精华内容
下载资源
问答
  • FastJSON 原理剖析 以及 和 Jackson的对比 who is the most fast!
    千次阅读
    2015-07-03 11:01:13

    FastJSON 原理剖析 以及 和 Jackson的对比 who is the most fast!
    FastJSON定义: FastJSON是一个阿里巴巴内部人员开发的,用于JSON对象和普通类对象互相转换的库。号称性能超越Jackson,今天我们就来看看,阿里巴巴大牛 vs Tatu Saloranta,到底 who is the most awesome!

    FastJSON原理:

    -对象 to JSON :利用反射找到对象类的所有Get方法,然后把”get”去掉,小写化,作为JSON的每个key值,如 getA 对应的key值为 a,而与真实的类成员名无关。

    -JSON to pojo :先同样通过反射找到对象类所有的Set方法,然后使用无参数构造函数(所以一定要有无参数的构造函数)新建一个类对象,从JSON字符串中取出一个key 如 a,先大写化为A,那么从所有Set方法中找到 SetA(),然后进行赋值。 如果找不到 setA (seta也不行),那么该值被忽略,也不报错。

    Jackson 的原理和FastJson一致,但是在 JSON to Java pojo的步骤中,做了更加科学的check,因而能识别seta这样的小写。但是如果getA 和geta都找不到,则会抛出异常(除非把a设置为忽略)。

    其他的步骤原理和FastJSON类似。

    测试验证代码:

    [java] view plaincopy在CODE上查看代码片派生到我的代码片

    package jar;  
    
    import com.alibaba.fastjson.JSON;  
    
    public class Test{  
    
    
        private int aaa=0;  
        private String bbb = "000";  
    
    
    
        public Test() {  
            // TODO Auto-generated constructor stub  
            aaa = 1;  
            bbb = "111";  
            System.out.println(" default construct function is called!!!");  
        }  
    
        public Test(int a ,String b) {  
            // TODO Auto-generated constructor stub  
            aaa = a;  
            bbb = b;  
            System.out.println("construct 2 function is called!!!");  
        }  
    
    
        public int getA() {  
            return aaa;  
        }  
    
    
        public void seta(int a)  
        {  
            this.aaa =a;  
        }  
    
        public String getB() {  
            return bbb;  
        }  
    
    
    
    
         //test  
         public static void main(String[] args) throws Exception    
         {         
    
               Test test =new Test(2,"222");  
               String code =  JSON.toJSONString(test);  
               System.out.println(code);  
               Test reverse = JSON.parseObject(code,Test.class);  
    
               System.out.println(reverse.getA());  
               System.out.println(reverse.getB());  
         }  
    
    }  
    

    下面是对 FastJson 和 Jackson (pojo to json-编码) 以及 (json to pojo-解码)以及综合(编码+解码) 在不同成员数量 下 ,不同循环次数的耗时(ns纳秒)对比。

    [java] view plaincopy在CODE上查看代码片派生到我的代码片

    //         code + decode -----------------------------------------------------  
    //         10000  - 23 members  
    //         Jackson :235750737 ns  
    //         FastJSON:347795550 ns  
    //         10000  - 2 members  
    //         Jackson :164173126 ns  
    //         FastJSON:159078284 ns  
    
    
    //         100000 - 23 members  
    //         Jackson :1004902734 ns  
    //         FastJSON:1689072614 ns  
    //         100000 - 2 members   
    //         Jackson :392344461 ns  
    //         FastJSON:299521240 ns  
    
    //         1000000 - 23 members  
    //         Jackson :8547741285 ns  
    //         FastJSON:15377369425 ns  
    //         1000000 - 2 members  
    //         Jackson :2581267623 ns  
    //         FastJSON:1591827729 ns  
    
    //         code only -------------------------------------------------------  
    //         10000  - 23 members  
    //         Jackson :115036100 ns  
    //         FastJSON:158681243 ns  
    //         10000  - 2 members  
    //         Jackson :87886170 ns  
    //         FastJSON:103086025 ns  
    
    
    //         100000 - 23 members  
    //         Jackson :417539325 ns  
    //         FastJSON:349358062 ns  
    //         100000 - 2 members   
    //         Jackson :185865488 ns  
    //         FastJSON:144893485 ns  
    
    //         1000000 - 23 members  
    //         Jackson :3384171740 ns  
    //         FastJSON:2200190119 ns  
    //         1000000 - 2 members  
    //         Jackson :1193815955 ns  
    //         FastJSON:568776506 ns  
    
    
    //         decode only -------------------------------------------------------  
    //         10000  - 23 members  
    //         Jackson :122597862 ns  
    //         FastJSON:183567261 ns  
    //         10000  - 2 members  
    //         Jackson :75418145 ns  
    //         FastJSON:47832689 ns  
    
    
    //         100000 - 23 members  
    //         Jackson :497670344 ns  
    //         FastJSON:1254994458 ns  
    //         100000 - 2 members   
    //         Jackson :165368101 ns  
    //         FastJSON:117555618 ns  
    
    //         1000000 - 23 members  
    //         Jackson :4189147981 ns  
    //         FastJSON:12004873228 ns  
    //         1000000 - 2 members  
    //         Jackson :999578584 ns  
    //         FastJSON:863444723 ns  
    

    结论:

    编码(pojo to json): 当循环数量较小时,FastJSON的性能 低于 JackSON;

    当循环数量越大时,FastJSON的性能开始超过Jackson;
    

    解码( json to pojo):当成员数量越大时,FastJSON的相对性能越差,JackSON的相对性能则越好;

    当成员数量越小时,FastJSON的性能越好。

    综合(编码+解码): 当成员变量数量越大时,Jackson 获胜。无关于循环数量。

    当成员变量数量越小时,FastJSON获胜。

    一般情况下,系统中的循环数量一般不会大的惊人,应该是偏小的。而成员变量变多,是一个企业级系统常见的情况。

    SO, who is the most fast or best? 我就不点出了。

    。。。

    Whatever, 两个JSON框架都是很棒的。而且本人很喜欢FastJSON的易用性,干净。

    有时间,有兴趣的可以继续研究研究FastJSON在多成员变量解码时的劣势是什么原因导致的。

    付上测试代码:

    [java] view plaincopy在CODE上查看代码片派生到我的代码片

    package jar;  
    
    import java.io.StringWriter;  
    
    import org.codehaus.jackson.JsonEncoding;  
    import org.codehaus.jackson.JsonGenerator;  
    import org.codehaus.jackson.map.ObjectMapper;  
    
    import com.alibaba.fastjson.JSON;  
    
    public class Test{  
    
    
    
        private int aaa=0;  
        private String bbb = "000";  
    
        private String c1 = "000";  
        private String c2 = "000";  
        private String c3 = "000";  
        private String c4 = "000";  
        private String c5 = "000";  
        private String c6 = "000";  
        private String c7 = "000";  
        private String c8 = "000";  
        private String c9 = "000";  
        private String c10 = "000";  
        private String c11 = "000";  
        private String c12 = "000";  
        private String c13 = "000";  
        private String c14 = "000";  
        private String c15 = "000";  
        private String c16 = "000";  
        private String c17 = "000";  
        private String c18 = "000";  
        private String c19 = "000";  
        private String c20 = "000";  
        private String c21 = "000";  
    
    
        public Test()  
        {  
    
        }  
    
    
    
        public Test(int a ,String b) {  
            // TODO Auto-generated constructor stub  
            aaa = a;  
            bbb = b;  
            //System.out.println("construct 2 function is called!!!");  
        }  
    
    
        public int getA() {  
            return aaa;  
        }  
    
    
        public void setA(int a)  
        {  
            this.aaa = a;  
        }  
    
        public String getB() {  
            return bbb;  
        }  
    
        public void setB(String b) {  
            this.bbb = b;  
        }  
    
    
    
