become the anchor of the sharp.

In addition, we have special talk about straight line is a curve. If we are in a horizontal surface with a pen tool to describe the system of two anchor points, according to two law of this line is straight, if we are here to describe the anchor and set the number of Bezier curves of zero curvature, which is straight. Curves extend out from the anchor hidden tangent decision, we can look at pictures, this is the use of CroelDraw tools Libeiseer curve rule.

Tangent of the angle, length, shape of the curve is different.

Using different tools, although their names are not the same Bezier tool, but a variety of paths can be used to draw graphics. For example, while we use a variety of design software to create an "S" curve, they are elevated to the direction of the curve drag the first direction point, drag the opposite direction to the direction of the second point. Drag in one direction while the direction of point to create two "S" curve.

Look at the figure below. We were using Fireworks and Photoshop are two tools to draw a graph the same, by observing their every steps, a more comprehensive understanding of the Bezier tool.

Fireworks graphics rendering process of Photoshop graphics rendering process

Two kinds of tools are 5 steps to complete the drawing, and has six anchor, the same path. So draw a simple graph, the use of any software, can achieve the same effect. But since it is some software, then the difference between the total have their place.

Brush with Fireworks, describe the system when the brush tool to anchor the panel on the blue rectangular box, the current selection rectangle in blue solid anchor, the anchor was painted over the blue hollow. Drawn after the completion of the previous anchor, drag the mouse will display a blue line (rubber band) depicts the next anchor, this one by one, until the draw to complete. In the drawing the last anchor, if our graphics path is not closed, then the last anchor that requires double-click the mouse to the end of the work. Fireworks draw the curve in many auxiliary tools such as: free transform tools, can help us to draw a desired graphic.

With Photoshop's pen tool, it uses the current anchor solid black rectangle shows the selected anchor not black hollow box, and draw the two neighboring anchor points by operation it is, if the option column We are useless choose "rubber band", then click on the path segment demonstrated after completion. Select the "like belts," the same as its operation and Fireworks. To end an open path components, in the "Options Bar" in click "" or hold down the Ctrl key point in the path outside the press. To close the path component, set the pen pointer positioned on the first anchor. If placed in the correct position, pen next to a small circle will appear, click to close the path. Photoshop pen tool which several categories: Pen tool, free pen tool, add anchor point tool, delete anchor point tools and conversion tools. Itself has its specific features, compared with the brush tool Fireworks is much more powerful, but its complexity is high.

Using CorelDraw's Bezier tool has its unique features and operating rules. Such as drawing a straight line, select the tool to use when the mouse is click the mouse to set the starting end point, and then move the mouse pointer to the desired location. Note that only a mobile, do not Anzhuo any mouse button. Point, click to delineate the end point, a line painted. Selected under the anchor line path starting point than the end of the large end of the anchor, this and the first two tools are somewhat different. Drawing a closed curve, the last node in the initial node set, the pointer becomes, it will be closed click graphic. CorelDraw press the "Kong Gejian" Jieshuhuaxian Caozuo. The second method is to press the keyboard "Esc" key to force to stop the current operation. This does not make a closed graph. Also in the CorelDraw software, the Bezier tool bar there are many accessibility options to choose from a variety of lines generated effects, such as in the "start arrow selector" the choice of a variety of start arrow, you can also choose to end Office of the arrow, or the outline of the style.

In general, the length of each mapping software has its own, so different tools in the Bezier curve tool functionality great deal of diversity. Fireworks brush features three types of software into a number of relatively weak, Photoshop Pen tool features a more comprehensive, CorelDraw software and a larger difference between the first two software. After all, they are in the computer graphic design techniques each have their own professional purposes, therefore the function of various tools for different requirements. Fireworks is mainly used in web graphics design, with the Dreamweaver software. Photoshop is a professional computer graphics design software, combined yl-011230-t-Ready design of various static and dynamic images. CorelDraw is a powerful layout features, and more for advertising.

We use the form below to summarize the characteristics of the three software. Here, three kinds of software will summarize their different functions, have their similarities, but especially be noted that various software difference between the very small, easy for beginners in these areas of confusion. (Red font that similarities between the software).

Software Name
CorelDraw tool name
Bezier tool shortcuts
F5 function
鐢荤洿绾裤?鏇茬嚎锛屾弿缁樺浘褰㈢殑璺緞Shift閿搷浣?br />鏇茬巼鎸?5搴︾殑瑙掑害鍙樻崲
杩涜澶氶噸閫夋嫨Alt閿搷浣?br />鎸変綇鎻忓嚭瑙掔偣锛岀敾鐩寸嚎锛岄?涓?姗$毊甯︹?鍙敾鏇茬嚎
榧犳爣鍛堝崄瀛楃姸鎬侊紝閿氱偣鍛堥粦鑹茬煩褰㈡姗$毊甯?br />閫変腑鏃舵湁锛屽彲浠ヤ笉閫?br />Have
鏃犺矾寰勯棴鍚堢姸鎬?br />鏃犻?鎷?br />鍙?鎷╄嚜鍔ㄩ棴鍚堣矾寰?br />鍙?鎷╄嚜鍔ㄩ棴鍚堣矾寰勮緟鍔╁伐鍏?br />Have
鏈夊鍔犻敋鐐?br />閫夋嫨娣诲姞閿氱偣宸ュ叿

鎴栧湪閫夐」鏍忛噷閫夋嫨鈥滆嚜鍔ㄦ坊鍔狅紡鍒犻櫎鈥濋?涓?閽㈢瑪鈥濆伐鍏锋寚鍚戦敋鐐瑰崟鍑婚紶鏍囧垹闄?br />


閫夋嫨鈥滆浆鎹㈢偣宸ュ叿鈥?br />鎴栬?鎸変綇鈥淐trl鈥?鈥滅Щ鍔ㄥ伐鍏封?
鐢荤洿绾裤?鏇茬嚎锛屾弿缁樺浘褰㈢殑璺緞Shift閿搷浣?br />鏇茬巼鎸?5搴︾殑瑙掑害鍙樻崲
杩涜澶氶噸閫夋嫨Alt閿搷浣?br />鎸変綇鎻忓嚭瑙掔偣锛岀敾鐩寸嚎锛岄?涓?姗$毊甯︹?鍙敾鏇茬嚎
榧犳爣鍛堝崄瀛楃姸鎬侊紝閿氱偣鍛堥粦鑹茬煩褰㈡姗$毊甯?br />閫変腑鏃舵湁锛屽彲浠ヤ笉閫?br />Have
鏃犺矾寰勯棴鍚堢姸鎬?br />鏃犻?鎷?br />鍙?鎷╄嚜鍔ㄩ棴鍚堣矾寰?br />鍙?鎷╄嚜鍔ㄩ棴鍚堣矾寰勮緟鍔╁伐鍏?br />Have
鏈夊鍔犻敋鐐?br />閫夋嫨娣诲姞閿氱偣宸ュ叿

鎴栧湪閫夐」鏍忛噷閫夋嫨鈥滆嚜鍔ㄦ坊鍔狅紡鍒犻櫎鈥濋?涓?閽㈢瑪鈥濆伐鍏锋寚鍚戦敋鐐瑰崟鍑婚紶鏍囧垹闄?br />


閫夋嫨鈥滆浆鎹㈢偣宸ュ叿鈥?br />鎴栬?鎸変綇鈥淐trl鈥?鈥滅Щ鍔ㄥ伐鍏封?


銆??鍙冲浘鏄枃瀛楁寜鏇茬嚎璺緞鎺掑垪鐨勬晥鏋滐紝杩欐槸鐢荤瑪宸ュ叿鏈?箍娉涚殑杩愮敤銆?br />

銆??b.鎴戜滑鍐嶅啓濂解?Fireworks鈥濆瓧鏍凤紝缁撳悎Fireworks閲屽浘褰㈢殑鎻忚竟锛岄槾褰辩瓑绛夊姛鑳斤紝鍒朵綔鍑哄悓鏍风簿缇庣殑鏂囧瓧鏁堟灉銆?br />銆??c.鎸夐敭鐩楥trl+A锛屾垨閫夋嫨鑿滃崟鈥滅紪杈戔?锛嶁?閫夋嫨鍏ㄩ儴鈥濓紙Select All锛夛紝鎴栬?鐐瑰嚮榧犳爣鍙抽敭鈥滈?鎷╁叏閮ㄢ?锛圫elect All锛夛紝灏嗗瓧鏍峰拰璺緞鍏ㄩ儴閫変腑銆?br />銆??d.鍦ㄨ彍鍗曟爮閲岋紝鈥滄枃瀛椻?锛圱ext锛夐?椤逛笅閫夋嫨鈥滄枃鏈?閰嶈矾寰勨?锛圓ttch to Path锛夊揩鎹烽敭涓?鈥淐trl+Alt+Y鈥濓紝灏卞彲浠ュ皢鏂囧瓧缁撳悎鍒扮壒娈婄殑璺緞涓婏紝濡備笂鍥俱?缁撳悎鍚庣殑鏂囧瓧渚濇棫鍙互閫氳繃Text Editor杩涜缂栬緫锛屼篃鍙互浣跨敤涓嶅悓鐨凙lign 鏂瑰紡瀹氫箟涓嶅悓鐨勮矾寰勫洿缁曟晥鏋溿?



