It might be argued that by the time complete transparency functions have been provided to support distributed applications that ODP is itself just a distributed operating system in another guise!

The difference between what is available commercially, and what is described here can be summed up by paraphrasing the famous question and answer of Gandhi's concerning Western Civilization: Q: "What do you think of distributed systems?". A: "I think they would be a jolly good idea".

We must stress again that ADT is not the same as an object. An object implements a class which may implement an ADT, but needs checking/testing in the normal fashion.

Note that any one case may be simulated (on a distributed Unix system) from the other two using symbolic links.

Leading to Lamport's famous definition of a distributed system: "A distributed system is one in which a machine which you never knew existed can stop you getting your work done".

CORBA stub compilers do allow you to pass pointers (this is how ``out'' and ``inout'' parameters are implemented. THis is addressed further in chapter 7). What happens is when the pointer gets into the stub, the stub does a copy: once when making the invocation, and once after unmarshalling the results. Thus the illusion of pointer is maintained. So in CORBA IDL "out" and "inout" might be regarded as being equivalent to C's "*" operator. However, you are restricted to passing structures which are defineable in the IDL. In particular you are not allow to pass structures which contain pointers to other structures (instead they must contain the structure). Allowing structures to contain pointers to other structures would complicate (intolerably) the life of the stub compiler writer. There is more about this in chapter 7.

As we shall see in chapter 8, video and audio streams are best dealt with by separate mechanisms than distributed system control since they have completely different realibility requirements, generally being statistical in nature. Their timeliness are also periodic (although even this is also potentially only statistically), and hence require more design for their control loops and clock access.

It is worth noting that many existing distributed systems still have lower availability than equivalent central systems since more components have a higher number of independent failure modes than one. Analyzing the dependencies between processes in a distributed system is extremely important as it allows the system designer to avoid this pitfall.

It is absolutely impossible to achieve 100 The aim of the engineer should be to reduce the chances of failure to the point where the expected loss is acceptable and an acceptable cost. This may involve moving the probable modes of failure to components for which the MTBF can be accurately assessed.

In general, this is a very hard problem, since many programming languages make it hard to tell whether a piece of code necessarily alters the state of variables that it references.

In software terms, the error was in software that did not meet its specification. The fault/failure was the inability of the software to then meet its design. The exception is then caused by there being no further way this part of the software can proceed.

Forming transitive closure of state transition matrix is usually achieved using Warshall's algorithm.

See Meyer - Object Oriented Software Construction, 1989 - same series as Hoare book.

Unix is a trademark of AT&T Bell Laboratories

The talk program was originally written by Kipp Hickman.

A floor so cunningly laid that no matter where you stood, it was beneath your feet,

The N-Way distribution of input to the other participant windows was achieved by modification to the X Windows Server to field events to multiple clients

For ``back of the envelope'' calculations, we should note that reading speeds as high as 900 words per minute have been recorded, although speech comprehension can go even higher. Interestingly, although the bandwidth of the eye is around 1 Gbps, neurologists claim the bandwidth of the nervous system into the brain is closer to 300 bps! Of course, a lot of pre-processing is occurring!

The location service is of general utility, and so is separate from the ping service.

On a practical note, both mechanisms run out of Unix file descriptors at about 16, 32 or 64 conferees (depending on the version of Unix), but that should be adequate for most purposes.

It is an internal matter that a speaker can hear themselves in a human conference. Similarly, we feel that in a computer mediated conference, a channel between the keyboard and screen (or camera and monitor) of a given user is out of the scope of the actual conference (at least for the reason that it cannot be floor controlled).

In our model of a conference, horizontal lines don't exist.

The program was posted on the bulletin board ``comp.sources.x'' and users as far afield as Finland, Crete and Japan have commented.

We need to distinguish between application level and protocol level state. It is usually desirable to minimise the statefulness of the protocol. It is often desirable to be able to change the state of the server in repsonse to interaction with clients.

Most windowing systems derive from the Xerox PARC systems developed for Xerox workstations a long time ago. These spawned the MAC, MS-Windows and Suntools/Sunview systems, amongst others.

Multicast can also be used for user/conference location. User location involves identifying the current physical location of a given user, and provide a invitation service as needed (or as Cosmos Nikolaou called it, User Locator).

This is a good example of the inadequacy of a simple minded implementation of the "client-server" model. Each conferee is running a conference management process, and is a client of the multicast delivery system for each media. However, the conference service itself must multicast a request to each of these processes, reversing the roles. However, in may client-server programming systems (e.g. in the version of ANSA RPC used by the authors for the examples here, such a reversal is not permitted, thus we are forced to construct an CAR Library Notification Service which is a companion process for each client to server these requests, and use local IPC mechanisms to report to the conference manager process.

What about synchronisation? There is some requirement for everyone to hear things at roughly the same time, so that no site has the advantage of getting everything first and always being able to assume the floor. If we don't enforce strict synchronisation, then there must be some form of floor control where disadvantaged sites are compensated for their delay. Currently, we use an adaptive playout buffer to match everyone's delay. However, this is sub-optimal for a conference with many local users and few remote. Further research is needed here.

But with a human level silence suppression, a privacy button becomes a "don't send anything at the moment", including video.

A message may consist of many packets; we assume these are sub-sequence numbered, and can be delivered in required order and so forth. the message arrival (time/event) can be construed as the arrival of the final packet of the message.

We define a tightly coupled system as one which attempts to ensure consistency at all sites. By contrast a more loosely coupled system tolerates inconsistencies, though it should attempt to resolve them in time. A very loosely coupled system will not even know the full list of conference members.

Actually IVS does support audio, but has also been widely used as a pure video codec with vat as the audio tool.

or broadcast, but that is outside the scope of this document, as it does not usually provide a reverse path from receiver to sender

actually many shared workspace tools will not scale anyway, but we shall concern ourselves here with those that will

See Chapter 7.

Note that OS is used in a special way in network management standards - It is the operations system, not the Operating System

If I had a pound for every time I had had to choose how to merge a GUI system which has its own callback structure, with a communications API which has its own, I would be a very wealthy person.

The ISO protocol CMIP, the Common Management Information Protocol, is also used and has a richer set of primitives including the ability to scope access to levels of the hierarchy of Management Objects.

Early World Wide Web access did not include caches or replicas- this led very rapidly to saturation of world wide networks. In contrast, archive servers in the Internet are heavily based around replication, and consequently reduce the traffic.

Log structured file systems were designed to optimise or eliminate seek times for disk access, but they can also be extended to optimise concurrent, distributed access.

Clearly, it would be possible for the system to support a backdoor primitive which would cause objects to move without the need to consult them. However, this is dangerous, and great care would have to be exercised in determining who had the right to invoke it.

Clearly, there are some restrictions on the degree of compulsion; for example, it is not reasonable to expect the system to move an object to a protected node.

There are various schemes to avoid unnecessary timeout. For example, assuming that globally synchronised clocks could be implemented, the called object (or kernel on which it is current located) could send a `stay alive' message to the caller when the call timeout was close to expiry. Clearly, this behaviour would have to be programmer selectable.

It may of course notice that the response time of a process has increased or decreased.

From: ast@cs.vu.nl (Andy Tanenbaum) Subject: Have we learned anything in the last 20 years? Organization: Fac. Wiskunde and Informatica, Vrije Universiteit, Amsterdam

Jon Crowcroft
Fri May 10 14:13:51 BST 1996