- It might be argued that by the time complete transparency functions
have been provided to support distributed applications that ODP is
itself just a distributed operating system in another guise!
difference between what is available commercially, and what is
described here can be summed up by paraphrasing the famous question and
answer of Gandhi's concerning Western Civilization: Q: "What do you think
of distributed systems?". A: "I think they would be a jolly good
- We must stress again that ADT is not the
same as an object. An object implements a class which may implement
an ADT, but needs checking/testing in the normal fashion.
- Note that any one case may be simulated
(on a distributed Unix system) from the other two using symbolic links.
- Leading to Lamport's famous
definition of a distributed system: "A distributed
system is one in which a machine which you never knew existed can stop
you getting your work done".
- CORBA stub compilers do allow
you to pass pointers (this is
how ``out'' and ``inout'' parameters are implemented. THis is
addressed further in chapter 7). What happens is when
the pointer gets into the stub, the stub does a copy: once when making
the invocation, and once after unmarshalling the results. Thus the
illusion of pointer is maintained. So in CORBA IDL "out" and "inout"
might be regarded as being equivalent to C's "*" operator. However,
you are restricted to passing structures which are defineable in the
IDL. In particular you are not allow to pass structures which contain
pointers to other structures (instead they must contain the
structure). Allowing structures to contain pointers to other
structures would complicate (intolerably) the life of the stub
compiler writer. There is more about this in chapter 7.
- As we shall see in chapter 8, video and audio streams
are best dealt with by separate mechanisms than distributed system control
since they have completely different realibility requirements,
generally being statistical in nature. Their timeliness are also
periodic (although even this is also potentially only statistically),
and hence require more design for their control loops and clock access.
- It is worth noting that many existing distributed systems still have lower
availability than equivalent central systems since more components have a
higher number of independent failure modes than one. Analyzing the
dependencies between processes in a distributed system is extremely important
as it allows the system designer to avoid this pitfall.
- It is absolutely impossible to achieve 100
The aim of the engineer should be to reduce the chances of failure to
the point where the expected loss is acceptable and an acceptable
cost. This may involve moving the probable modes of failure to
components for which the MTBF can be accurately assessed.
- In general, this is a
very hard problem, since many programming languages make it hard to
tell whether a piece of code necessarily alters the state of variables
that it references.
- In software terms, the error was in software that did not meet its
specification. The fault/failure was the inability of the software to
then meet its design. The exception is then caused by there being no
further way this part of the software can proceed.
Forming transitive closure of state transition matrix is usually
achieved using Warshall's algorithm.
- See Meyer - Object Oriented Software Construction, 1989 - same series
as Hoare book.
- Unix is a trademark of AT&T Bell Laboratories
- The talk program was originally written by Kipp Hickman.
- A floor so cunningly laid that no matter where you stood, it
was beneath your feet,
- The N-Way distribution of input to the other participant
windows was achieved by modification to the X Windows Server to field
events to multiple clients
- For ``back of the envelope'' calculations, we should note that reading
speeds as high as 900 words per minute have been recorded, although
speech comprehension can go even higher. Interestingly, although the
bandwidth of the eye is around 1 Gbps, neurologists claim the
bandwidth of the nervous system into the brain is closer to 300 bps!
Of course, a lot of pre-processing is occurring!
- The location service is of general utility, and so
is separate from the ping service.
- On a practical note, both mechanisms run out of Unix
file descriptors at about 16, 32 or
64 conferees (depending on the version of Unix), but that should
be adequate for most purposes.
- It is an internal matter that a speaker can hear themselves in a human
conference. Similarly, we feel that in a computer mediated conference,
a channel between the keyboard and screen (or camera and monitor) of a
given user is out of the scope of the actual conference (at least for
the reason that it cannot be floor controlled).
- In our model of a conference, horizontal lines don't exist.
- The program was posted on
the bulletin board ``comp.sources.x'' and users as far afield as Finland,
Crete and Japan have commented.
