This week’s system design refresher:
-
System design interview course (Black Friday Sale)
-
Token, Cookie, Session
-
What’s CDN? (Youtube video)
-
Studying Cost System
-
On-line ticketing platform
-
Centralized vs. Decentralized Social Community
The Black Friday sale is now up! Use code BF2022 at checkout for 30% off my system design interview on-line course.
Our on-line course options content material from two System Design interview books. And in 2023, we hope so as to add the brand new System Design Interview Quantity 3.
To make the most of the limited-time gives, subscribe earlier than 11:59 pm PST on Monday, November 28.
Session, cookie, JWT, token, SSO, and OAuth 2.0 – what are they?
These phrases are all associated to person id administration. While you log into a web site, you declare who you might be (identification). Your id is verified (authentication), and you might be granted the required permissions (authorization). Many options have been proposed prior to now, and the record retains rising.
From easy to advanced, right here is my understanding of person id administration:
-
WWW-Authenticate is probably the most fundamental methodology. You’re requested for the username and password by the browser. Because of the shortcoming to manage the login life cycle, it’s seldom used at this time.
-
A finer management over the login life cycle is session-cookie. The server maintains session storage, and the browser retains the ID of the session. A cookie normally solely works with browsers and isn’t cell app pleasant.
-
To handle the compatibility difficulty, the token can be utilized. The consumer sends the token to the server, and the server validates the token. The draw back is that the token must be encrypted and decrypted, which can be time-consuming.
-
JWT is a typical means of representing tokens. This info may be verified and trusted as a result of it’s digitally signed. Since JWT incorporates the signature, there isn’t a want to save lots of session info on the server aspect.
-
Through the use of SSO (single sign-on), you’ll be able to signal on solely as soon as and log in to a number of web sites. It makes use of CAS (central authentication service) to take care of cross-site info
-
Through the use of OAuth 2.0, you’ll be able to authorize one web site to entry your info on one other web site
Final week, Ticketmaster halted public ticket gross sales of Taylor Swift’s tour resulting from terribly excessive calls for on ticketing methods.
It’s an fascinating drawback, so we did some analysis on this subject. The diagram beneath reveals the evolution of the net China Prepare ticket reserving system.
The China Prepare tickets reserving system has comparable challenges because the Ticketmaster system:
-
Very excessive concurrent visits throughout peak hours.
-
The QPS for checking remaining tickets and orders could be very excessive
-
Quite a lot of bots
The options
-
Separate learn and write requests. As a result of anxious customers saved refreshing the net web page to examine if there have been tickets out there, the system might underneath enormous strain.
To deal with the calculation and question in reminiscence, the remaining ticket elements had been moved solely to GemFire. It’s attainable to suit your complete nation’s prepare tickets into a number of Gigabytes of reminiscence.
As well as, the order question part was moved to GemFire to scale back the load on the order database. Hadoop was used to retailer historic orders. -
Leverage public cloud for elastic capability.
-
Ban bots. It diminished the visitors by 95%.
-
Enhance the bandwidth of the system.
-
Enhance system availability by establishing extra information facilities in several cities.
-
Design a number of emergency plans.
Word: the numbers are based mostly on the back-of-the-envelope estimation (not official information).
What’s a decentralized social community service?
The diagram beneath reveals a comparability between Twitter and Mastodon.
It’s stated that Trump’s new social media platform Reality Social was utilizing the Mastodon.
Mastodon runs self-hosted social community companies. It’s free and has no advertisements. Its MAU (Month-to-month Lively Customers) elevated from 500k in Oct to 1 million in Nov, after Elon Musk’s takeover of Twitter.
In contrast to Twitter, whose servers belong to the Twitter firm, Mastodon’s servers don’t belong to any firm. Its community consists of servers (cases) from completely different organizations.
When customers register, they need to select a server to begin with. Because the servers sync up with one another, customers can nonetheless obtain updates from different servers.
As a result of the community is run by volunteers, the corporate has just one worker – its founder Eugen Rochko. It’s run by crowdfunding and is now supported by 3500 folks.
Openedges: Chief Architect (San Jose, Austin, Distant)