        public String getC1() {  
            return c1;  
        }  
    
        public void setC1(String c1) {  
            this.c1 = c1;  
        }  
    
        public String getC2() {  
            return c2;  
        }  
    
        public void setC2(String c2) {  
            this.c2 = c2;  
        }  
    
        public String getC3() {  
            return c3;  
        }  
    
        public void setC3(String c3) {  
            this.c3 = c3;  
        }  
    
        public String getC4() {  
            return c4;  
        }  
    
        public void setC4(String c4) {  
            this.c4 = c4;  
        }  
    
        public String getC5() {  
            return c5;  
        }  
    
        public void setC5(String c5) {  
            this.c5 = c5;  
        }  
    
        public String getC6() {  
            return c6;  
        }  
    
        public void setC6(String c6) {  
            this.c6 = c6;  
        }  
    
        public String getC7() {  
            return c7;  
        }  
    
        public void setC7(String c7) {  
            this.c7 = c7;  
        }  
    
        public String getC8() {  
            return c8;  
        }  
    
        public void setC8(String c8) {  
            this.c8 = c8;  
        }  
    
        public String getC9() {  
            return c9;  
        }  
    
        public void setC9(String c9) {  
            this.c9 = c9;  
        }  
    
        public String getC10() {  
            return c10;  
        }  
    
        public void setC10(String c10) {  
            this.c10 = c10;  
        }  
    
        public String getC11() {  
            return c11;  
        }  
    
        public void setC11(String c11) {  
            this.c11 = c11;  
        }  
    
        public String getC12() {  
            return c12;  
        }  
    
        public void setC12(String c12) {  
            this.c12 = c12;  
        }  
    
        public String getC13() {  
            return c13;  
        }  
    
        public void setC13(String c13) {  
            this.c13 = c13;  
        }  
    
        public String getC14() {  
            return c14;  
        }  
    
        public void setC14(String c14) {  
            this.c14 = c14;  
        }  
    
        public String getC15() {  
            return c15;  
        }  
    
        public void setC15(String c15) {  
            this.c15 = c15;  
        }  
    
        public String getC16() {  
            return c16;  
        }  
    
        public void setC16(String c16) {  
            this.c16 = c16;  
        }  
    
        public String getC17() {  
            return c17;  
        }  
    
        public void setC17(String c17) {  
            this.c17 = c17;  
        }  
    
        public String getC18() {  
            return c18;  
        }  
    
        public void setC18(String c18) {  
            this.c18 = c18;  
        }  
    
        public String getC19() {  
            return c19;  
        }  
    
        public void setC19(String c19) {  
            this.c19 = c19;  
        }  
    
        public String getC20() {  
            return c20;  
        }  
    
        public void setC20(String c20) {  
            this.c20 = c20;  
        }  
    
        public String getC21() {  
            return c21;  
        }  
    
        public void setC21(String c21) {  
            this.c21 = c21;  
        }  
    
    
        //test  
         /** 
         * @param args 
         * @throws Exception 
         */  
        public static void main(String[] args) throws Exception    
         {         
    
    
               Test test =new Test(2,"222");  
    
    
               //JackJSON 初始化  
               ObjectMapper objectMapper = new ObjectMapper();    
    
               long startTime=0;   //获取开始时间  
               long endTime=0; //获取结束时间  
    
               int  loopCount  =100000;  
    
    //         code + decode -----------------------------------------------------  
    //         10000  - 23 members  
    //         Jackson :235750737 ns  
    //         FastJSON:347795550 ns  
    //         10000  - 2 members  
    //         Jackson :164173126 ns  
    //         FastJSON:159078284 ns  
    
    
    //         100000 - 23 members  
    //         Jackson :1004902734 ns  
    //         FastJSON:1689072614 ns  
    //         100000 - 2 members   
    //         Jackson :392344461 ns  
    //         FastJSON:299521240 ns  
    
    //         1000000 - 23 members  
    //         Jackson :8547741285 ns  
    //         FastJSON:15377369425 ns  
    //         1000000 - 2 members  
    //         Jackson :2581267623 ns  
    //         FastJSON:1591827729 ns  
    
    //         code only -------------------------------------------------------  
    //         10000  - 23 members  
    //         Jackson :115036100 ns  
    //         FastJSON:158681243 ns  
    //         10000  - 2 members  
    //         Jackson :87886170 ns  
    //         FastJSON:103086025 ns  
    
    
    //         100000 - 23 members  
    //         Jackson :417539325 ns  
    //         FastJSON:349358062 ns  
    //         100000 - 2 members   
    //         Jackson :185865488 ns  
    //         FastJSON:144893485 ns  
    
    //         1000000 - 23 members  
    //         Jackson :3384171740 ns  
    //         FastJSON:2200190119 ns  
    //         1000000 - 2 members  
    //         Jackson :1193815955 ns  
    //         FastJSON:568776506 ns  
    
    
    //         decode only -------------------------------------------------------  
    //         10000  - 23 members  
    //         Jackson :122597862 ns  
    //         FastJSON:183567261 ns  
    //         10000  - 2 members  
    //         Jackson :75418145 ns  
    //         FastJSON:47832689 ns  
    
    
    //         100000 - 23 members  
    //         Jackson :497670344 ns  
    //         FastJSON:1254994458 ns  
    //         100000 - 2 members   
    //         Jackson :165368101 ns  
    //         FastJSON:117555618 ns  
    
    //         1000000 - 23 members  
    //         Jackson :4189147981 ns  
    //         FastJSON:12004873228 ns  
    //         1000000 - 2 members  
    //         Jackson :999578584 ns  
    //         FastJSON:863444723 ns  
    
               //Jackson  
    
    
               startTime =  System.nanoTime();  
    
               for(int i=0;i<loopCount;i++)  
               {  
                   StringWriter sw = new StringWriter();  
                   JsonGenerator jsonGenerator = objectMapper.getJsonFactory().createJsonGenerator(sw);  
                   jsonGenerator.writeObject(test);   
                   String result = sw.toString();  
                  // Test acc = objectMapper.readValue(result, Test.class);   
               }  
               endTime =  System.nanoTime();  
               System.out.println("Jackson :"+(endTime-startTime)+" ns");  
    
    
    
               startTime =  System.nanoTime();  
               //FastJSON  
               for(int i=0;i<loopCount;i++)  
               {  
                   String code =  JSON.toJSONString(test);  
                 // Test reverse = JSON.parseObject(code,Test.class);  
               }  
               endTime =  System.nanoTime();  
    
               System.out.println("FastJSON:"+(endTime-startTime)+" ns");  
    
         }  
    
    }  
    
    更多相关内容
  • 通常情况下,whois信息均为真实信息,通过whois信息可以找到域名注册人的很多真实信息,像电话,邮箱,NS记录,是对网站进行社工非常好的信息来源,对于安全从业人员来说,快速获取whois信息,能够帮助自己掌握目标...
  • DNS信息查询

    千次阅读 2022-01-16 20:59:04
    1.使用who is命令对域名进行查询 发现了新的域名,继续查询 通过查询出的邮箱,利用站长工具进一步查询 又可以发现一些新的域名 2.利用nslookup工具进行域名查询 查询A类型记录; 查询MX类型记录: ...

    1.使用who is命令对域名进行查询

    发现了新的域名,继续查询

    通过查询出的邮箱,利用站长工具进一步查询

    又可以发现一些新的域名

    2.利用nslookup工具进行域名查询

    查询A类型记录;

    查询MX类型记录:

    3.利用dig工具查询各类DNS的解析

    直接查询域名:

    指向负责解析的DNS主机

    查询NS记录:

    查询TXT记录

    4.使用DNS子域名爆破工具,针对子域名进行爆破,同时解析出对应的IP地址

    下载并赋予执行权限

    使用工具,-w进行扩展扫描

    扫描完成,会在同目录生成对应文件,获取子域名结果

    5.使用多地ping工具,查看域名真实IP

    6.针对部分IP进行信息收集

    展开全文
  • Unit 1 - Who Are you and what are you doing here?...Welcome and congratulations: Getting to the first day of college is a major achievement. You're to be commended, and not just you, but the parents,

    Unit 1 - Who Are you and what are you doing here?