銆??1.灏嗘寚閽堝畾浣嶄簬鏇茬嚎鐨勮捣鐐癸紝骞舵寜浣忛紶鏍囨寜閽?姝ゆ椂浼氬嚭鐜扮涓?釜閿氱偣锛屽悓鏃舵寚閽堝皢鍙樹负绠ご銆?br />
銆?銆??銆?br />

銆?? 锛堟部鏇茬嚎鏂瑰悜鎷栫Щ鍙缃涓?釜閿氱偣銆傚悜鐩稿弽鏂瑰悜鎷栫Щ鍗冲畬鎴愭洸绾挎锛?br />

銆??4.鎵ц涓嬪垪浠讳竴鎿嶄綔锛?br />
銆??a.鑻ヨ缁樺埗骞虫粦鏇茬嚎鐨勪笅涓?锛岃灏嗘寚閽堝畾浣嶄簬涓嬩竴娈电殑缁堢偣锛屽苟鍚戞洸绾垮鎷栫Щ銆?br />銆??銆??銆?紙鍚戞洸绾垮鎷栫Щ浠ュ垱寤轰笅涓?锛?br />




銆??涓嬮潰鎴戜滑鐢ㄢ?璐濊禌灏斺?鏇茬嚎宸ュ叿鏉ュ埗浣滀竴涓垚褰㈢殑瀹炰緥锛屽彧鏈変翰鎵嬪埗浣滄墠鏇磋兘鐞嗚В瀹冪殑鍔熻兘銆?br />


銆??绗竴姝ワ細鎻忔懝銆傞?鎷╅挗绗斿伐鍏峰紑濮嬪杩欏紶鍥剧墖鎻忕粯杞粨锛屼负浜嗕究浜庢垜浠弿鎽癸紝鏈?ソ鏄皢鍥剧墖鐨勯?鏄庡害闄嶄綆涓?偣銆?br />


銆??褰撲綘鎸夌収浣犵殑瑕佹眰鍕惧畬杞粨涔嬪悗锛屼綘鍙互灏嗕竴浜涗笉瀹屽杽鐨勯敋鐐硅皟鏁翠竴涓嬶紝鐒跺悗閫変腑杩欎簺绾挎潯锛屽湪鈥淪troke鈥濋潰鏉块噷鈥淧encil鈥濆伐鍏蜂笅閫夋嫨鈥?-Pixel Soft鈥濅娇杞粨绾挎潯鍗佸垎鏌斿拰锛屽緱鍒拌緝濂界殑鍕惧嫆鏁堟灉銆?br />

绗簩姝ワ細鎴愬浘銆傛垜浠垰鎵嶅嬀鍕掑嚭鐨勬墍鏈夌嚎鏉¢兘鍚堝苟鍦ㄤ竴璧蜂簡锛岀劧鍚庡皢搴曞浘鍒犳帀銆?br />


銆??鍐嶆寜涓婥trl+Shift+Alt+Z灏嗗畠浠浆鎹㈡垚浣嶅浘銆?br />

Layer闈㈡澘鐨勫叏閫夌姸鎬併?銆??銆?ayer闈㈡澘鍚堝苟鎴愪綅鍥剧姸鎬?br />
銆??绗笁姝ワ細濉壊銆傛寜鐓ф偍鑷繁鐨勬剰鎰垮~鍏呬簺棰滆壊灏卞彲浠ヤ簡銆傛湁涓?簺姣旇緝缁嗚嚧鐨勯儴鍒嗗~鍏呴鑹蹭笉鑳藉畬鎴愶紝閭d箞杩欎竴閮ㄥ垎鎴戜滑鍙互閫氳繃鏀惧ぇ鍦烘櫙锛屽埄鐢ㄧ瑪鍒峰伐鍏锋潵瀹屾垚瀵规湁缂洪櫡閮ㄤ綅鐨勫~琛ャ?鍏堕棿杩樻湁浜涗笉瀹岀編鐨勫湴鏂癸紝杩樺彲浠ョ敤鍏跺畠宸ュ叿鏉ュ府蹇欍?鎴戞墍瀹屾垚鐨勬渶缁堢殑鏁堟灉銆?br />
銆??銆?? 銆??

Like how?鏈?粓鐨勬垚鍝佹槸涓嶆槸鎰熻鏈夌偣绁炲锛屼綘涔熻浠庢潵娌℃湁鎯宠繃鑷繁涔熻兘鍒朵綔鍑鸿繖鏍蜂竴骞呭彲鐖辩殑鍗¢?鍥剧墖锛屽綋鐒朵綘骞朵笉鏄粎浠呮弿鎽瑰缓绛戠墿锛岀敾鍗¢?浜虹墿涔熷緢涓嶉敊鐨勩?杩欏彧鏄竴涓畝鍗曠殑渚嬪瓙锛岄?杩囦娇鐢ㄢ?璐濊禌灏斺?鐢荤嚎绾挎潯锛屼綘瀹屽叏鑳藉鑷繁闅忔剰鐨勭粯鍒跺浘褰?

銆??瀵逛簬鍒氬垰寮?瀛﹁璁$殑鏈嬪弸浠潵璇达紝蹇冮噷寰堣揩鍒囩殑鎯冲敖蹇帉鎻″叾鍚勭鎶?阀锛岃璁″嚭绮剧編鐨勪綔鍝佹潵銆傛鏃讹紝浣犲彲鑳戒細鍥犱负涓嶄簡瑙b?璐濊禌灏斺?宸ュ叿锛岃涓鸿鎺屾彙杩欎釜涓滆タ涓?畾闈炲父鍥伴毦銆備絾鏄浜庨偅浜涘凡缁忔槸璁捐甯堢殑鏈嬪弸鏉ヨ锛屽畠鎵?甫鏉ョ殑鏂逛究涓嶈█鑰屽柣锛佲?璐濊禌灏斺?鍦ㄦ垜浠繘琛岃璁℃椂鐢ㄥ涔嬪箍娉涳紝姣忎竴浣嶈璁″笀鍦ㄤ娇鐢ㄥ悇绉嶅浘褰㈣蒋浠剁殑鏃跺?锛岄兘瑕侀绻佺殑鐢ㄥ埌瀹冦?鏈枃缁撳悎浜嗗嚑绉嶅父鐢ㄧ殑缁樺浘杞欢锛岃缁嗙殑浠嬬粛浜嗏?璐濊禌灏斺?鐨勫熀鏈娇鐢ㄦ柟娉曪紝鏄垵瀛﹁?寰堝揩鑳戒笂鎵嬨?褰撶劧姣忎竴闂ㄦ妧鏈兘鏈夊畠娣卞ゥ涓嶆槗瀹屽叏鎺屾彙鐨勫湴鏂癸紝鎴戜滑鍦ㄥ浼氬畠鐨勫熀鏈娇鐢ㄥ姛鑳戒箣鍚庯紝鏇村鐨勬槸瑕佷笉鏂殑杩愮敤锛屽彂鎸ヤ綘鑷韩鐨勫垱閫犺兘鍔涳紝鍦ㄥ疄璺佃繃绋嬩腑鎬荤粨鍑烘洿澶氱殑鎶?阀锛屽皢瀹冨阀濡欑殑杩愮敤鍦ㄤ綘鐨勮璁′綔鍝侀噷锛屼负浣犳垚鍔熺殑璁捐褰撳ソ鍔╂墜銆?br />

Failure From Shutdown Trouble

Using De EXTERMINATE rabbits annoying ads RMVB movies

Hot SCIENCE Education

MXF Converter

Describe the C # call an external process

Explains how to lower and release compatibility Silverlight3

Evaluation Nature - Screen Savers

lmgrd.exe application error repair it now

convert VOB files

Video Converter

Recommend Teaching And Training Tools

News about Components And LIBRARIES

Monday, October 25, 2010

Open-source camp battle has begun

Recently, the software industry's largest companies have aside your traditional moves, take the initiative to open-source camp shook olive branch.

JavaOne Conference, held in the near future the opening ceremony, Sun's president announced that the company's open source technology strategy, and officially released the Java System Application Server Platform Edition of open source.

July 4, Oracle announced that, as a commitment to Java developers, the company will be free and open to all developers Oracle JDeveloper 10g. In addition, Oracle is planning to take the lead in Eclipse Foundation open source community in the implementation of JavaServer Faces (JSF) interface.

BEA has announced a package will be developed to support the industry's first comprehensive framework for all major open source J2EE application environment, this series of new tools will allow developers to one or more of the industry's leading open source Java framework for the preparation of procedures and can easily develop their application deployment in the BEA mixed application server.

