Can we avoid problem of last unpaired data element while building merkle tree for ethereum blockchain? I know that there's way to solve this problem in blockchain, we must duplicate last element, but this is issue which can be used to attack network.
Related
I'm learning the copy-on-write technique. I can understand that parent and child process share the same address space. When the parent or child want to modify the page, so that page will be copied to private memory of process then modified it.
So my question is, assume that child process is modified the page, then complete and terminate. How the modified data? is it still there and visible to parent process and other child processes?
In short, if child process modified the page, and what happen next to parent and other child processes for that modified page/data?
I read the COW concepts and understand it basic principles but not sure how deep I understand.
In short - the parent does not have access to the child process data. Neither do any other siblings. The moment the child process terminates, all its modifications is lost.
Remember, COW is just an optimization. From the processes point of view, they don't even realize it is copy on write. From their perspective, each process has its own copy of the memory space.
Long answer, what happens behind the scenes:
*Note, I am simplifying some corner case, not everything is 100% accurate but this is the idea.
Each process has its own page table, which maps process virtual addresses to physical pages.
At some point, the parent process calls fork. At this step, a child process is created, its VMA descriptors are duplicated (there are certain rules on how that is done, with intermediate chain etc, not going to deep dive into this). What is important is that at this stage, child and parent virtual addresses are pointing to the same physical addresses.
Next, all pages are made read only.
At this point, if either child or parent try to write to a certain page, it will cause a page fault. They can read freely, however.
Now assume child writes to a page. This causes a page fault. This page fault is caught by the kernel. So the kernel understands it is COW now. What it does is creating a separate copy of a physical page for child.
So at this point, child and parent have same virtual address pointing to two different physical addresses.
That should answer your question. Parent cannot access other process physical pages. The virtual address is the same, but that does not matter. When child dies, its pages are recycled, and all changes are lost.
I am trying to determine the best practice for state management. That is, whether the parent of 2 subcomponents should manage the state for those subcomponents.
For example:
<div>
<subcomponent-one> *ngIf="condition"></subcomponent-one>
<subcomponent-two> *ngIf="!condition"></subcomponent-one>
</div>
And inside each subcomponent, various ngrx actions can be dispatched. However, a certain action may lead to the condition: bool being changed.
So the question is: should the state be shared across both components? And, should this state be managed by the parent?
I tend to suggest the "container/presenter" pattern, which is almost exactly what you have proposed here.
Your parent ("container" or "smart") connects to the store, generally creating a bunch of Observables whose values it passes to its children ("presenters" or "dumb" components) via the async pipe.
(Do not subscribe to the Observables and store their emissions in local variables. I see this happen far too often and it is a horrendous anti-pattern.)
Depending on how your app is set up, I would also suggest that instead of dispatching actions from your children, use #Output and react to those events in the smart parent.
This pattern allows you to separate store logic from display logic, leading to a much tidier and more modular app.
<div>
<subcomponent-one> *ngIf="condition$ | async"></subcomponent-one>
<subcomponent-two> *ngIf="inverseCondition$ | async"></subcomponent-one>
</div>
so I just wanted to know if putting data in a dataset of an element is considered a security flaw even though it is meant to be seen.
For example, if instagram put the id of each post from their database into the dataset attribute in each post element
Another example would be:
Putting the id of the post in a dataset
OWASP calls this Insecure Direct Object Reference (IDOR) -- when you expose a "direct reference" (database ID, etc.) to an internal object to the client -- and it absolutely can be a security issue.
To quote OWASP here, which is a much better expert on this than any one person:
IDOR do not bring a direct security issue because, by itself, it reveals only the format/pattern used for the object identifier. IDOR brings, depending on the format/pattern in place, a capacity for the attacker to mount an enumeration attack in order to try to probe access to the associated objects.
So in essence, if you surface database IDs and thus the pattern they change in, and you have some sort of access control issue (you're relying on security by obscurity, or you have some sort of bug in your access control), an attacker can find their way to any object on your system because they know the ID scheme all objects follow and thus can enumerate to any object in your database.
This is a major flaw, but it's by no means the only one. Check out the OWASP cheat sheet on this for more details!
I'm using multiple atoms within a map called app-state and it's working quite well architecturally so far. The state distributed across those atoms is normalised, reflecting as it is stored in datomic, and of course what the client is initialised with is a specific subset of what's in datomic. This is me preparing the way to try out datascript (which is what gave me the aha moment of why client state is so much better fully normalised, even if not using datascript).