    Who Are you and what are you doing here?

    Mark Edmundson

    Welcome and congratulations: Getting to the first day of college is a major achievement. You're to be commended, and not just you, but the parents, grandparents, uncles, and aunts who helped get you here.

    It's been said that raising a child effectively takes a village: Well, as you may have noticed, our American village is not in very good shape. We've got guns, drugs, two wars, fanatical religions, a slime-based popular culture, and some politicians who—a little restraint here—aren't what they might be. To merely survive in this American village and to win a place in the entering class has taken a lot of grit on your part. So, yes, congratulations to all.

    You now may think that you've about got it made. Amidst the impressive college buildings, in company with a high-powered faculty, surrounded by the best of your generation, all you need is to keep doing what you've done before: Work hard, get good grades, listen to your teachers, get along with the people around you, and you'll emerge in four years as an educated young man or woman. Ready for life.

    Do not believe it. It is not true. If you want to get a real education in America you're going to have to fight—and I don't mean just fight against the drugs and the violence and against the slime-based culture that is still going to surround you. I mean something a little more disturbing. To get an education, you're probably going to have to fight against the institution that you find yourself in—no matter how prestigious it may be. (In fact, the more prestigious the school, the more you'll probably have to push.) You can get a terrific education in America now, there are astonishing opportunities at almost every college, but the education will not be presented to you wrapped and bowed. To get it, you'll need to struggle and strive, to be strong, and occasionally even to piss off some admirable people.

    I came to college with few resources, but one of them was an understanding, however crude, of how I might use my opportunities there. This I began to develop because of my father, who had never been to college, in fact, he'd barely gotten out of high school. One night after dinner, he and I were sitting in our kitchen at 58 Clewley Road in Medford, Massachusetts, hatching plans about the rest of my life. I was about to go off to college, a feat no one in my family had accomplished in living memory. "I think I might want to be prelaw," I told my father. I had no idea what being prelaw was. My father compressed his brow and blew twin streams of smoke, dragonlike, from his magnificent nose. "Do you want to be a lawyer?" he asked. My father had some experience with lawyers, and with policemen, too; he was not well-disposed toward either. "I'm not really sure,"I told him, "but lawyers make pretty good money, right?"

    My father detonated. (That was not uncommon. My father detonated a lot.) He told me that I was going to go to college only once, and that while I was there I had better study what I wanted. He said that when rich kids went to school, they majored in the subjects that interested them, and that my younger brother Philip and I were as good as any rich kids. (We were rich kids minus the money.) Wasn't I interested in literature? I confessed that I was. Then I had better study literature, unless I had inside information to the effect that reincarnation wasn't just hype, and I'd be able to attend college thirty or forty times. If I had such info, prelaw would be fine. Otherwise I better get to work and pick out some English classes from the course catalogue.

    What my father told me that evening was true in itself, and it also contains the germ of an idea about what a university education should be. But apparently almost everyone else—students, teachers, and trustees and parents—sees the matter much differently. They have it wrong.

    Education has one salient enemy in present-day America, and that enemy is education—university education in particular. To almost everyone, university education is a means to an end. For students, that end is a good job. Students want the credentials that will help them get ahead. They want the certificate that will give them access to Wall Street, or entrance into law or medical or business school. And how can we blame them? America values power and money, big players with big bucks. When we raise our children, we tell them in multiple ways that what we want most for them is success—material success. To be poor in America is to be a failure—it's to be without decent health care, without basic necessities, often without dignity. Then there are those backbreaking student loans—people leave school as servants, indentured to pay massive bills, so that first job better be a good one. Students come to college with the goal of a diploma in mind—what happens in between, especially in classrooms, is often of no deep and determining interest to them.

    In college, life is elsewhere. Life is at parties, at clubs, in music, with friends, in sports. Life is what celebrities have. The idea that the courses you take should be the primary objective of going to college is tacitly considered absurd. In terms of their work, students live in the future and not the present; they live with their prospects for success. If universities stopped issuing credentials, half of the clients would be gone by tomorrow morning, with the remainder following fast behind.

    The faculty, too, is often absent: Their real lives are also elsewhere. Like most of their students, they aim to get on. The work they are compelled to do to advance—get tenure, promotion, raises, outside offers—is, broadly speaking, scholarly work. No matter what anyone says this work has precious little to do with the fundamentals of teaching. The proof is that virtually no undergraduate students can read and understand their professors' scholarly publications. The public senses this disparity and so thinks of the professors' work as being silly or beside the point. Some of it is. But the public also senses that because professors don't pay full-bore attention to teaching they don't have to work very hard, they've created a massive feather bed for themselves and called it a university.

    This is radically false. Ambitious professors, the ones who, like their students, want to get ahead in America, work furiously. Scholarship, even if pretentious and almost unreadable, is nonetheless labor-intensive. One can slave for a year or two on a single article for publication in this or that refereed journal. These essays are honest: Their footnotes reflect real reading, real assimilation, and real dedication. Shoddy work—in which the author cheats, cuts corners, copies from others—is quickly detected. The people who do this work have highly developed intellectual powers, and they push themselves hard to reach a certain standard: That the results have almost no practical relevance to the students, the public, or even, frequently, to other scholars is a central element in the tragicomedy that is often academia.

    The students and the professors have made a deal: The students and the professors have made a deal: The students write their abstract, over-intellectualized essays; the professors grade the students for their capacity to be abstract and over-intellectual, and often genuinely smart. For their essays can be brilliant, in a chilly way; they can also be clipped off the Internet, and often are. Whatever the case, no one wants to invest too much in them—for life is elsewhere. The professor saves his energies for the profession, while the student saves his for friends, social life, volunteer work, making connections, and getting in position to clasp hands on the true grail, the first job.

    No one in this picture is evil; no one is criminally irresponsible. It's just that smart people are prone to look into matters to see how they might go about buttering their toast. Then they butter their toast.

    As for the administrators, their relation to the students often seems based not on love but fear. Administrators fear bad publicity, scandal, and dissatisfaction on the part of their customers. More than anything else, though, they fear lawsuits. Throwing a student out of college, for this or that piece of bad behavior, is very difficult, almost impossible. The student will sue your eyes out. One kid I knew (and rather liked) threatened on his blog to mince his dear and esteemed professor (me) with a samurai sword for the crime of having taught a boring class. (The class was a little boring—I had a damned cold—but the punishment seemed a bit severe.) The dean of students laughed lightly when I suggested that this behavior might be grounds for sending the student on a brief vacation. I was, you might say, discomfited, and showed up to class for a while with my cellphone jiggered to dial 911 with one touch.

    You'll find that cheating is common as well. As far as I can discern, the student ethos goes like this: If the professor is so lazy that he gives the same test every year, it's okay to go ahead and take advantage. The Internet is amok with services selling term papers and those services exist, capitalism being what it is, because people purchase the papers—lots of them. Fraternity files bulge with old tests from a variety of courses.

    One of the reasons professors sometimes look the other way when they sense cheating is that it sends them into a world of sorrow. A friend of mine had the temerity to detect cheating on the part of a kid who was the nephew of a well-placed official in an Arab government complexly aligned with the U.S. Black limousines pulled up in front of his office and disgorged decorously suited negotiators. Did my pal fold? Nope, he's not the type. But he did not enjoy the process.

    What colleges generally want are well-rounded students, civic leaders, people who know what the system demands, how to keep matters light, not push too hard for an education or anything else; people who get their credentials and leave the professors alone to do their brilliant work, so they may rise and enhance the rankings of the university.

    In a culture where the major and determining values are monetary, what else could you do? How else would you live if not by getting all you can, succeeding all you can, making all you can?