IBM's approach is more direct, the acquisition of Gluecode this open source application server products, the commitment to continue to adhere to the product's open source policy, to become the entry-level enterprise application server products.

The performance of vendors are said to open-source camp is good, not because they want to change their strategy, but open-source represents a powerful application behind the power, can only follow this power, or will not, either .

A survey shows that the world's top 2,000 companies in more than 70% of the use of one or more open source frameworks - as many as 28% of companies in the development environment used more than one application server.

Open source products, users are proliferating, many enterprises are currently using open source products, such as Cisco and Intel that even large companies are also users of open source products, also conceivable that some of the cost is very sensitive to small enterprises will be more inclined to use open source products to build the initial IT infrastructure.

A few years later, with the growth of these enterprises, will face the problem of product improvement, then the use of open source a good experience during the establishment of these companies have chosen to become a commercial-grade software products important basis. More importantly, with the growing open-source camp, the camp had a number of major application projects, and thus there will be a number of important processes and tools are open source Java, and on these procedures and tools support the expansion of its product is undoubtedly a good way to influence. A few years later, the software license sales of software vendors no longer the main income, but if there is enough influence and voice, not afraid of no user. So the question now is how to compete for the greatest support to the open source camp.

Recommended links:

Wave Escort Firm In Hefei

Catalogs Screen Capture


The average salary 7K public relations industry is a lie

"Abnormal" Jason Jiang: year one is moral derailment

Taobao is free of charge commitment charges due to question

Zhang Jiguang couple: failure is the spiral

Compare Firewall And Proxy Servers


2007 College Graduates in Beijing reached 200 000

CEO Interview - Acer chairman JT Wang

Expert Games CARD

JSP Experience of learning about the steps and timing


how to calibrate laptop BATTERY

Tuesday, October 19, 2010

Seven types of IP congestion control algorithm needs to be improved

Network congestion caused by DDoS attacks, malicious hosts controlled by the machine caused by a large number of puppets, not in the traditional sense of the end to end congestion, we can only control the router, or IP-based congestion control to achieve. The current mainstream of seven IP congestion control algorithms are needed to improve before they can be used effectively to prevent DDoS attacks.

Distributed Denial of Service DDoS (Distributed Denial of Service) attack is regarded as the greatest threat facing the Internet is one.

There are some common methods of DDoS attacks and defense mechanisms, including: prevention by modifying the configuration and protocol attacks, the source of the reverse lookup attack, attack detection and filtering, distributed attack detection and filtering (Host / router side) and so on.

DDoS attacks and network congestion

Generate the root causes of network congestion to the network is to provide the load over the network, storage and processing power, increase the performance of invalid packets, packet delay increases with the loss, and decreased quality of service. If at this time can not take effective detection and control methods, will lead to congestion has been increasing, and even cause system crashes, under normal circumstances the formation of the three direct causes of network congestion is:

鈼?router memory space. Need some input data stream with an output port, if the entry rate is greater than the export rate, it will build in the port queue. If you do not have enough storage space, data packets will be dropped, especially on the burst data stream. Increase storage space on the surface seems to be able to resolve this contradiction, but according to Nagel's research, if the router has unlimited storage capacity, the congestion will only become worse.

鈼?the relative lack of bandwidth capacity. Intuitively, when the data input bandwidth greater than the total output bandwidth, the network will form a low-bandwidth bottleneck link Office, network congestion occurs, relevant information that may refer to Shannon theory.

鈼?processor processing capability is weak. If the router's CPU cache in the implementation of the queue, update the routing tables and other operations, the processing speed can not keep up high-speed link will result in congestion. Similarly, low-speed links for high-speed processors will also have congestion.

These are the early Internet network congestion in the three main reasons. This, TCP congestion control gives a good solution. In practice, if all end users are complying with or compatible TCP congestion control mechanism, network congestion can be well controlled. However, when network congestion caused by DDoS attacks when, TCP window-based congestion control mechanism which can not be resolved. The reason is the congestion caused by attacks from malicious hosts send a large number of data caused not only these hosts will not be completed under the TCP congestion control mechanism for coordination of work, or even itself may contain a forged source address, to increase the amount of data sent, increase the number of connections and other attacks. In this case, the DDoS attack network congestion caused by the router must be processed, it is only IP-based congestion control to achieve.

Note that, DDoS attacks on network congestion caused by the above analysis is different from the ordinary case, there are substantial differences between them. In contrast, DDoS attack caused by congestion, often attacking the data packet size, arrival time, and many other aspects of the protocol type has some relevance, it is a distributed denial of service determined by its own characteristics. Ordinary case of network congestion, the data is not controlled by multiple attackers sent, and therefore does not have the similar correlation of. Congestion caused by attacks carried out protection, we should first find the correlation between, on the basis of traditional congestion control mechanism is introduced and refined in order to be efficient and accurate detection and control.

Seven mainstream IP congestion control algorithm and evaluation

According to the principle and mechanism of DDoS attacks, mechanisms of protection of the ability to do evaluation should be reference to the following criteria: condition 1, whether the feature according to certain rules setting; second condition, whether in accordance with certain rules to distinguish between the data flowing through ; conditions for three different types of data packets, it can provide different priority services. If a congestion control mechanism to meet these three conditions, we basically have a protective DDoS attacks.

The following will give a brief analysis of the current number of mainstream IP congestion control algorithm and its protection evaluation of the feasibility of DDoS attacks:

鈼?FIFO FIFO (First In First Out)

Traditional FIFO strategy is currently the most widely used Internet as a service model. Its biggest advantage is ease of implementation, but is essentially a FIFO "to end" (Drop-tail) of the algorithm, so when unexpected data arrives prone to the phenomenon of packet loss, the fair is poor, on the upper the TCP fast recovery and lower efficiency.

Evaluation criteria were known, the algorithm does not meet either condition, too simple and lack of intelligence, can not for the DDoS attack protection.

鈼?Random Early Detection RED (Random Early Detection)

RED algorithm is a certain probability into the router discards the packet. RED's early design idea is to avoid the continuous drop of the same connection packet, thereby enhancing the throughput of the connection. Packet loss rate through the assessment, RED can get better at the connection between fairness, strong adaptability to the unexpected business. RED also some disadvantages, such as may cause network instability, and select the appropriate configuration parameters is not an easy task. In recent years, researchers have proposed many improved RED algorithm, these algorithms are to some extent, from different aspects to improve the performance of RED.

Evaluation criteria were known, this method is not protective effect of DDoS attacks, because the idea is the assessed packet loss rate, normal business and attack data "too fair" and could not be differentiated, enabling a large number of normal business in the attack occurs can not be service.

鈼?Explicit Congestion Notification Algorithms in ECN (Explicit Congestion Notification)

The first two congestion control algorithms are adopted to tell the end of the system packet loss, network congestion has occurred. The Explicit Congestion Notification Algorithm congestion prompted by a clear (RFC2481) to implement congestion control, on the one-time effect of large-volume data transmission ideal, but there are certain requirements on the delay.

The algorithm embedded in the source side packet ECN, a router based on network conditions set by the CE (Congestion Experienced) bit. Source termination received feedback from the network to come back home this CE-bit data packet, it will then send the packet marked as dropped packets. ECN's advantage does not require retransmission timeout, not dependent on the coarse-grained TCP timer, so there is some delay in the applications required better performance. On this basis, also proposed another improved algorithm, it by adjusting the size of congestion window CWND, to correct a long RTT of TCP connection error, to improve the sharing of bottleneck bandwidth fairness.

Evaluation criteria were known, this method is not protective effect of DDoS attacks, because no signatures to identify and distinguish the functions, when the attack occurred less intelligence.

鈼?fair queuing algorithm FQ (Fair Queuing)

FQ algorithm in the routers for each output line queues have built one. When a line is idle, the router back and forth to scan all queues, each team in turn will send the first package. FQ bandwidth independent of packet size distribution, services began almost simultaneously in the queue. Therefore, in the case of statistical multiplexing without the expense of providing additional equity, and end to end congestion control mechanisms can be better coordinated. The disadvantage is that to achieve them are complex and require line of each data stream, and each stream of state statistics, packet classification and packet scheduling overhead and so on.

Evaluation criteria were known, this method is not protective effect of DDoS attacks, because the same ECN Act.

鈼?weighted fair queuing algorithms WFQ (Weighted Fair Queuing)

Weighted fair queuing algorithm is FQ Algorithm. According to different data streams of different bandwidth requirements, queue for each queue cache resource allocation by applying the weighting to increase the adaptability of FQ on the different applications, the algorithm there are other improved algorithm.

Evaluation criteria were known, the method can be used for protection by improved DDoS attack idea is first to detect and classify attacks, and then import the data according to attack the data, normal data, were queuing up three types of suspicious data processing, data directly on the attack discarded, while data on suspicious and normal to give a certain weight, to provide different quality of service. Good performance in the router to handle the case of ability, or even a more complex and intelligent processing strategies, such as multi-priority queue.

