Midterm Examination

1. (10 points) RPC semantics.

Using a connection-less transport protocol like UDP, how would you implement at-least-once and at-most-once RPC semantics? Write your answer using pseudo-code.

• (10 points) Fill in the table below with information on the file systems we studied in class using 1 or 2 words.

File System	State at Servers	granularity	client/server	main memory/disk	cache consistency mech.	Replication
NFS
Sprite
AFS
Coda

• (10 points) Compare and contrast callbacks and timestamp-based invalidation in terms of robustness, potential for inconsistencies, network traffic generated.  Provide examples to illustrate when one mechanism performs better than the other.

• (20 points) Jefferson's Time Warp
1.  (5 points) Jefferson's time warp mechanism uses the global virtual time (GVT) to ensure that the system as whole makes progress.  What is another function of the GVT?
2.  (5 points) What happens in the face of network partitions, e.g., a process or a group of processes become temporarily separated from the rest of the system?
3. (10 points) Propose 2 different ways to solving this problem. What are the tradeoffs?

• (10 points) Lamport's Logical Clock

One way to implement the ISIS ABCAST protocol is to have a centralized site that serializes all messages.  How can you implement ABCAST using Lamport's logical clock?

4. (40 points)
 

[Warning, you could spend a whole semester answering the following.  I only want you to spend 40 minutes].

Business to consumer electronic commerce has really taken off in the past year but we have seen few changes in the base infrastructure technologies supporting it.  The predominant form of payment is still the transmission of credit cards over SSL protected connections. Customers still find the products they want by browsing from well publicized sites or starting with links they find as the result of queries.

The hot new companies appear to be those that provide a portal for users - starting points to which the users return again and again. Some of these portals provide users with a customizable home page that they can access from multiple places.  Others collect information from the users other "accounts" and present a single interface to this information.  Many provide a place for the user to store persistent data, or data they wish to share with others.  Some provide (in my opinion an insecure) form of single sign on, collecting the users passwords.  One will even provide the user with a free domain name.

One of the problems with such portals is that there are so many of them, and users often end up subscribed to more than one, contrary tothe basic premise (of course each such portal claims the user as their own - since stock valuations seem to be based on these numbers). There are many other problems, and in this question you are asked to list some of these concerns and fix them.

• (20 points) Security

1. (10 points) What are some of the security vulnerabilities introduced by such portals.  Think about each of the "A"s and "P"s we listed during our security lecture - but only list the ones where you see trouble, and describe the vulnerability.
2. (10 points) What solutions might you apply to solve some of these problems. Are there any technologies likely to see wider deployment in the coming year that can help.  What vulnerabilities remain that can't be addressed within the portal "model".

• (15 points) Naming, search, directories, persistent storage.
1. (5 points) Consider the portals that collect information from other sites and present the information directly to the user after some local processing.  What are some of the naming problems that might make it difficult to process this data (hint: the same information will likely appear on many other sites).
2. (10 points) What technologies discussed in class will be useful in addressing some of these problems (I can think of 2, each is three letters).  How can each of these technologies be used to address the problem.

• (5 points) General

Can you think of a better approach to customization of the users view of the net than the portals we have described.  Which characteristics of portals will it preserve, and will there still be a need for the portals we've discussed.  How will the technologies described in (a) and (b) be used in this new approach.