    The idea that a university education really should have no substantial content, should not be about what John Keats was disposed to call Soul-making, is one that you might think professors and university presidents would be discreet about. Not so. This view informed an address that Richard Brodhead gave to the senior class at Yale before he departed to become president of Duke. Brodhead, an impressive, articulate man, seems to take as his educational touchstone the Duke of Wellington's precept that the Battle of Waterloo was won on the playing fields of Eton. Brodhead suggests that the content of the courses isn't really what matters. In five years (or five months, or minutes), the student is likely to have forgotten how to do the problem sets and will only hazily recollect what happens in the ninth book of Paradise Lost. The legacy of their college years will be a legacy of difficulties overcome. When they face equally arduous tasks later in life, students will tap their old resources of determination, and they'll win.

    All right, there's nothing wrong with this as far as it goes—after all, the student who writes a brilliant forty-page thesis in a hard week has learned more than a little about her inner resources. Maybe it will give her needed confidence in the future. But doesn't the content of the courses matter at all?

    On the evidence of this talk, no. Trying to figure out whether the stuff you're reading is true or false and being open to having your life changed is a fraught, controversial activity. Doing so requires energy from the professors. This kind of perspective-altering teaching and learning can cause the things which administrators fear above all else: trouble, arguments, bad press, etc.

    So, if you want an education, the odds aren't with you: The professors are off doing what they call their own work; the other students, who've doped out the way the place runs, are busy leaving the professors alone and getting themselves in position for bright and shining futures; the student-services people are trying to keep everyone content, offering plenty of entertainment and building another state-of-the-art workout facility every few months. The development office is already scanning you for future donations. The primary function of Yale University, it's recently been said, is to create prosperous alumni so as to enrich Yale University.

    So why make trouble? Why not just go along? Let the profs roam free in the realms of pure thought, let yourselves party in the realms of impure pleasure, and let the student-services gang assert fewer prohibitions and newer delights for you. You'll get a good job, you'll have plenty of friends, you'll have a driveway of your own.

    You'll also, if my father and I are right, be truly and righteously screwed. The reason for this is simple. The quest at the center of a liberal-arts education is not a luxury quest; it's a necessity quest. If you do not undertake it, you risk leading a life of desperation. For you risk trying to be someone other than who you are, which, in the long run, is killing.

    By the time you come to college, you will have been told who you are numberless times. Your parents and friends, your teachers, your counselors, your priests and rabbis and ministers and imams have all had their say. They've let you know how they size you up, and they've let you know what they think you should value. They've given you a sharp and protracted taste of what they feel is good and bad, right and wrong. Much is on their side. They have confronted you with scriptures—holy books that have given people what they feel to be wisdom for thousands of years. They've given you family traditions—you've learned the ways of your tribe and your community.

    And that's not so bad. Embedded in all of the major religions are profound truths. Schopenhauer, who despised belief in transcendent things, nonetheless thought Christianity to be of inexpressible worth. He couldn't believe in the divinity of Jesus, or in the afterlife, but to Schopenhauer, a religion that had as its central emblem the figure of a man being tortured on a cross couldn't be entirely misleading.

    One does not need to be a Schopenhauer to understand the use of religion, even if one does not believe in an otherworldly god. And all of those teachers and counselors and friends—and the uncles and aunts, the fathers and mothers with their hopes for your fulfillment—or their fulfillment in you—should not necessarily be cast aside or ignored. Families have their wisdom.

    The major conservative thinkers have always been very serious about what goes by the name of common sense. Edmund Burke saw common sense as a loosely made, but often profound, collective work in which humanity has deposited its hard-earned wisdom—the precipitate of joy and tears—over time. You have been raised in proximity to common sense, if you've been raised at all, and common sense is something to respect, though not quite—peace unto the formidable Burke—to revere.

    You may be all that the good people who raised you say you are; you may want all they have shown you is worth wanting; you may be someone who is truly your father's son or your mother's daughter. But then again, you may not be.

    For the power that is in you, as Emerson suggested, may be new in nature. You may not be the person that your parents take you to be. And—this thought is both more exciting and more dangerous—you may not be the person that you take yourself to be, either. You may not have read yourself right, and college is the place where you can find out whether you have or not. The reason to read Blake and Dickinson and Freud and Dickens is not to become more cultivated, or more articulate, or to be someone who, at a cocktail party, is never embarrassed (or who can embarrass others). The best reason to read them is to see if they may know you better than you know yourself. You may find your own suppressed and rejected thoughts flowing back to you with an "alienated majesty." Reading the great writers, you may have the experience that Longinus associated with the sublime: You feel that you have actually created the text yourself. For somehow your predecessors are more yourself than you are.

    This was my own experience reading the two writers who have influenced me the most, Sigmund Freud and Ralph Waldo Emerson. They gave words to thoughts and feelings that I had never been able to render myself. They shone a light onto the world and what they saw, suddenly I saw, too. From Emerson I learned to trust my own thoughts, to trust them even when every voice seems to be on the other side. I need the wherewithal, as Emerson did, to say what's on my mind and to take the inevitable hits. Much more I learned from the sage—about character, about loss, about joy, about writing and its secret sources, but Emerson most centrally preaches the gospel of self-reliance and that is what I have tried most to take from him. I continue to hold in mind one of Emerson's most memorable passages: "Society is a joint-stock company, in which the members agree, for the better securing of his bread to each shareholder, to surrender the liberty and culture of the eater. The virtue in most request is conformity. Self-reliance is its aversion. It loves not realities and creators, but names and customs."

    Emerson's greatness lies not only in showing you how powerful names and customs can be, but also in demonstrating how exhilarating it is to buck them. When he came to Harvard to talk about religion, he shocked the professors and students by challenging the divinity of Jesus and the truth of his miracles. He wasn't invited back for decades.

    From Freud I found a great deal to ponder as well. Freud was a speculative essayist and interpreter of the human condition. He challenges nearly every significant human ideal. He goes after religion. He says that it comes down to the longing for the father. He goes after love. He calls it "the overestimation of the erotic object." He attacks our desire for charismatic popular leaders. We're drawn to them because we hunger for absolute authority. He declares that dreams don't predict the future. They're disguised fulfillments of repressed wishes.

    Freud has something challenging and provoking to say about virtually every human aspiration. I learned that if I wanted to affirm any consequential ideal, I had to talk my way past Freud. He was—and is—a perpetual challenge and goad.

    The battle is to make such writers one’s own, to winnow them out and to find their essential truths. We need to see where they fall short and where they exceed the mark, and then to develop them a little, as the ideas themselves, one comes to see, actually developed others. In reading, I continue to look for one thing—to be influenced, to learn something new, to be thrown off my course and onto another, better way.

    Right now, if you’re going to get a real education, you may have to be aggressive and assertive.

    Your professors will give you some fine books to read, and they’ll probably help you understand them. What they won’t do, for reasons that perplex me, is to ask you if the books contain truths you could live your lives by. That will be up to you. You must put the question to yourself.

    Occasionally—for you will need some help in fleshing out the answers—you may have to prod your professors to see if they take the text at hand to be true. And you will have to be tough if the professor mocks you for uttering a sincere question instead of keeping matters easy for all concerned by staying detached and analytical. (Detached analysis has a place—but, in the end, you've got to speak from the heart and pose the question of truth.) You'll be the one who pesters your teachers. You'll ask your history teacher about whether there is a design to our history, whether we're progressing or declining, or whether, in the words of a fine recent play, The History Boys, history's "just one fuckin' thing after another."

    The whole business is scary, of course. What if you arrive at college devoted to premed, sure that nothing will make you and your family happier than a life as a physician, only to discover that elementary school teaching is where your heart is?

    You might learn that you're not meant to be a doctor at all. Of course, given your intellect and discipline, you can still probably be one. And society will help you. Society has a cornucopia of resources to encourage you in doing what society needs done but that you don't much like doing and are not cut out to do.

    Education is about finding out what form of work for you is close to being play—work you do so easily that it restores you as you go. Randall Jarrell once said that if he were a rich man, he would pay money to teach poetry to students. (I would, too, for what it's worth.) In saying that, he (like my father) hinted in the direction of a profound and true theory of learning.