鈼?weighted random early detection WRED (Weighted Random Early Detection)

Is the random early detection combined with priority queuing, this combination provides a high-priority packet priority communication services capabilities. When an interface congestion began to appear, it selectively discard lower-priority group, rather than simply randomly dropping packets.

Evaluation criteria were known, the method can be used for protection by improved DDoS attacks, ideas and WFQ similar, they all meet the conditions of the three evaluation criteria, should be increased to improve the conditions and terms of a second set.

鈼?custom queuing

Custom queuing is allowed to have a minimum bandwidth and latency requirements of different applications sharing the network designed. Custom queuing for the distribution of different protocols with different queue space and queue a revolving manner, when a specific protocol data stream is allocated a larger queue space, also received a higher priority services, custom queuing priority queue more than fair. Custom queuing can guarantee that each particular type of communication can be fixed bandwidth, while in the case of link tension and avoid the data stream attempt to limit the amount beyond the possibility of pre-allocation.

Evaluation criteria were known, the method can be used for protection by improved DDoS attacks, are used in resource allocation and priorities for different businesses weighted to improve ideas and WFQ and WRED similar.

7 Ways addition to the above, there are other ways. If the FQ and the RED algorithm to combine Flow RED algorithm, it will cache into several queues, then each data stream using RED algorithm, simulation results show the fairness of its good; and if the core stateless fair queuing algorithms CSFQ (Core-Stateless Fair Queuing) border routers in the network to perform data flow management, and in the core does not do much more.

Can be seen, the protective ability of these algorithms, there are big differences between any of them need to improve before they can be effectively used to control DDoS attacks caused by network congestion.


Nine WAYS to recruit good staff

ADO How To Create Modify Delete List

Of! The relationship between SEO and UCD

Ambiguous "message" Mostly Huafei Trap

AVI to DivX

Vigilance "wind Downloader" Summer Lift Vitality And

Premier Audio Rippers And Converters


MKV to Zune

CMM assessment in China Suggestions

Good Audio CD Players

agricultural GROWTH in india an assessment

News about Converters And OPTIMIZERS

"Open source COMMUNITIES in China" held in Sharon

Tuesday, October 12, 2010

Let the spirit soar your football career

2006 World Cup in Germany will pull heavy curtain, 32 princes Sabre-rattling, determined to win. Running, cheering, shouting, competitive ... ... There is no weak, here refused to mediocrity! The spirit of football is full of charm us is fresh, strong, is forging ahead, passion, hard work ... ...

Workplace football spirit soar

World Cup's influence, sometimes not only because of football, it may be more because of a team, a player who saw a force, a state of mind, and spirit to our shock Let us admire.

Hard achievements dream

Football there is passive, there is a low profile, there is no love publicity, but by no means weak! German football stressed the strong reason, even if only the last second game, they will not give up, fight more than, more than offensive; Italy, and perhaps always a step away from success, yet they have no pain and regret, he brought people more are in the dark see the light; Korean arena everybody roam, struggling to scramble, indomitable, they are calm and stable no matter win or lose, for them, the struggle is an invaluable asset.



鍥㈤槦 閾搁?浼犲

瓒崇悆鏈韩璁╀汉蹇箰锛岃?鍥㈤槦绮剧鍒欐槸瓒崇悆鐨勭伒榄傘?浠讳綍涓?満姣旇禌锛屽鏋滄病鏈変竴涓洟闃熺殑鎵撴嫾锛屽啀浼樼鐨勯槦鍛樹篃闅炬姷鍔叉晫銆傚痉鍥借冻鐞冧竴鍚戜互鍥㈤槦绮剧鑰岃憲鍚嶃?鑽峰叞鐨勫叏鏀诲叏瀹堛?闃挎牴寤风殑閽㈤搧涔嬪笀銆傚洟闃熺簿绁炴鏄冻鐞冪湡姝g殑绮鹃珦鎵?湪銆?br />

瑙勫垯 鎻愬崌瑙勬牸

瓒崇悆姣旇禌涓紝瀵逛簬鍦哄湴銆佹椂闂淬?浜烘暟銆佽澶囥?瑁佸垽鍛樸?璁¤儨鏂规硶绛夌瓑閮芥湁涓ユ牸鐨勮瀹氾紝鎵嶄娇瓒崇悆姣旇禌澧炲己浜嗗緢澶氱珵鎶??鍜屽叕骞虫?锛岄槦鍛樿涪鐨勭棝蹇紝澶у鐪嬬殑寮?績锛岃儨鍑虹殑浜哄績瀹夌悊寰楋紝娣樻卑鐨勪汉鍙f湇蹇冩湇銆?br />
浜嬫湁鍙负涓庝笉鍙负锛屾墍浠ヨ閬靛惊娓告垙瑙勫垯銆傝冻鐞冨満涓庤亴鍦猴紝铏界劧鐜涓嶅悓锛岃韩浠戒笉鍚岋紝浣嗘父鎴忚鍒欏嵈鏈夌浉鍚屼箣澶勩?姣斿鍥㈤槦绮剧锛涙瘮濡傚悰瀛愮埍璐?鍙栦箣鏈夐亾锛涙瘮濡傝鍠勪簬涓庝汉娌熼?锛涙瘮濡傛垝楠勬垝韬侊紝鎻愰珮鑷韩绱犺川锛涙瘮濡傝闅忔椂鎺ュ彈鏂扮殑鎸戞垬锛涙瘮濡傝鏈夋竻鏅扮殑鐩爣锛屽苟涓庝粬浜哄垎浜祫婧愨?鈥﹀鏋滆兘澶熸噦寰楄繖浜涙父鎴忚鍒欙紝鑱屽満鎵撴嫾灏变細鏇村寮?績锛岃?灏戝緢澶氭?鎵嶄笉閬囩殑鎶辨?銆?br />
绔炰簤 瓒呰秺"绾㈡捣"



鎴愬姛 鏉ヨ嚜琛屽姩

涓栫晫鏉繕娌℃湁寮?锛屽痉鍥界墿鐞嗗瀹舵墭鍏板氨鏍规嵁涓?釜鐗╃悊瀛︽ā鍨嬭绠楀緱鍑虹粨璁猴紝寰峰浗闃熷皢鏈?6.8锛呯殑鏈轰細澶哄緱涓栫晫鏉紱鑰岃嫳鍥藉コ鐜嬩篃瀵广?娉版櫎澹姤銆嬭〃绀猴紝濡傛灉璐濆厠姹夊甯﹂鐨勮嫳鏍煎叞瓒崇悆闃熻兘澶熷ず鍐狅紝濂瑰皢鍦ㄧ櫧閲戞眽瀹鐞冨憳浠枬鑼讹紱娉曞浗闃熷湪闃垮皵鍗戞柉灞辫繘琛岄泦璁紝涓绘暀缁冩壃瑷?湁淇″績甯﹂鐞冮槦闂叆鍐宠禌鈥︹?鍏跺疄姣忎釜闃熷憳閮芥湁璧㈠緱鑳滃埄鐨勬鏈涳紝浠栦滑鐨勭洰鏍囬兘鐬勫噯鐫?-澶у姏绁炴澂銆?br />



AVI to 3GP

My Gmail So Cool, Custom Domain Gmail Login

Puzzle And Word Games Infomation


Symantec said the new storm worm detected

ogm to Ac3 converter

PMP Exam tips

LINQ Advanced Features Brief

Consumers to buy non-original THINKPAD compensated 210,000 yuan


"Blue collar" talent shortage wages rose more than "white collar"

MII Further Notice Irregularities SP Will Be Ordered To Stop

Articles about Help Tools

Monday, October 11, 2010

Getting Started with Corel Draw 10 (4) hands to create vector graphics (1)

After the previous explanation, I believe we already know of several functional modules CorelDRAW, and now with the use of previous knowledge to create their own vector graphics it!

Let's look at renderings, is a reflection in the water of the city night. Production need to use the main tools: rectangle tool, circle tool, polygon tool, interactive tools to reconcile.

First, draw the city's buildings

Figure with Rectangle tool to draw a few boxes of different sizes, select them, through the Arrange -> Align & Distribute dialog transferred out of alignment distribution, select the Botton (the bottom of the alignment), confirmed, the right Click the center of these objects control points inside the pop-up menu select the Group (Group) to enable them to always together.

The next drawing of the building windows, steps slightly more complicated, but it is a key part of the work, please watch carefully the presentation:
A tool to draw a small rectangular box;
2 mouse to move the center of the rectangle, the direction will become a cross-type, click the left mouse button and hold down the Ctrl key, then turn right drag the small box to the right place, then do not release the left mouse button , press the right mouse button, the cursor will turn into an arrow with the +, release the hand, a level of alignment with the original box the box will be copied out.
3 Select the interactive reconciliation tool, click the box to the left, following the left mouse button drag to the right of the box, the box 20, like first touch was "reconciled" out.
420 ideographic too much to reconcile in the property column enter the number of which 4, press Enter, you draw 4 squares of the harmonic.
5 Right-points in the second box, inside the pop-up menu choose Break Blend Group Apart (dispersed harmonic group).
6 again, right-click the second box, inside the pop-up menu select Group (group).
7 Repeat step 2, copy the line in the box below
8 Repeat step 3, interaction in the two groups to reconcile the use of grid to generate a square matrix.