I have a question at this point. We all know that some state in reagent is a reflection of what's in the server's database (typically), but there's also state in reagent concerning solely the current condition of the ui. That state will vanish when the page is re-loaded and there's (typically) no need to store that on the server.
So, I'm looking at my list of atoms and realising that I have some atoms which hold database-record-like maps, i.e. they contain exact reflections of datomic entities, (which arrive by transit), which is great.
But now I notice I also want some ui state per datomic entity.
So the question arises whether to (this seems wrong to me) add some keys to what came from datomic, of the ui state that is irrelevant to datomic, but that the client needs (i.e., dump it into the same nested map). That is entirely possible, but seems wrong, and so suggests.... (this being my idea as of now), How about a parallel atom per "entity", like #<entity-name>-ui, containing a map (or even a vector of maps, if multiple entities), with a set of keys for ui state.
That seems an improvement on what I have ended up with by default as of now, which is separate atom for every piece of ui state (I've avoided component local state up to now). (Currently the ui only holds ui state for one record at a time, so these ui atoms need only be concerned with a single current entity).
But if, say, I made a parallel atom (to avoid mixing ephemeral ui and server state), then ui state could perhaps manageably extend deeper. We could hold, say, ui state per entity so switching current-entity back and forth would remember ui state.
Since this is Stack Overflow, I have to ask a specific question, rather than this just be discussion, so: given what I've described, what are some sensible architectural choices in this case, to store state in reagent?
If you are storing your app state in several component-independent reagent atoms already - you can check https://github.com/day8/re-frame which is a widely-adopted reagent-powered framework exactly for your case. Essentially it stores all the application state in a reagent atom but has a well-developed infrastructure to support coordinated storage and updates. They have brilliant documentation with a great high-level explanation of the idea.
Regarding your initial question about server/ui state separation - I think you should definitely go this way. It'll give you a better way of separating concerns and give you an easier way to update server/ui data separately. It is very easy to achieve this with re-frame by storing both parts of the state under separate top-level keys in re-frame application db. E.g.
{:server {:entity-name ...}
:ui {:entity-name ...}}
and then create suitable subscriptions(see re-frame docs) to retrieve it.
This question is a little "meta" for SO, but there doesn't seem to be a better place to ask it...
According to Google, realtime collaborative objects are never deleted from the model. So it makes sense to pool objects where possible, rather than not-really-delete them and subsequently create new ones, thus preventing an unnecessary increase in file-size and overhead.
And here's the problem: in an "undo" scenario, this would mean pulling a deleted object out of the trash pool. But "undo" only applies to operations by the local user, and I can't see how the realtime engine could cope if that "deleted" object had already been claimed by a different user.
My question is, am I missing something or wrong-thinking, and/or is there an alternative to a per-user pool?
(It also occurs to me that as a feature, the API could handle pooling deleted objects, automatically minimizing file-bloat.)
I think you have to be very careful about reusing objects in the way you describe. Its really hard to get right. Are you actually running into size issues? In general as long as you don't constantly create and throw out objects, it shouldn't be a big deal.
You can delete the contents of the collab object when its not being used to free up space. That should generally be enough.
(Note, yes, the API could theoretically handle this object cleanup automatically. It turns out to be a really tricky problem to get right, do to features like undo. It might show up as a future feature if it becomes a real issue for people.)
Adding to Cheryl's answer, the one thing that I see as particularly challenging (actually, impossible) is the pulling-an-object-from-the-pool stuff:
Let's say you have a pool of objects, which (currently) contains a single object O1.
When a client needs a new object it will first check the pool. if the pool is not empty it will pull an object from there (the O1 object) and use it, right?
Now, consider the scenario where two clients (a.k.a, editors/collaborators) need a new object at the same time. Each of these clients will run the logic described in the previous paragraph. That is: both clients will check whether the pool is empty and both clients will pull O1 off of the pull.
So, the loosing client will "think" for some time that it succeeded. it will grab an object from the pool and will do some things with it. later on it will receive an event (E) that tells it that the object was actually pulled by another client. At this point the "loosing" client will need to create another object and re-apply whatever changes it did to the first object to this second object.
Given that you do not know if/when the (E) event is going to fire it actually means that every client needs to be prepared to replace every collaborative object it uses with a new one. This seems quite difficult. Making it more difficult is the fact that you cannot do model changes from event handlers (as this will trump the redo/undo stack). So the actual reaction to the (E) event need to be carried out outside of the (E) event handler. Thus, in the time between the receiving of the (E) event and the fix to the model, your UI layer will not be able to use the model.