Authentication is the act of confirming the truth of an attribute of a single piece of data (a datum) claimed true by an entity. In contrast with identification which refers to the act of stating or otherwise indicating a claim purportedly attesting to a person or thing’s identity, authentication is the process of actually confirming that identity.

Before OAuth, a common pattern for granting access to your account to a third-party application was to simply give it your password and allow it to act as you. This pattern obviously has a number of problems.OAuth 2.0 is the modern standard for securing access to APIs.  This is a guide to building OAuth 2.0 APIs, with concrete recommendations based on the majority of the live implementations. 

這篇不屬於 OAuth 2.0 規格書（RFC 6749）本身，而是屬於另一份 spec RFC 6750: The OAuth 2.0 Authorization Framework: Bearer Token Usage 。我認為它存在的目的是「示範一下 Token 的用法，並且定義下來，讓大家可以參考」，因為 OAuth 2.0 規格書沒有明確規定「Token 長什麼樣子」，甚至「Resource Server 如何拒絕非法的 Token」（指 API）都沒定義，只規定了怎麼拿取、怎麼撤銷、怎麼流通。

實際上，即使有定義這個 Bearer Token ，各大網站的 API 也並非都使用這種 Token ，我看到有明確說明使用 Bearer Token 的像是 Twitter API，其他的要不是非使用 “Bearer” 關鍵字，就是沒有明確指出何種 Token （其實也不需要，因為在那些網站 Token 只有一種用途）。

For the longest time I did not know what everything meant in htop.I thought that load average 1.0 on my two core machine means that the CPU usage is at 50%. That’s not quite right. And also, why does it say 1.0?I decided to look everything up and document it here.They also say that the best way to learn something is to try to teach it.

So, I have used fork() and I know what it does. As a beginner I was quite afraid of it (and I still don’t understand it fully). The general description of fork() that you can find online is, that it copies the current process and assigns different PID, parent PID and the process will have different address space. All is good, however, given this functionality description a beginner would wonder “Why is this function so important… why would I want to copy my process?”. So I did wonder and eventually I found out that’s how you can call other processes from within your current process by means of the execve() family.

Unix domain sockets are sometimes called “local” sockets. This can be misleading as it implies that it has something to do with a loopback adapter. The closest thing to a Unix domain socket would be a pipe. Unix pipes are an integral cornerstone of the OS at large. Analogous to a water pipe with water flowing in one direction, a stream of bytes flows from the write side of a pipe to the read side. A separate open file descriptor maintains a reference to the read and write side of a pipe. The different sides of the pipe can be in different processes or threads as long as they reside on the same local computer.

Even if you never need to directly program UD sockets, they are an important facet of understanding both the Unix security model and the inter-workings of the operating system. For those that do use them, they open up a world of possibilities.

PostgreSQL has a powerful user authentication and access control system, but for a newcomer, it can seem confusing and overwhelming. In this article I hope to explain how to manage user and permissions with ease.

Binary search is one of the fundamental algorithms in computer science. In order to explore it, we’ll first build up a theoretical backbone, then use that to implement the algorithm properly and avoid those nasty off-by-one errors everyone’s been talking about.

面了10来个人，算法，可以大概说清楚二分查找原理的人过半，清楚知道复杂度的再减半，只有一个人对所有的算法题都对答如流。我觉得二分查找是必须懂得，因为这包含了最朴素的大问题分解的思路。而且我之前文章也写过，其实你查字典，排错，都可以用二分，它不仅是一个算法，也是一个很重要的思想。 – @tinyfoo

This article touches in detail all the aspects of a quicksort algorithm. I tried to write it as simple as possible to make it an easy way to understand quicksort. This is really an interesting algorithm to learn and I have found that most of the students or professionals feel it hard to understand or reproduce in code.

A lot of people think JavaScript is simple and in many cases it is. But in its elegant simplicity lies a deeper functionality that if leveraged properly, can produce amazing results. Axel’s ability to distill this into an approachable reference will certainly help both aspiring and experienced developers achieve a better understanding of the language.