Note: The above operation looks a bit to find people to feel not mind, now look at some explanations related to

On the Ctrl key:

Drag the object while holding down the Ctrl key, the object is bound into either move up or down, or move around, but not both simultaneously move in both directions.
Rotate the object while holding down the Ctrl key, rotate will be fixed at 15 degree increments of rotation, in the Tools-> Options-> Edit-> Constrain Angle 15 degrees on the default to be modified.
Change when the object size, size will be integer multiples of the scale.
When creating graphics 鎸夌潃 Ctrl key to create a working graphics, such as square, are round (instead of ordinary rectangular and oval)
Using the Interactive Fountain Fill (interactive gradient fill) hold down the Ctrl key when, filling the angle will be 15 degree increments.
Select an object (the object then appears around the control handle 8), hold down the Ctrl key, the control handle relative to the direction of dragging a control handle, you can create objects in horizontal, vertical and 45 degree mirror.
Step 2 complex on mouse operations:

Drag an object and click before releasing the left-right, it will copy an object, another with a small + sign on the keyboard can also copy an object.

On the "beaten to reconcile group":

Harmonic generated by using two objects, can be seen as a special relationship with associated groups, the group which all objects are the source and destination object shape, color, location control, can not be independent. When we do not need this kind of restraint when you can use the "broken up reconciliation group" to make ordinary objects into groups.

Note: Harmonic group does not include source and destination object

About Group (Group) interaction reconcile:

Harmonic can be used for group interaction, the above step 6 is to reconcile before the group, the source and destination object group up, then talk to another group to interact reconcile.

Are coupled to each one building windows, and group together all the windows, and finally get this results:


Flash to MPEG

Optional U disk watch "shell" Scam


Under The Iceberg

Business Databases And Tools Reviews

Some tips on data collection

Write a custom task, easily extend Ant

Dialogue Negroponte: U.S. Dollar 100 computers who moved the cheese

Training into The domestic game Breakthrough

FONT Tools Report

Matting, Photoshop Master of the Road, 2

DivX to IPod

comparison Business Databases And Tools

Recommend Teaching And Training Tools

runtime error 164 it is repairable

Wednesday, September 29, 2010

Super-operator altar

10 trillion times a million billion times, never billion ... ...

When our high-performance computing repeatedly record, these figures in people's eyes, is only a symbol of national scientific and technological strength. They are high above, nothing to do with general business users in and can use the word "high-performance computing platform" in addition to the state special department that is large-scale industrial projects, such as large oil field, a large aircraft manufacturing.

This situation appears in the Shanghai Supercomputer Center have changed.

December 2000, the Shanghai Municipal Government for the construction of the Shanghai Supercomputer Center China. As the Super Computer Center is responsible for local government and advance human consciousness is defined Shanghai Super Computer Center became the "public-oriented computing platform", more and more users to high-performance computing with the "high touch."

Public computing platform development as a city an important symbol of modernization, to pierce various sectors of the industry chain, so that more human resources, capital, technology, rapid flow of up to bring huge economic and social benefits. 10 years, increasingly strong demand, as well as cloud computing, Internet of things, triple play and other industries the emergence of new opportunities, quickly ignited the passion of large-scale public computing platforms, the original service in the background of "computing platform" have sprung up to front, out of control.

Currently, Beijing, Shenzhen, Tianjin, Shenyang, Wuhan, Guangzhou, Jinan, Chengdu, Changsha ... ... cities are invested heavily in building Super Computer Center, from 10 trillion times a million to a million billion billion times, and even absolutely billion of large-scale super-computing centers blossom everywhere in the country, some cities is not only one.

Application of high performance computing altar floor, is a sign of progress in IT industry, the development of public computing platform is a regional economic inevitable choice for sustainable development. However, over the face of surging wave count, we ask:

Really need so many ultra-count center?

These expensive computing platform can really play worth it?

Who are these super machines in operation, who is in the use of ultra-ICC?

To this end, our reporter in-depth Shanghai, Chengdu, Lanzhou, trying to uncover the mystery of ultra-ICC.

Last June, officially approved by Ministry of Science agreed to establish a National Supercomputing Center in Shenzhen by the state investment 200 million yuan, was completed in 2010 in Shenzhen by the end of ten million billion calculations a super computer. Almost at the same time, Tianjin Binhai New Area and University of Defense Technology Cooperation Agreement signed by the Ministry of Science, Tianjin Binhai New Area, National Defense University jointly invested 600 million yuan, in the Binhai New Area of Tianjin build a national supercomputing center, developed petaflop supercomputer .

Recently, there were indications that Beijing will build a million trillion times larger Supercomputing Center, related issues are in preparation. In addition, Guangzhou, Shenyang, Chengdu, Changsha, Wuhan and other cities in almost all new or expansion of the Super Computing Center, targets are in 1,000,000,000,000,000 or even million trillion level.

As if overnight, the National Supercomputing Center at the blossom everywhere. We really have such a large computing needs? Do this, "Computer World" reporter visited Shanghai, Chengdu, Gansu and other places representative of the Supercomputing Center, which some have been successfully operating, and some still under construction , and these super-computer centers are facing the same problem - how the altar, into the ordinary.

Subsidize the user to find

90's of last century, people have a certain high-performance computing knowledge. Shanghai Meteorological Bureau found that the existing computing power has been unable to meet everyday computing needs, therefore, they are ready to purchase a new "big machine." When the program reported to the government procurement sector, the Shanghai Municipal Government to consider buying a "big machine" too costly, while the Weather Bureau's use of the frequency is not high, idle time can cause great waste of resources. If this high-level computer can be used as public facilities available to more users, you can play more effective. Therefore, the Shanghai Municipal Government put forward at that time with the "big machine" set up a public service platform, and thus created the concept of super-computing center. "We began to build in 1999 located in Zhangjiang Hi-tech Development Zone in Pudong, the Shanghai Supercomputer Center, in early 2001, the official carrier for the community." Shanghai Super Computing Center Director, Xi Zili introduced.

Xi Zili Supercomputing Center is a service of the first group of people in this industry for over ten years. When it comes to Shanghai Super Computer Center in the early expansion of the user operating difficulty, Xi Zili are marvelous: "It was a large amount of money the Government into operation this Supercomputing Center, if the use is not up on the mean failure, it means a lot of waste of capital, because hardware was already there are not being paid the. "The most difficult process early, is the need to find their own customers. "At first, I want to visit every week, 3 to 5 users to understand their background, operations and needs, to attract them to the center." Xi Zili said, sometimes even subsidize the user to use the machine.

The beginning, the Shanghai Super Computing Center was selected as the industrial users commercial aircraft company, but by that time coincided with the Commercial Aircraft Corporation is not the economy. In the mid-90s, commercial aircraft company bought IBM4381 big machine, but because the company limited funds, the project is not over, these machines have been arrayed not functioning. Although they want to move into the center, but neither money to pay time fee, not many programs can do. Upon learning this, Xi Zili said to each other, willing to pay 200,000 yuan in subsidies as part of its move into the center, This made the business.

In addition to few users, the capacity of the machine itself is also a constraint Shanghai Super Computing Center was a major development. Because the first batch of service in Shanghai Super Computer Center is a large machine divinity series supercomputer, due to the compatibility of the machine, limit the scope of potential applications and users. Until 2004, the Shanghai Super Computer Center ushered in the dawn of open architecture 4000A, the Twilight series and the machine architecture, software, operating systems are open and standardized, which means that the system can and international compatibility of some common software better . Compatibility issues resolved, since 2004, the Shanghai Super Computer Center users an unprecedented development. Last year, the Shanghai Super Computing Center has introduced a series of Dawning 5000A supercomputer to calculate the scale of 230 trillion. Today, Shanghai Super Computer Center of the users have over the various sectors.

Large-scale hardware computing platforms require matching software program

At present, Shanghai Super Computer Center is the operator of the most successful public computing platforms. Unfortunately, the state has invested dozens of ultra-ICC, and now is running out. In addition to super-computing and Shanghai Super Computing Center of the few survival, some on the verge of collapse.

Who is the "super user"

"Only together can really play a role, reflecting the value of public computing platform, which is also government investment to establish ultra-ICC mind." Xi Zili Moreover, the "Computer World," told reporters.

Today, many are building super-computer centers have understood this truth. Although the petaflop-scale supercomputer center in Tianjin has not officially put into use, but the center's leadership among the users already running.