- We need to distinguish between
and protocol level state. It is usually desirable to minimise the
statefulness of the protocol. It is often desirable to be able to
change the state of the server in repsonse to interaction with
- Most windowing systems derive from the Xerox PARC
for Xerox workstations a long time ago. These spawned the MAC,
MS-Windows and Suntools/Sunview systems, amongst others.
- Multicast can also be used for user/conference location.
User location involves identifying the current physical
location of a given user, and provide a invitation
service as needed (or as Cosmos Nikolaou called it, User Locator).
- This is a good example of
the inadequacy of a simple minded implementation of the
"client-server" model. Each conferee is running a
conference management process, and is a client of the
multicast delivery system for each media. However, the
conference service itself must multicast a request to
each of these processes, reversing the roles. However,
in may client-server programming systems (e.g. in the version of
ANSA RPC used by the authors for the examples here,
such a reversal is not permitted, thus we are forced to
construct an CAR Library Notification Service which is a
companion process for each client to server these
requests, and use local IPC mechanisms to report to the
conference manager process.
- What about synchronisation? There is some requirement
for everyone to hear things at roughly the same time, so
that no site has the advantage of getting everything
first and always being able to assume the floor. If we
don't enforce strict synchronisation, then there must be
some form of floor control where disadvantaged sites are
compensated for their delay. Currently, we use an
adaptive playout buffer to match everyone's delay.
However, this is sub-optimal for a conference with many
local users and few remote. Further research is needed
- But with a human level silence
suppression, a privacy button becomes a "don't send anything at the
moment", including video.
- A message may consist of many packets; we assume these
are sub-sequence numbered, and can be delivered in
required order and so forth. the message arrival
(time/event) can be construed as the arrival of the
final packet of the message.
- We define a tightly coupled system as one which attempts to
ensure consistency at all sites. By contrast a more loosely coupled system
tolerates inconsistencies, though it should attempt to resolve them in
time. A very loosely coupled system will not even know the full list of
- Actually IVS does support audio, but has also been widely used as
a pure video codec with vat as the audio tool.
- or broadcast, but that is outside
the scope of this document, as it does not usually provide a reverse path
from receiver to sender
- actually many shared
workspace tools will not scale anyway, but we shall concern ourselves here with
those that will
- See Chapter 7.
- Note that OS is used in a special way in network management standards - It is the operations system, not the Operating System
- If I had a pound for every time I had had to
choose how to merge a GUI system which has its own callback structure,
with a communications API which has its own, I would be a very
- The ISO protocol CMIP, the Common
Management Information Protocol, is also used and has a richer set of
primitives including the ability to scope access to levels of the
hierarchy of Management Objects.
- Early World Wide Web access did not
include caches or replicas- this led very rapidly to saturation of
world wide networks. In contrast, archive servers in the Internet
are heavily based around replication, and consequently reduce
- Log structured file systems were designed to optimise or eliminate seek times for disk access, but they can also be extended to optimise concurrent, distributed access.
- Clearly, it would be possible for the
system to support a backdoor primitive which would cause objects to move
without the need to consult them. However, this is dangerous, and great care
would have to be exercised in determining who had the right to invoke it.
- Clearly, there are some restrictions on the degree of
compulsion; for example, it is not reasonable to expect the system to move an
object to a protected node.
- There are various schemes to avoid unnecessary timeout.
For example, assuming that globally synchronised clocks could be implemented,
the called object (or kernel on which it is current located) could send a `stay
alive' message to the caller when the call timeout was close to expiry.
Clearly, this behaviour would have to be programmer selectable.
- It may
of course notice that the response time of a process has increased or
- From: email@example.com (Andy Tanenbaum)
Subject: Have we learned anything in the last 20 years?
Organization: Fac. Wiskunde and Informatica, Vrije Universiteit, Amsterdam
Fri May 10 14:13:51 BST 1996