    参考译文——你们是谁?来这儿做什么?

    你们是谁?来这儿做什么?

    马克·埃德蒙森

    欢迎并祝贺大家:进入大学的第一天是一项重大成就。你们值得表扬,不仅仅是你们,还包括帮助你们成功进人大学的爸爸妈妈、爷爷奶奶、外公外婆、叔叔婶婶。

    有人说培养一个孩子需要整个村庄,当然,你们也注意到了,我们这个美国村并不是完美无缺,这儿有枪、有毒品、两次战争、狂热宗教分子,还有低俗的流行文化以及一些名不副实的政治家,虽然这样说有些刻薄。仅仅在这个美国村生存下来并且赢得进入这个班级的机会就要付出巨大的努力,因此,是的,恭喜在座的每一位。

    现在,你们或许认为自己就要成功了。置身于宏伟壮观的大学建筑之中,在兢兢业业的老师的陪伴下,在最优秀的同龄人的围绕下,你们需要做的就是继续之前所做的事情:努力学习、取得好成绩、认真听讲、和周围的人友好相处,四年后,你们会成为一位受过高等教育的男性或女性,为生活做好了准备。

    别相信这些,都是骗人的。想要在美国获得真正的教育,你们必须战斗——不是和毒品与暴力战斗,也不是和你们周围的低俗文化战斗,而是和某些更加令人烦忧的事物战斗。要获得教育,你们可能要和自己所在的学院战斗——不管它多么权威。(事实上,学院越是权威,你们就更有必要挑战它。)在如今的美国,你们可以获得很好的教育,几乎每一所大学都能提供令人难以置信的好机会,但是教育不会像礼物一样包装好、扎好蝴蝶结送到你们面前。要获得教育,你们需要战斗,你们需要坚强,有的时候甚至需要惹怒自己敬佩的人。

    我读大学的时候也很懵懂,但是我大概知道自己应该如何用好读大学的机会。我的这个想法源于我的父亲,他从来没有读过大学, 事实上,他差一点高中都没毕业。有一天,吃过晚饭后,我和他在我们坐落在马萨诸塞州梅德福市的考利路58号的家里,坐在厨房里,我将来的生活炮制计划。当时的我就要离家去读大学,这是记忆中我的家族里从来没有人能够完成的伟业。我告诉父亲:“我可能想读法学预科。”我并不知道法学预科是什么。父亲皱了皱眉,像龙一样,大大的鼻孔里冒着烟。他问我:“你想成为律师?”父亲和一些律师打过交道,当然,还有警察。他对这两类人都没什么好感。“我也不确定,”我告诉他,“但是律师很挣钱,对吧?”

    父亲勃然大怒。(这并不是什么稀奇事,他经常这样。)他告诉我读大学的机会只有一次,到了那儿, 想学什么就学什么。他说富裕人家的孩子读大学,都会选一些自己感兴趣的专业,而我还有我弟弟菲利普和那些富裕的孩子一样优秀。(我们是没有钱的富裕孩子)。他问我不是对文学感兴趣吗?我承认了。他说那么我最好还是学文学,除非我有内部消息知道轮回这档子事不是炒作,我可以有三四十次机会读大学。如果我有这样的消息,法学预科也可以。否则,我最好还是从课程表中选一些英语课程学学。

    那天晚上,父亲所告诉我的除了本身的真实性,还包括了大学教育应该是什么样子的理念起源。但是显然其他大多数人,学生、老师、校监以及家长们并不以为然,他们都错了。

    当今美国的教育有一个主要的敌人,这个敌人就是教育本身——尤其是大学教育。几乎对每一个人来说,大学教育都是到达终点的一种手段。对学生来说,终点就是一份好的工作,学生想要得到帮助他们前进的证书,他们想要能让他们进人华尔街的证书,能让他们进入法学院、医学院以及商学院的证书。我们怎么能怪他们呢?美国崇尚权力和金钱,喜欢揣着大钱的大玩家。抚养孩子的时候,我们用很多方式告诉他们我们对他们最大的期望就是成功——物质上的成功。在美国,贫穷就是失败——意味着没有像样的医疗保障,没有必需品,通常也没有尊严。还有那些繁重的学生贷款——他们一毕业就成了仆人,必须按照合约偿还巨额贷款,因此,第一份工作必须是好工作。学生来到大学,脑海里的目标就是获得文凭——而大学期间发生什么,尤其是课堂上发生什么,对他们来说通常无法唤起他们的兴趣和决心。

    大学里的生活在别处。生活就是聚会、酒吧、音乐、伙伴,还有运动。生活就是名人怎么过,学生就怎么过。那种认为自己所选课程是读大学的主要目标的想法被默认是可笑的。就学生的任务而言,他们活在未来而不是当下;活在对成功的期望里。如果大学停止颁发证书,到明天早上,会有一半的学生离开,剩下的一半紧随其后。

    老师们也一样,大多数时候不在学校,他们的生活也在别处。和大多数学生一样,他们的目标就是成功。他们的工作迫使他们前进——成为终身教授、得到晋升、拿到更多薪水、获得外部机会——这些广义上来说就是学术成果。不管其他人怎么说,这些学术成果与教育的基础没有多大关系。证据就是基本上没有多少本科生能读懂任课教授的学术成果,大家觉察到其中的差别,因此认为教授的学术成果荒唐可笑或是无关紧要,其中有一些确实是这样。但是大家也觉察到由于教授没有一心一意扑在教学上,因此他们不需要很勤奋地学习,他们为自己创造了一个大型温床,名叫“大学”的温床。

    这是完全错误的。和他们的学生一样想要在美国获得成功的雄心勃勃的教授,拼命地工作着。他们的学术成果就算浮夸炫耀甚至难以卒读,依然耗费了大量心血。他们可以花费一年或两年的时间写出一篇能够在审稿期刊上出版的文章,他们的论文都是实实在在的:它们的注释都反映出他们的确认真阅读了大量的材料,吸收掌握了大量的东西,真正体现了对学术研究的献身精神。蹩脚的文章——那些作者抄袭、偷工减料、复制他人的文章——很快就能被检测出来。进行学术研究的人智力能力髙度发达,而且能够不断鞭策自己以达到某个标准:而这些成果和学生、大众甚至通常对其他学者来说都没有什么实际相关性,这一点是学术界这出悲喜剧的核心内容。

    学生和教授们达成了协议:两方不需要全心全意地投入课堂中的教与学。学生写着抽象的、过于学究气的论文;教授们则为学生们能够变得抽象和学究气的能力打分,评价通常都是非常聪明。他们的论文可能很优秀,只不过缺少感情;他们的论文也可能是从网络上摘录下来的,通常都是这样。不管属于哪一类,没有人愿意为论文耗费太多精力——因为生活在別处。教授们的精力要留着进行学术研究,而学生的精力要留给朋友、社交生活、志愿者工作,要留着发展人脉并占据有利位置,以牢牢抓住真正的圣杯——第一份工作。

    这里没有人是邪恶的;也没有人犯下不负责任的罪过。只是,聪明的人都习惯于琢磨如何才能顺利谋生的问题。

    而对于管理者来说,他们和学生的关系建立在恐惧而不是关爱的基础上,管理者们害怕负面宣传、丑闻以及客户不满。然而,他们最害怕的是打官司。因为这样或是那样的不良行为将学生逐出大学是很难的,几乎是不可能的,学生会将学校告上法庭。我认识的一个学生(一个挺喜欢的学生)曾在博客中威胁要用武士刀将他亲爱的、受人尊敬的教授(也就是我)剁成肉酱,罪行是上了一堂无聊的课。(那堂课是有一些无聊,因为我得了该死的感冒,但是惩罚似乎重了点。)我当时提出,这种行为完全可以勒令他休学一段时间。教导主任只是微微笑了笑,当时的我可以说相当窘迫。之后一段时间,我上课的时候都为手机调好快速拨号功能,随时准备拨打911报瞥。