Tianjin Super Computer Center to target the super-computing on demand a strong weather, oil, medicine, architecture and other fields. Therefore, the state director of the Center for Supercomputing Liu Guangming Tianjin Tianjin Meteorological Bureau has research, the Chinese Academy of Architecture building software, the Joint Research Institute of Tianjin International Biomedicine, CNOOC, and Geophysical Research Institute of Shengli Oilfield. He found that these "super big operators" and is very different than in the past, had no money, no one's company, now not only no shortage of talent, and some even built their own computer center, they are super-computing platform for the public What will generate strong demand?

"Demand is still very large." As Xi Zili said, the small-scale processing operation can be completed in their own computing centers, large-scale computing and use to large commercial software project, it is necessary to large-scale public computing platform to run , because only Supercomputing Center have enormous computing power and software capabilities.

Journalists in the survey found that ultra-ICC more than 80% of users are research institutes and universities, while the other 20% are used for industrial production.

Nanjing, BGP is a typical Shanghai Super Computer Center industrial-type users. In fact, Nanjing BGP also has its own computing center, but they often have more large-scale computing needs. One year, Nanjing BGP to participate in an international bid, must within one week on their results to each other, the scale of its computing centers are not enough to complete the operation of this size, so they found a Shanghai Super Computer Center. Xi Zili personally lobbied other users with savings 1000 CPU released to the project in Nanjing BGP, so that they get the results in time to bid. "If there is no such large-scale public computing platform, enterprises will miss many of these large-scale international projects." Xi Zili said.

Therefore, the demand for supercomputing business is very large. Super Computer Center in Gansu Shanghai Super Computer Center, though the much smaller scale, but the value of their customers were well reflected.

Super Computer Center in Gansu Province, according to Director of Hu Tiejun introduced Super Computer Center in Gansu during the construction process and take the side of the building while using the strategy. "Although we do not center, but it focus on forward-looking technology, expansion in 2004 when playing on the plan to create a breakthrough in high performance computing to the next generation IPv6 Internet and data exchange center for the auxiliary network application platform and minutes to complete the construction year. "

Now, Gansu Super Computer Center already has 41 trillion times the fleet, 21 sets of commercial software, 13 sets of shared source software, but also have included Lanzhou University, Lanzhou University, Lanzhou Jiaotong University and other universities, Gansu Provincial Meteorological Bureau, Chinese Academy of Sciences Cold and Arid Regions Research Institute and other government departments and research institutes, and enterprises including wide range of users. In these users, the most targeted, best embodies the central key support at this stage direction, is the cooperation with Lanzhou University, a large-scale virtual screening for drug research.

Drug development is a time-consuming, investing in research work. The traditional drug development process is costly, time, long, high rate of elimination, the average cost of a new drug research and development needs of over one billion U.S. dollars, took about 10 years, about 90% of drug candidates in clinical period be eliminated. Virtual screening in drug stage, should the millions or billions of molecular simulation, the traditional test method is not only a huge workload, but also consume a long time. "The super computer will show the unparalleled advantage." According to Hu Tiejun introduced experimental supercomputer simulation with a very short time, just a few weeks time could be eliminated in a large number of compounds that do not meet the requirements, the scope of screening should much larger than the traditional test, experimental results are more accurate, can greatly improve the efficiency of drug development, considerable savings in R & D funding.

Shanghai Super Computing Center of the Xi Zili, Gansu ultra-ICC Hu Tiejun said that they have achieved the current application of 70% to 80%, in a sense, basically at full capacity. However, there are still doubts the industry, urban construction in the country so many quadrillion times as much, or even 10 thousand trillion times the size of the super computer center, you can really come in handy?

Weak links in software applications

Currently, the application of ultra-ICC is far below the scale of the hardware scale. So many of the industry that "if the application can not keep up, causing the machine and then not as big."

"If there is no advance of hardware resources, making sure that no more applications." Xi Zili did not agree to this view. He believes that it is difficult to define all the urban construction Supercomputing Center's original intention and ability to not rule out that some local governments to follow suit, the image projects out of psychological, "but the public do more advanced computing platforms. In the supercomputing field, needed to drive the hardware development of the industry. "

Xi Zili that only the hardware first developed, these applications can keep pace. If the current super-computing platform to reach 100 trillion times the size it possible to run the 100 trillion times the software. "So supercomputer is certainly necessary, but not too much ahead, as it will cause a waste."

About to build a petaflop supercomputer, "Milky Way," is Professor Wen-Hua Dou National Defense University also believes that human needs for high-performance computers is not enough, every step needs, from basic theory to practical application of technology, material technology and innovation and beyond.

First, the public computing platform promoting the development of high-tech industry has far-reaching significance. The high ground is the high-tech industry high-tech product development capability, the design of new materials, biotechnology, new medicine and environmental protection and comprehensive utilization of resources, the high performance computing can play a significant role. Second, the public computing platform innovation vector as one of the modern service industry, will certainly fueled the development of independent innovation of enterprises. "The Internet and telecommunications networks, wide network integration is an inevitable trend, network integration and development, will effectively promote the new computing models, the new service model for the formation and development." DOU Wen-hua said.

However, many in construction and have built small and medium regional based public computing platforms, as well as parts of a government campaign of the planned petascale supercomputing centers, in addition to slightly stronger than the strength Shanghai Super Computing Center, and many provinces and municipalities in public computing platform infrastructure, support services, operation mechanism have not been systematically developed. In short, it is the application part is still quite weak.

"Sometimes, the domestic Super Computing Center is very tragic." Xi Zili told reporters. Although the Shanghai Super Computer Center of the computing scale is 200 trillion times, but usually reach two trillion times a day, 10 trillion times the size of very good use, and most of the time also, but 50 trillion times.

Why is this so? "Because my super-operator in the field of software levels are poor, do not increase the system's application of the scale." Xi Zili said.

For example, the United States, the advanced field of materials analysis 10 times higher than China or even a hundred times, its ultra-ICC very large scale operations, the basic are 5 100 000 CPU to run, but our country only a few hundred or at most a day 1000 CPU running simultaneously. "Is not worse than others we have available hundreds of times, but our high-performance computing software in the very backward, parallel computing capacity is also very poor." Chengdu Cloud Computing Center Director Wang Jianbo resignation. Even if the construction of the huge hardware computing platforms, lack of a strong software support, "these machines are no different from a pile of junk." Jian-Bo Wang said.

In this case, my ultra-ICC can only buy commercial software developed countries, and some very expensive proprietary software, and even build a hardware platform than the more expensive, the average ultra-ICC simply can not afford. There are some high-tech products, as restrictions on foreign export policy, even if the money will not buy.

According to related person from the past 10 years, although the country has invested in software, a lot of money, but the effect is not significant. In addition to weather, oil and other several pillar industries have a certain software R & D capabilities, large-scale, commercial software is still very little.

The reason, Super Computer Center is an interdisciplinary intersection, which involved extensive industry, its "mother" will be more than one, the software and hardware resources is not in charge of the same ministries, which do not result in development of software understand the hardware architecture, hardware R & D people do not know the characteristics of large-scale software, "This is one of the most fatal problem." Xi Zili said.

However, in the "nuclear high base" and after the introduction of major national science and technology projects to the core of electronic devices, high-end general chips and basic software become bigger and stronger, the state appointed the appropriate body to coordinate the work of ministries. "This is the development of China's public computing platform is a good thing, we hope the integration of industry and more in-depth information." Jian-Bo Wang said.


Super Computer Center requires government guidance and help

Super Computer Center is a comprehensive platform for interdisciplinary nature, its development can lead server, software, chips, machinery manufacturing, and other related industries to progress together. Meanwhile, the ultra-ICC also adopted the final results to show progress in all walks of life: the first supercomputer to find oil, the first supercomputer for weather forecasting for the first time with a super-computer analysis of gene ... ... supercomputing affect all walks of industry, it has become the core countries in science and technology competitiveness.

Although we are pleased to see that everywhere in the brewing of large super-computer center, but in a way, the government should guide the conduct throughout, and somewhat in size and geographical planning. Super Computer Center is different from the small and medium construction as possible, blossom, it is a huge project, costs money, time-consuming, labor-intensive. According to reports, Shanghai Super Computer Center of electricity a year reached 12 million yuan. Therefore, the Government should be in power, manpower, policy areas such as auxiliary super-computer center operations.

In addition to high-end applications in the most backward areas of level, our public computing platforms, there are still many problems.

First, the uneven geographical distribution. This uneven distribution of resources, causing a dilemma - there is a demand of the user difficult to obtain resources, valuable resources are faced with idle and waste.

Second, the construction of a lack of unified planning and functions. Super Computer Center under the various different departments related to repeat invest in economically developed regions, and the parts of public computing platform services location ambiguity, the lack of a specific subject area strengths.

Third, do not take cross-disciplinary research in the field service functions.

Fourth, do not improve the industrial chain of high-performance computing. Directly serve the public end-user computing platform, a concrete understanding of user needs, application features and technology trends. Public computing platform is high performance computing hardware and software vendors the main users of public computing platform as a key link in the industry, must maintain the entire eco system of joint development.

