@BBCCBB 前端面试要问 redis 、mq 、数据库、架构、设计模式？？

@anonydmer 但是可能这个方法返回的 list 外部还要继续 add 呢，难免会有这种业务的，或者说现在没有后面加上了，然后哪个人没有看这个方法的代码不就报错了吗，

@sutra 对 哦，忘记了

@liuxey 1 、新建 ArrayList 的时候最好指定容量，这里就表示一个空的所以 new Arraylsit （ 1 ）就可以了，2 、new 一个 arrayList 的时候最好静态方法，用谷歌的 guava：Lists.newArrayListwithCatity(1)

做业务的程序员是利润中心，做这种工具开发、运维部署的是成本中心，除非公司够大（比如阿里）养得起要不然一般公司的话的确待遇等方面不如做业务的

@66beta 小厂就不说名字了，现在招聘很多公司都是 5 年经验+，算你 22 岁大学毕业，也就是最低年限要求就是 27 岁了，这样一算 30 以上程序员的需求其实并不低

要不是我司最近招聘了大量的 30 岁以上的程序员我真以为程序员 30 岁之后就失业了

"工作几年后喜欢编程而转做了程序员"

我觉得原因是这个不是 30 岁+的双非本科

先用公众号吧。。简单。。。等能坚持一个季度以上再自己搭个博客吧，遇见太多自己搭了个博客的但是上面全是水文章，比如如何本地部署 es 、mysql，如何部署 java 环境，如何集成 dubbo 等等

@ryd994 马丁的论点是两个：
1. Distributed locks with an auto-release feature (the mutually exclusive lock property is only valid for a fixed amount of time after the lock is acquired) require a way to avoid issues when clients use a lock after the expire time, violating the mutual exclusion while accessing a shared resource. Martin says that Redlock does not have such a mechanism.

2. Martin says the algorithm is, regardless of problem “1”, inherently unsafe since it makes assumptions about the system model that cannot be guaranteed in practical systems.

你说的应该是第二个把，作者的态度是：
I want to mention again that, what is strange about all this, is that it is assumed that you always must have a way to handle the fact that mutual exclusion is violated. Actually if you have such a system to avoid problems during race conditions, you probably don’t need a distributed lock at all, or at least you don’t need a lock with strong guarantees, but just a weak lock to avoid, most of the times, concurrent accesses for performances reasons.

意思应该是遇到这种情况也许不需要分布式锁了，但是我没有找到你说的 token 部分，我只找到 For example you can implement Check and Set. When starting to work with a shared resource, we set its state to “`<token>`”, then we operate the read-modify-write only if the token is still the same when we write. 这段但是和你描述的有误差

总而言之马丁的论点之一就是如果持有锁的客户端在锁过期时间之后还没有释放锁的话回有安全问题：
In particular, the algorithm makes dangerous assumptions about timing and system clocks (essentially assuming a synchronous system with bounded network delay and bounded execution time for operations), and it violates safety properties if those assumptions are not met. Moreover, it lacks a facility for generating fencing tokens (which protect a system against long delays in the network or in paused processes).

作者的论点是：Just a quick note. In server-side implementations of a distributed lock with auto-release, the client may ask to acquire a lock, the server may allow the client to do so, but the process can stop into a GC pause or the network may be slow or whatever, so the client may receive the "OK, the lock is your" too late, when the lock is already expired. However you can do a lot to avoid your process sleeping for a long time, and you can't do much to avoid network delays, so the steps to check the time before/after the lock is acquired, to see how much time is left, should actually be common practice even when using other systems implementing locks with an expiry.

大概就是你应该避免客户端 A 进行长时间的工作，或者让客户端对时间进行检查：However you can do a lot to avoid your process sleeping for a long time, and you can't do much to avoid network delays, so the steps to check the time before/after the lock is acquired, to see how much time is left, should actually be common practice even when using other systems implementing locks with an expiry.

所以我觉得马丁的论点是有道理的，但是太过于绝对了，极端情况下也许 redlock 是不安全的但是大多数情况下是可以使用的

@liprais 你到底看没看我的回复啊，“你说的讨论安全性等问题是指的这个把： https://martin.kleppmann.com/2016/02/08/how-to-do-distributed-locking.html” 我没贴出来？

@liprais 另外说人家不了解的时候请带一下资料和论证，谁质疑谁举证，“redlock 都多少年前就确认有逻辑漏洞的东西了还敢用” 请把证明 redlock 有逻辑漏洞的论文或者文章的链接带上，“你显然没看过官网的这一页也没看过几年前关于 redlock 的讨论” 那你在官网上这一页往下拉一点就可以看到 antirez 对这个观点的反驳文章的链接，我都贴上了，我举证了，请你也来举证一下

@liprais 看了，里面只有关于安全性的讨论，并没有明现的标记出不推荐使用 redlock，你说的讨论安全性等问题是指的这个把： https://martin.kleppmann.com/2016/02/08/how-to-do-distributed-locking.html，但是 redis 作者 Antirez 写过文章来反驳这个质疑： http://antirez.com/news/101

我觉得程序员应该向历史学家和作家学习一下，下任何结论前一定要去详细考证一下，1L 的官网链接不难找把随手谷歌一下就有了的东西也没有去考证就擅自下结论

成都育碧

@boermi 懒汉圈上年薪都二三十万还个个都是白富美高富帅，太假了明显是托

青春同路还不错，比较真实

你说的这几个售价都完全不在一个等级，除非是国产中型 SUV 和合资紧凑或者豪华小型才有比较头

@liudaolunhuibl 反感的话快手。。。