    你们会发现作弊也很普遍。我所了解的学生信条如下:如果教授懒到每年都出同样的试题,那么他们便会投机取巧,因为双方都有更好的事情要做。网络上充斥着期末论文销售服务,而这些服务存在的原因就是有人会去购买论文,而且买的人很多,这就是资本主义。兄弟会文件里塞满了各门课程的旧试卷。

    当教授们发现有学生作弊的时候,他们有时睁一只眼闭一只眼,这让他们感到悲伤。我的一位朋友曾经冒失地发现一位学生作弊,而这位学生是和美国有着复杂联盟关系的阿拉伯政府某位身居要职的官员的侄子。后来,黑色的豪华轿车开来停在他的办公室前面,从车里涌出来大批衣着得体的谈判人。我那位哥们吓得腿发软了吗?没有,他不是那种人,不过他实在不喜欢这个过程。

    一般来说,大学需要的是全面发展的学生、公众领导人以及那些知道这个社会体制需要、知道如何让天下太平、不会为了教育或是其他任何东西用力过猛的人们;那些只为获得文凭并不打扰教授的人们。这样,教授可以专心做学术研究,以便能够不断提升学校的排名。

    在一个以崇尚金钱为主要和决定性价值观的文化里,还能怎么办?除了尽你们所能去获取、去成功、去挣钱,还能怎么生活?

    你们可能会以为,对于大学教育不该有什么实质性的内容,不该有以约翰·济慈称之为“心灵培养”为目的的这种观念,教授们和大学校长们一定会十分谨慎,不去张扬。不是这样的。在出任杜克大学校长前,理査德·布罗德海德在给耶鲁大学的高年级学生所做的一次演讲中就提到了这个观点。布罗德海德是一位给人印象深刻、能言善辩的男士,他似乎将威灵顿公爵的格言——滑铁卢战役的胜利来自伊顿公学的操练场(胜利来自平时的训练)——当成了自己的教育试金石。布罗德海德认为真正重要的不是课程内容,五年后(甚至五个月,或五分钟后),学生很可能忘记怎么做那几道题,而且只能模糊地记起《失乐园》第九章发生了什么。他们大学生活的财富在于克服困难的能力。当学生在此后的生活中遇到同样艰巨的任务时,他们将发掘旧时意志力的资源,并取得胜利。

    好了,到这里为止似乎一切都没错——毕竟,对通过一周的辛苦完成一篇40页优秀论文的学生来说,所学知识的增长超过了内在品质的那点提升。虽然这可能让将来的她更加自信,但是课程内容真的一点都不重要吗?

    根据这次的演讲,答案是不重要。试着发现你们所阅读的内容是真是伪或者对生活的改变持开明的态度是一种令人担忧并且富有争议的活动。这样做需要教授们的精力投人,因为这种改变观念的教与学会导致管理者们最害怕的事情发生:麻烦、争论、负面报道等。

    因此,如果你们想要获得教育,成功的概率并不高:教授们都去做所谓的“自己的工作”了;其他已经弄淸楚这个地方的运行法则的学生忙着不给教授添麻烦,为了光明和灿烂的未来蓄势待发;学生服务处试着让每一个人都满意,为学生提供丰富的娱乐活动,每隔几个月就添加一款最新、最先进的健身设施。学校开发办已经在考察你们未来捐资的可能性。最近有人说耶鲁大学最主要的功能就是培养出大批的优秀毕业生,以让耶鲁大学得到发展。

    那么为什么要制造麻烦?为什么不随波逐流?让教授们在纯洁的思想殿堂中自由徜徉,让你们自己在不纯洁的欢乐殿堂中聚会,让学生服务处那伙人颁布更少的禁令,为你们创造更多新的欢乐。你们会找到好工作,你们会结交很多朋友,你们会有属于自己的车道。

    如果我和我的父亲都是正确的话,你们也将真正地完蛋,而且是你们咎由自取。原因很简单,人文教育的核心追求不是一种奢侈,而是一种必须。如果你们不接受,你们的生活将要冒着绝望的风险。 因为你们冒险想要成为别人而不是真正的自己,而这样做,长远来说就是自杀。

    来到大学之前,不断有人告诉你们该做什么人,你们的父母、朋友、老师以及辅导员,你们的神父、拉比、牧师以及伊玛目都有自己的一套说辞。他们让你们知道他们是如何衡量你们的,告诉你们他们认为你们应该重视什么,让你们知道在他们眼中什么是好坏,什么是对错。他们所说的并非全无道理,他们让你们读经文—不管它们真正来源于何处,这些圣书都给人一种包含了几千年智慧的感觉。他们给了你们家族传统—你们学会了自己部族和社团的生活方式。

    而这样并没有坏处,各大宗教都蕴含着深刻的真理。叔本华虽然不相信超然事物,却承认基督教有着道不明的价值。他不相信耶稣的神性,也不相信来生,但是叔本华认为以一位男性形象钉在十字架上受难为中心标志的宗教不会是完全误导性的。

    —个人就算不相信超俗的神明,也不需要像叔本华耶样犀利地明白宗教的用途。所有的那些老师、辅导员和朋友——以及(乐于预言的)叔叔和(犹豫不决的)婶婶,那些(抱着热切期望的)父母们,希望你们能实现自己的理想,或者希望你们能为他们实现当初没能实现的理想——没有必要对他们的想法弃之不顾或是置之不理。家族有家族的智慧。

    大保守思想家对什么是常识总是非常严肃。埃德蒙·伯克认为常识是松散的,但常是深刻的群体性成果,是随着时间推移人类得来不易的智慧——欢乐与泪水——的沉淀。如果你们受到过家庭教育,这些教育相当于常识教育,常识是一种应该尊重的东西,不过不该向它顶礼膜拜。

    你们可能会成为抚养你们长大的好人们所期望的那种人;你们可能追求所有他们告诉你们值得追求的东西;你们可能成为真正的父亲的好儿子或是母亲的好女儿。不过,话说回来,你们可能并不会。

    正如爱默生所说,你们所拥有的力量可能本质上是全新的,你们可能不会成为父母眼中的样子, 而且——另外一个想法更加刺激也更加危险——那就是你们也可能不会成为自己眼中的自己。你们可能并不了解自己,而大学就是你们正确解读自己的地方。阅读布莱克、狄金森、弗洛伊德和狄更斯的作品不是为了更加有文化,也不是为了更加有口才,不是为了成为那个在鸡尾酒会上从不难堪的人(或让别人难堪的人)。阅读他们的作品最好的理由是看看他们是否比你们更了解你们自己。你们可能会发现自己曾遭到压制和排斥的思想现在有点像“遭贬国王”那样庄严回朝。阅读伟大作家的作品可以让你们体验宏伟壮丽的朗基努斯神迹:你们会觉得真正创造文本的人是你们自己,不知为何,前人比你们更像你们自己。

    以下是我阅读对我影响最深的两位作家——西格蒙德·弗洛伊德和拉尔夫·沃尔多·爱默生作品的体验。他们描述了我自己永远无法描述的思想和感受,他们给世界投去一束光,照亮他们所看见的事物,突然,我也看见了。爱默生教会我相信自己的想法,甚至当所有的声音似乎都在反对的时候依然相信它们。和爱默生一样,我需要阐述自己想法并承担无法避免的损失的能力。我从圣贤那儿学到更多的是——关于性格、失败、快乐、写作及其神秘源泉——但是爱默生集中宣扬的是自立的福音,而自立是我付出诸多努力想要从他那儿承袭来的品质。我依然记得爱默生最经典的一段话:“社会是一家股份制公司,每个成员之间都达成协议——为了向每个股东提供食物时能更有把握,就必须将其他吃饭的人的自由和教养消除。其中最必备的美德就是服从。自立却是让它深恶痛绝的东西。真相和创造者,这不是社会所喜欢的东两,它喜欢的是名义和传统的规矩。”