However, these problems are not their own super-computer centers can be resolved, right in the hands of their master. For example, the state can plan to control Super Computer Center's construction site, the future super computer centers to form a wider network coverage, can users of radiation to the whole country; In addition, although there are inherent Super Computer Center's "瀹為檯 鎿嶄綔 You Shi" but not "education" and the qualification, in this regard, policies should be introduced to Super Computer Center to train a large number of industry professionals.

In short, public computing platform, which reflects the computing power of our country, but also the equivalent of a high-performance core of the industrial chain, and its progress should be attached great importance to the relevant agencies. (Text / Liu Lili)


Trend of the civilian population of the world's high-performance computing

Currently, high-performance computers to solve face scalability, reliability, power, balance, programmability, and management complexity of such challenges, the industry is to promote high-performance, multicore, virtualization and other technologies. A worldwide movement to high-performance computing has been opened civilians, which we call "pan-performance computing era."

From the global perspective, the public computing platforms deployed in the developed countries already have a large number of which the United States, the largest number. In November 2008 announced the "Global Top 500 high performance computers," shows that 58.2% of the machines installed in the United States, 66% of the total computing power controlled by the United States; followed by the UK, with 9% and 5.4% of the machines The total computing power.

In the United States, government agencies, public computing platform is a major supporter. The most well-known in the United States including the San Diego Supercomputer Center Supercomputer Center (SDSC), the National Center for Supercomputing Applications (NCSA), Pittsburgh Supercomputing Center (PSC), Lawrence Livermore National Laboratory (LLNL ), the U.S. Argonne National Laboratory (ANL) and Oak Ridge National Laboratory (ORNL) and so on.

In the EU, each of the framework of EU research and technological development projects, both invested heavily in high-performance computing. Britain is Europe's largest supercomputing users, mainly Edinburgh Parallel Computing Centre (EPCC) and the University of Manchester academic computing services center (CSAR). Germany, the number of supercomputers installed very basic and the United Kingdom, 3 National Supercomputing Center are the University of Stuttgart High Performance Computing Center (HLRS), John von Neumann Institute for computing (NIC) and the calculation of Munich Leipnitz Center (LRZ). France followed by Germany and the UK, the largest supercomputers run by the French Atomic Energy Commission. Other European countries have had less number of super-computing center. Overall, the European Super Computing Center in facilities, operating model, customer support and application in the fields have a lot of features.


Currently, the developed high-performance computing research and industry input intensity of Ju Tai, Erju into Juyouchixu Xing, Shi Jian Zhang span, which made them high-performance computing research and technology Fangmian have a good foundation has accumulated a wealth of experience, gather a group of professionals. At the same time, high-performance computing on the contribution of national economic construction is also rising, the development of public computing has become a virtuous circle.


My Favorite Cartoons - Screen Savers

Gmail frequently dropped a solution

reviews Themes And Wallpaper

Fast switch input 3 ax


Eclipse + JBoss + EJB3 Entity Bean's connection strategy

Light: Cold Chain Dancer

Great Promise Variant E Virus File

2006 'China's PDM / PLM's top event will be Held in Nanjing

Evaluate Audio Presentation Tools

Hot Games Board


3G2 to MOV

Pao GS-816FC Fiber Disk Array

The world's Major media on the views of Chrome OS

Thursday, September 16, 2010

DDOS DDOS tracking the introduction and

Chain-level test (Link Testing)

Most of the tracking technologies are starting from the closest to the victim's router, and then began to check the upstream data link, until you find the origin of attack traffic hair. Ideally, this process can be recursive implementation of the attack until you find the source. This technique assumed attack remains active until the completion of tracking, it is difficult after the attack, intermittent attacks or attacks on the track adjustment to track. Including the following two chain-level testing:

1, Input debugging

Many routers offer Input debugging features, which allow administrators to filter certain number of exit data packets, and can decide who can reach the entrance. This feature was used as a traceback: First of all, victim was attacked in determining when all packets from the description of the attack packet flag. Through these signs in the upper reaches of the outlet manager configuration suitable Input debugging. This filter will reflect the relevant input port, the filtration process can continue in the upper class, until to reach the original source. Of course, a lot of this work by hand, some foreign ISP tools for the joint development of their network can automatically follow-up.

But the biggest problem with this approach is the management cost. Multiple ISP links and cooperation with them will take time. Therefore, this approach requires a lot of time, and almost impossible.

2, Controlled flooding

Burch and Cheswick proposed method. This method is actually manufactured flood attacks, by observing the state of the router to determine the attack path. First of all, there should be an upper road map, when under attack, they can start from the victim's upstream routers in accordance with road map on the upstream routers to control the flood, because the data packets with attack-initiated packet router also shared, thus increasing the possibility of the router packet loss. Through this continued up along the road map for, we can close the source of attacks launched.

This idea is very creative but also very practical, but there are several drawbacks and limitations. The biggest drawback is that this approach is itself a DOS attack, it will also carry out some of the trust path DOS, this shortcoming is also difficult procedure. Moreover, Controlled flooding requires an almost covers the entire network topology. Burch and Cheswick also pointed out that this approach could be used for DDOS attacks on the track. This method can only be effective on the ongoing situation in the attack.

CISCO router is CEF (Cisco Express Forwarding) is actually a kind of chain-level test, that is, to use CEF up to the final source, then the link on the router had to use CISCO routers, and support CEF. Must be Cisco 12000 or 7500 series router has. (Do not know how, do not check the latest CISCO document), but the use of this feature is very cost resources.

In the CISCO router (ip source-track support for the router) the IP source tracking in order to achieve the following steps:

1, when the purpose was found to be attacked, opened on the router the destination address of the track, enter the command ip source-track.

2, each Line Card was created to track the destination address specific CEF queue. The line card or port adapter with a specific ASIC for packet transformation, CEF queue is used to package into line card or port adapter's CPU.

3, each line card CPU collect information to track the purpose of communication

4, the timing data generated by export to the router. Be realistic summary of the flow of information, enter the command: show ip source-track summary. Each input interface to display more detailed information, enter the command show ip source-track

5, statistical tracking of IP addresses is a breakdown. This can be used to analyze the upstream router. You can close the current router IP source tracker, enter the command: no ip source-track. And then re-open at the upstream router on this feature.

6, repeat steps 1 through 5, until you find the attack source.

This almost answers securitytest to mention the bar.


Through this method to record the main data packet router, and then through the data collection techniques to determine the path packets through. While this approach can be used to track the data after the attack, it also has a Ming Xian's shortcomings, such Kenengyaoqiu Daliang of Zi Yuan (or sampling), a large number of data of Syndicated news Bingjuduifu problem.

ICMP tracking

This approach mainly rely on self-generated ICMP router tracking information. Each router has a very low probability (for example: 1 / 200000), the contents of the packet will be copied to an ICMP message in the package, and contains the information near the source address of the router. When the flood attacks beginning, victim can use ICMP messages to reconstruct the attacker path. In this way comparison with the above description, there are many advantages, but there are some disadvantages. For example: ICMP traffic may be filtered from the ordinary, and, ICMP messages should follow the same input debugging feature (the packet with the data packet input port and / or to get the MAC address associated capacity) related, but that in some router has no such function. At the same time, this approach also must be a way to deal with an attacker could send a forged ICMP Traceback message. In other words, we can approach this way, used in conjunction with other tracking mechanisms to allow more effective. (IETF iTrace)

This is the yawl that the IETF working group to study the content, when I made some comments to the Bellovin, but did not get an answer. For example:

1, although a random 1 / 20000 to track packages sent, but the package for forgery TRACEBACK cases, the efficiency of the router will have some effect.

2, track packages, and can not solve the counterfeit problem of authentication. To determine whether it is fake because the package, you must go to certification, and increased workload.

3, even with NULL authentication, also serve the purpose of (a certified case). And will not be much affected.

4, itrace purpose is to deal with the original DOS source of the problem of deception, but now the design seems to make us more concerned about the path and not the source. Is the path is more than the source of our problem to solve DOS useful?

So, there is a bunch of issues that I think iTrace will face the difficult issue.

Packet Marking

The technology concept (because there is no practical) is to the existing agreement on the basis of changes, and changes very little, not like the idea of iTrace, think better than iTrace. There are many details of this tracking study, the formation of a variety of labeling algorithm, but the best is compressed edge sampling algorithm.

Principle of this technique is a change in IP header, in which the identification heavy domain. That is, if not used to the identification domain, then this field is defined as the tag.

The 16bit of idnetification into: 3bit the offset (allows 8 slice), 5bit the distance, and the edge of 8bit slice. 5bit the distance allows 31 routes, which for the current network is already enough.