    爱默生的伟大不仅仅在于向你们展示名义和规矩的力量之大,还在于向你们示范抵抗名义和规矩是多么令人振奋。当他前往哈佛大学对宗教这一话题展开演讲的时候,教授们和学生们都被他吓坏了,他竟然挑战耶稣的神圣性和其神迹的真实性,此后几十年,他再没有收到哈佛的邀请。

    而从弗洛伊德那儿我也发观了许多值得深思的事情。弗洛伊德善于推测并对人类状态进行解读。他几乎对每一条重要的人类理想都提出挑战,他追逐宗教,他说这归根结底是对父亲的热切企盼。他研究爱情,将其称作“对性爱对象的高估”。他抨击我们对富有魅力、受欢迎的领导人的渴望,我们被他们吸引是因为我们渴求绝对的权力。他宣称梦境无法预测未来,它们不过是被压抑的欲望的伪装。

    事实上,对人类的每一种渴望,弗洛伊德都说了一些富有挑战的和发人深思的话。我毎次汫话都必须在弗洛伊德有关观点的基础上再努力往前探索。他过去是——现在依然是——永恒的挑战和鞭策。

    你们的战斗就是将这些作家为己所用、展开筛选、找到关键真理。我们需要找到他们的欠缺以及优越之处,然后试着更进一步,正如人们所知的这些观念本身事实上就是另外一些观念的发展。在阅读的时候,我继续寻找的是——接受影响、学习新东西、摆脱窠臼进入另外一个更好的轨道。

    现在,如果你们想要获得选正的教育,你们必须积极进取,自信果敢。

    你们的教授会让你们阅读一些好书,并且很可能会帮助你们进行理解。但是他们不会问你们书里是否包含了能让你们安身立命的真理,至于他们为什么不这样做,我也很费解。这个问题得看你们自己,你们必须自己解决这个问题。

    时不时地——为了得到更加完善的答案,你们需要一些帮助——你们可能需要要求教授核对他们手里的文本是否正确;假如那位教授嘲弄你,因为你问了一个严肃的问题而不让有关的人都太平,那你就必须要坚强,保持你超然的、分析的态度。你们要成为打破砂锅问到底的人,你们要问历史老师历史是否有定式可循,我们是在前进还是在倒退,或者用最近的一部好剧——《历史系男生》的台词来说, 就是“历史不过是该死的再重复”。

    当然,读大学可能是一件可怕的事情。万一你们来到学校全心投入医学预科的学习,确信除了成为医生外没有任何事能让你们和你们的家庭更幸福,结果却发现自己真正心属的是小学老师怎么办?

    你们可能会明白自己并不一定要成为博士,当然,根据你们的智力和约束力,你们仍然有可能成为博士。而且社会将帮助你们,社会有大量的资源激励你们做社会需要你们做的事,而事实上你们并不喜欢,也并不适合。

    教育就是要发现你们最乐在其中的工作形式——无须太费力就能完成,并且可以让你们恢复自我的工作。兰德尔·贾雷尔曾经说过,如果他变得富有,他愿意自己出钱去教学生诗歌。(不管值不值,我也愿意。)他的话(和我父亲的一样),指明了一个深刻的、其正的理论学习方向。

    Key Words:

    admirable      ['ædmərəbl]  

    adj. 令人钦佩的,令人赞赏的

    prestigious     [pres'tidʒiəs]  

    adj. 享有声望的,声望很高的

    scholarly ['skɔləli]  

    adj. 学究气的,学者派头的

    bulge      [bʌldʒ]   

    n. 膨胀,优势,暴增

    temerity  [ti'meriti]

    n. 鲁莽,大胆

    arduous  ['ɑ:djuəs]

    adj. 费力的,辛勤的,险峻的

    controversial  [.kɔntrə'və:ʃəl]

    adj. 引起争论的,有争议的

    protracted      [prə'træktid]  

    adj. 延长的,拖延的

    necessity [ni'sesiti]

    n. 需要,必需品,必然

    proximity       [prɔk'simiti]   

    n. 接近,亲近

    transcendent  [træn'sendənt]     

    adj. 卓越的;超常的;出类拔萃的 n. 卓越的人

    interpreter     [in'tə:pritə]     

    n. 译员,口译者,解释程序

    goad      [gəud]    

    n. 刺棒,激励物,刺激物 v. 用刺棒驱赶,激励,刺激

    publicity  [pʌb'lisiti]      

    n. 公众的注意,宣传,宣扬,宣传品,广告

    cornucopia    [.kɔ:nə'kəupiə]

    n. [希神]哺乳宙斯的羊角,满装花果象征丰饶的羊角

    参考资料:

    1. 现代大学英语精读(第2版)第五册:U1 Who Are You and What Are You Doing Here(1)_大学教材听力 - 可可英语
    2. 现代大学英语精读(第2版)第五册:U1 Who Are You and What Are You Doing Here(2)_大学教材听力 - 可可英语
    3. 现代大学英语精读(第2版)第五册:U1 Who Are You and What Are You Doing Here(3)_大学教材听力 - 可可英语
    4. http://www.kekenet.com/daxue/201909/59431shtml
    5. 现代大学英语精读(第2版)第五册:U1 Who Are You and What Are You Doing Here(5)_大学教材听力 - 可可英语
    6. 现代大学英语精读(第2版)第五册:U1 Who Are You and What Are You Doing Here(6)_大学教材听力 - 可可英语
    7. 现代大学英语精读(第2版)第五册:U1 Who Are You and What Are You Doing Here(7)_大学教材听力 - 可可英语
    8. 现代大学英语精读(第2版)第五册:U1 Who Are You and What Are You Doing Here(8)_大学教材听力 - 可可英语
    9. 现代大学英语精读(第2版)第五册:U1 Who Are You and What Are You Doing Here(9)_大学教材听力 - 可可英语
    10. 现代大学英语精读(第2版)第五册:U1 Who Are You and What Are You Doing Here(10)_大学教材听力 - 可可英语
    11. 现代大学英语精读(第2版)第五册:U1 Who Are You and What Are You Doing Here(11)_大学教材听力 - 可可英语
    展开全文
  • Web渗透信息收集篇

    千次阅读 2020-07-21 14:47:47
    信息收集主要是收集服务器的配置信息和网站的敏感信息,主要包括域名信息、子域名信息、目标网站信息、目标网站真实IP、目录文件、开放端口和服务、中间件信息、脚本语言等等等。结合各路大佬的收集经验,菜鸟总结...

            信息收集主要是收集服务器的配置信息和网站的敏感信息,主要包括域名信息、子域名信息、目标网站信息、目标网站真实IP、目录文件、开放端口和服务、中间件信息、脚本语言等等等。结合各路大佬的收集经验,菜鸟总结了8种信息收集的方式,有不足之处,欢迎赐教,欢迎斧正。个人感觉重点是顺手的工具、有IP代理池、日常收集的强大的字典、清晰可见的思维导图和多次的实战经验。

     

    一 收集域名信息

    • 1.whois查询

    whois(读作“Who is”,非缩写),标准的互联网协议,是用来查询域名的IP以及所有者等信息的传输协议。简单说,就是一个用来查询域名是否已经被注册,以及注册域名的详细信息的数据库(如域名所有人、域名注册商)。

    通过whois来实现对域名信息的查询。早期的whois查询多以命令列接口存在,但是现在出现了一些网页接口简化的线上查询工具,可以一次向不同的数据库查询。网页接口的查询工具仍然依赖whois协议向服务器发送查询请求,命令列接口的工具仍然被系统管理员广泛使用。whois通常使用TCP协议43端口。每个域名/IP的whois信息由对应的管理机构保存。

    Whois查询我们主要关注的重点是注册商、注册人、邮件、DNS解析服务器、注册人联系电话。

    目前常见的查询方法主要是通过站长工具等第三方平台查询,当然其实还可以在域名注册商那查询已经注册过的域名,例如中国万网(阿里云)、西部数码、新网、纳网、中资源、三五互联、新网互联、美橙互联、爱名网、易名网等等。还可以通过自己的注册代理机构查询