Marking and path reconstruction algorithm is:

Marking procedure at router R: let R''= BitIntereave (R, Hash (R)) let k be the number of none-overlappling fragments in R''for each packet w let x be a random number from [0 .. 1 ) if xlet o be a random integer from [0 .. k-1] let f be the fragment of R''at offset o write f into w.frag write 0 into w.distance wirte o into w.offset else if w . distance = 0 then let f be the fragment of R''at offset w.offset write f? w.frag into w.frag increment w.distance
Path reconstruction procedure at victim v:
let FragTbl be a table of tuples (frag, offset, distance) let G be a tree with root v let edges in G be tuples (start, end, distance) let maxd: = 0 let last: = v for each packet w from attacker FragTbl.Insert (w.frag, w.offset, w.distance) if w.distance> maxd then maxd: = w.distance for d: = 0 to maxd for all ordered combinations of fragments at distance d construct edge z if d! = 0 then z: = z? last if Hash (EvenBits (z)) = OddBits (z) then insert edge (z, EvenBits (z), d) into G last: = EvenBits (z); remove any edge (x, y, d) with d! = distance from x to v in G extract path (Ri.. Rj) by enumerating acyclic paths in G

Under laboratory conditions only victim of such markers can be caught from 1000 to 2500 package will be able to reconstruct the entire path, and should be said that the result is good, but not put to practical, mainly manufacturers and ISP router support needed .

Ip traceback's been almost a practical technology and laboratory techniques, or inanimate, on the main these, although there are other.

For a long time did not engage in a DDOS against it, and the domestic like product have a black hole, previously know some foreign, such as floodguard, toplayer, radware so. Prompted by securitytest also learned riverhead, I immediately look at their white paper.

Bigfoot made since the previous main ip traceback subject, securitytest also went to the defense. DDOS problem for ip traceback and Mitigation is not the same, ip traceback main track, mainly because of DDOS spoof, which is difficult to determine the real source of attack, and if the attack is easy to find the real source, not just to deal with DDOS, attacks against the other is also helpful, such as legal issues. And Mitigation is the angle from the victims, because the victim is generally unable to investigate the whole network, to identify source, and even be able to find the source, there must be a legal means of communication or to source stop (the attack source and not the source of the attacker), this means that a lot of communication, inter-ISP, across other similar non-technical issues, it is often difficult to handle. But from the victim's point of view, have to be a solution, so we need to Mitigation.

This in turn happens to be my previous scope of the study, therefore, will say a lot. For Mitigation, in fact, the fundamental technology is to a large number of flows from the attack packets and legitimate packets will be separated out, the attack packets discarded out for the approval of the legal package. This is not, so the actual use of technology is to identify how the attack packets as possible, but as small as possible to affect the normal package. This is again to analyze the DDOS (or DOS) of the methods and principles. Basic has the following forms:

1, the system hole formation DOS. This feature fixed, detection and prevention are also easy to

2, protocol attacks (some deal with system-related, some related with the agreement). Such as SYN FLOOD, debris, etc.. Features Fortunately, the detection and prevention is relatively easy. Such as SYN COOKIE, SYN CACHE, debris can be discarded. Such as land attack, smurf, teardrop, etc.

3, bandwidth FLOOD. Waste flow plug-bandwidth, feature poor recognition, defense is not easy

4, the basic legal FLOOD. More difficult than three, such as distribution of Slashdot.

Real DDOS, usually combining a variety of ways. For example SYNFLOOD, may also be bandwidth FLOOD.

The main factors that affect the defense is to see whether the features available, such as 1,2 relatively easy to solve, some of the basic does not affect the use of the FLOOD, it can well be abandoned, such as ICMP FLOOD. However, the attack packets if contracting tools to better package disguised as legitimate, it is difficult to identify out.

Mitigation methods in general is:

1, Filter. For obvious characteristics, such as some worms, the router can handle that. Of course, the filter is the ultimate solution, as long as the identification of the attack packets, it is to filter out these packets.

2, random packet loss. Associated with the random algorithm, a good algorithm can make the legitimate packets are less affected

3, SYN COOKIE, SYN CACHE other specific defensive measures. For some regular means of defense and attack filtering. For example ICMP FLOOD, UDP FLOOD. SYN COOKIE are all to avoid spoof, at least there are three TCP handshake, so better to judge SPOOF

4, passive neglect. It can be said to be deceived is also a way to confirm that. The normal connection fails will try again, but the attackers generally do not try. So can temporarily abandoned for the first time the connection request and a second or third connection request.

5, take the initiative to send a RST. Against SYN FLOOD, such as on a number of IDS. Of course, the real is not valid.

6, statistical analysis and fingerprints. It would have been the main content, but in the end the algorithm into a dead end, because the main problem is an algorithm. Through statistical analysis point of view to get the fingerprint, and then to abandon the attack fingerprint package is also a anomaly detection technology. Very simple, but it is not easy to affect the legal package, and will not become a random packet loss. (In fact it was considered too complex, have to be a detailed analysis of the attack packets and legitimate packets, the actual need, as long as the attack packets to filter out enough, even to attack packets through, but as long as not to cause DOS on it.) This is also a lot of The main subject of the researchers, the purpose is identifying attack packets.

Now back to securitytest mentioned riverhead. On the riverhead of the technology, I have just learned from their white paper on, but based on my analysis methods did not exceed the above-mentioned range.

riverhead's core program is the detection of Detection, transfer Diversion and mitigation Mitigation, which is to detect attacks, and then transferred to the traffic guard on their products, and then guard for Mitigation.

Its implementation steps are:

Because there is no map, we first define what can be said clearly:

# Source close to distributed denial of service for the remote router routers

# Close to the victim's router to router proximal

# Riverhead's Guard equipment subsidiary subsidiary router router installed

Defense steps

1, first detected in a DDOS place and understand the victim

2, Guard Notice to the remote router to send BGP (BGP circular set in the victim's prefix, and get higher than the original priority notice BGP), said the victim from the remote router to have a new route, and routed to the loopback Guard interface, all to the victim's have been transferred to the subsidiary Guard on the router

3, Guard inspection flow, and remove one of the attack traffic, and then forwarded to the traffic safety sub router, in the back victim

The core is the Guard, technology is described in the MVP architecture white paper (Multi-Verification Process), which is five levels below

Filter (Filtering): This module contains the static and dynamic DDOS filtering. Static filtering, blocking non-essential traffic, which can be user-defined or default riverhead provided. Dynamic filtering is based on the details of behavior analysis and flow analysis, by increasing the flow of the recognition of suspicious or malicious traffic blocking has been confirmed to be real-time updates

Anti-cheat (Anti-Spoofing): This module verify whether the packet into the system to be deceived. Guard uses a unique, patented source verification mechanism to prevent cheating. Also adopted a mechanism to confirm the legitimate flow of legitimate data packets to be discarded to eliminate

Anomaly detection (Anomaly Recognition): The module monitors all anti-cheat has not been filtered and discard the flow module, the flow records with the normal baseline behavior, it is found abnormal. The idea is that through pattern matching, different from the black-hat and the difference between legitimate communications. The principle used to identify the attack source and type, and proposed guidelines for interception of such traffic.

Anomaly detection include: attacks on the size of packet size and flow rate of the distribution of packet arrival time of the port distribution of the number of concurrent flow characteristics of a high-level agreement, the rate of entry
Traffic Category: Source IP Source port destination port protocol type connection capacity (daily, weekly)

Protocol Analysis (Protocol Analysis): The anomaly detection module processing found in the application of suspicious attacks, such as http attack. Protocol analysis also detected a number of agreements misconduct.

Traffic restrictions (Rate Limiting): mainly those who consume too many resources dealing with the source of traffic.

So, in fact the most important content is in the statistical analysis of anomaly detection, but it seems not much to see from the above special place, but must have a good algorithm. Such as FILTER, actually deal with some very familiar features of obvious attacks, anti-cheating is against syn flood like this, perhaps also a syn cookie module, but may have more patented technologies. Protocol analysis should in fact is relatively weak, but can be common agreement on some specific attacks, protocol error detection and identification of some acts simply agreed to check that this is very simple. Traffic restrictions are that a random packet loss, the most helpless way, so the final level.

Because this product is mainly for Mitigation, not ip traceback. But can be determined or there are important issues, such as:

1, how to deal with the real bandwidth flood. If the router is gigabit, but attacks have accounted for 90% of the traffic, only to shed 10% of the legitimate use, the router has first started with random packet loss of the Guard. (No way, this is the bottleneck of all defense technology)

2, the real attack. The real attack is difficult or not identifiable. For example, the same basic form with the normal, if and statistics are very similar, it is difficult to distinguish. Some attacks, such as reflective of the e-mail attacks, it is perfectly legal, but very hard to classify them.

Recommended links:

Compare Personal Interest

xbox 360 AVCHD

Zhang Feng: NAS Really How It?

PERFORMANCE appraisal process may wish to "quick" point

"Nobunaga's Ambition 12 Innovation" 82 Hokkaido start a battlefield report


When The "vision" Into A "trap"

convert avi to mp4 online

3g2 to Mpg

Infomation File And Disk Management

Good efficacy is the Man Manao out

Vb6 how to dynamically add controls

Official Air Strike 2 Cheats