    各大注册商以及第三方站长工具的域名WHOIS信息查询地址如下:

    中国万网域名WHOIS信息查询地址:https://whois.aliyun.com/

    西部数码域名WHOIS信息查询地址:https://whois.west.cn/

    新网域名WHOIS信息查询地址:http://whois.xinnet.com/domain/whois/index.jsp

    纳网域名WHOIS信息查询地址:http://whois.nawang.cn/

    中资源域名WHOIS信息查询地址:https://www.zzy.cn/domain/whois.html

    三五互联域名WHOIS信息查询地址:https://cp.35.com/chinese/whois.php

    新网互联域名WHOIS信息查询地址:http://www.dns.com.cn/show/domain/whois/index.do

    美橙互联域名WHOIS信息查询地址:https://whois.cndns.com/

    爱名网域名WHOIS信息查询地址:https://www.22.cn/domain/

    易名网域名WHOIS信息查询地址:https://whois.ename.net/

    下面是站长工具类第三方查询地址(部分网站注册人信息会隐藏或提示联系域名注册商获取,可以去who.is查询看看)

    Kali的查询:whois -h 注册服务器地址  域名

     站长工具-站长之家域名WHOIS信息查询地址:http://whois.chinaz.com/

    爱站网域名WHOIS信息查询地址:https://whois.aizhan.com/

    腾讯云域名WHOIS信息查询地址:https://whois.cloud.tencent.com/

    国外的who.is:https://who.is/ 

    微步:https://x.threatbook.cn/ 

    Virus Total:https://www.virustotal.com

    还有Kali中自带的whois查询、一些集成工具等。

     

    • 2.备案信息查询

     网站备案信息是根据国家法律法规规定,由网站所有者向国家有关部门申请的备案,是国家信息产业部对网站的一种管理途径,是为了防止在网上从事非法网站经营活动,当然主要是针对国内网站。

    备案查询我们主要关注的是:单位信息例如名称、备案编号、网站负责人、法人、电子邮箱、联系电话等。

    常见查询备案信息的网站如下:

    天眼查:https://www.tianyancha.com/ 

    ICP备案查询网:http://www.beianbeian.com/ 

    国家企业信用信息公示系统:http://www.gsxt.gov.cn/index.html 

    爱站的备案查询:https://icp.aizhan.com

    二 收集子域名

    子域名也就是二级域名,是指顶级域名下的域名。收集的子域名越多,我们测试的目标就越多,目标系统渗透成功的机率也越大。主站无懈可击的时候子域名是一个很好的突破口。常用的方法有4种

    • 1 .检测工具

    检测工具有很多,但重要的是需要日常完善字典,字典强大才是硬道理。常见的有

    layer子域名挖掘机、subDomainsBrute、K8、orangescan、DNSRecon、Sublist3r、dnsmaper、wydomain等等,重点推荐layer子域名挖掘机(使用简单,界面细致)、Sublist3r(列举多资源下查到的域名)和subDomainsBrute。(递归查询多级域名),此类工具github都有下载地址和使用方法。

    链接如下:

    SubDomainBrute:https://github.com/lijiejie/subDomainsBrute

    Sublist3r:https://github.com/aboul3la/Sublist3r

    Layer(5.0增强版):https://pan.baidu.com/s/1Jja4QK5BsAXJ0i0Ax8Ve2Q  密码:aup5

    https://d.chinacycc.com(大佬推荐的说好用的很,但是收费。)

    • 2.搜索引擎

    可以利用Google、Bing 、shodan和百度这样的搜索引擎进行搜索查询(site:www.xxx.com

     

    Google搜索语法:https://editor.csdn.net/md/?articleId=107244142

    Bing搜索语法:https://blog.csdn.net/hansel/article/details/53886828

    百度搜索语法:https://www.cnblogs.com/k0xx/p/12794452.html

    • 3.第三方聚合应用枚举

    第三方服务聚合了大量的DNS数据集,并通过它们来检索给定域名的子域名。

    (1)VirusTotal:https://www.virustotal.com/#/home/search 

    (2)DNSdumpster:https://dnsdumpster.com/ 

     

    • 4. SSL证书查询

    SSL/TLS证书通常包含域名、子域名和邮件地址,这些是我们需要获取的信息,通常CT是CA的一个项目,CA会把每个SSL/TLS证书发布到公共日志中,查找域名所属证书的最简单方法就是使用搜索引擎搜索一些公开CT日志。

    主要网站如下:

    (1)https://crt.sh/

    (2)https://censys.io/

    (3)https://developers.facebook.com/tools/ct/

    (4)https://google.com/transparencyreport/https/ct/

    • 5. 在线网站查询(使用相对较少了)

    (1)https://phpinfo.me/domain/(不可访问)

    (2)http://i.links.cn/subdomain/(不可访问)

    (3)http://dns.aizhan.com

    (4)http://z.zcjun.com/(响应很快,推荐)

    (5)Github搜索子域名

    三 真实IP收集

    信息收集工程中IP地址是必不可少的,在域名收集工程中我们已经对ip段收集,whois、ping测试、指纹网站都可以探测ip地址,但是很多目标服务器存在CDN,那什么是CDN,如果饶过查找真实IP呢?

    CDN的全称是Content Delivery Network,即内容分发网络。CDN是构建在现有网络基础之上的智能虚拟网络,依靠部署在各地的边缘服务器,通过中心平台的负载均衡、内容分发、调度等功能模块,使用户就近获取所需内容,只有在实际数据交互时才会从远程web服务器响应,降低网络拥塞,提高用户访问响应速度和命中率。CDN的关键技术主要有内容存储和分发技术。

    确定有无cdn

    (1)很简单,使用各种多地 ping 的服务,查看对应 IP 地址是否唯一,如果不唯一多半是使用了CDN, 多地 Ping 网站有:
    http://ping.chinaz.com/
    http://ping.aizhan.com/

    (2)使用 nslookup 进行检测,原理同上,如果返回域名解析对应多个 IP 地址多半是使用了 CDN。有 CDN 的示例:

    无 CDN 的示例:

    绕过cdn的方法有多种,参考链接如下:https://www.cnblogs.com/qiudabai/p/9763739.html

    提一点的是绕过云cdn,fofa的title搜索(查看源码获取title),可以发现很多cdn 缓存服务器的ip地址,部分cdn缓存服务器经过区域传送,数据库是同步的,如果可以直接访问,  即可绕过云waf进行一些扫描、注入等操作。

    这里推荐一些c端、旁站的扫描网站和工具:

    http://www.webscan.cc/

    https://phpinfo.me/bing.php(可能访问不了)

    神器     : https://github.com/robertdavidgraham/masscan

    御剑1.5:https://download.csdn.net/download/peng119925/10722958

    C端查询:IIS PUT Scanner(扫描速度快,自定义端口,有banner信息)

    四 端口测试

    对网站域名对应的真实IP地址进行端口测试,很多有防护不能大批量扫描和漏洞测试,但是放在云上的网站如果cdn找到真实网站即可大批量扫描。

    常见工具就是nmap(功能强大)、masscan、zmap和御剑tcp端口高速扫描工具(较快),还有一些在线的端口扫描。http://coolaf.com/tool/porthttps://tool.lu/portscan/index.html  

    参考大神的思路:我们可以在收集子域对应的的ip后整理到txt中,然后nmap批量端口扫描、服务爆破和漏洞扫描,前提是不被封禁IP,可采用代理池。

    nmap -iL ip.txt --script=auth,vuln > finalscan.txt 扫描导出常见端口和漏洞。

    常见端口说明和攻击方向根据web攻防这本书整理到个人博客:https://blog.csdn.net/qq_32434307/article/details/107248881

    五 网站信息收集

    网站信息信息收集主要是:操作系统,中间件,脚本语言,数据库,服务器,web容器、waf、cdn、cms、历史漏洞、dns区域传送等,可以使用以下方法查询。

    常见指纹工具:御剑web指纹识别、轻量级web指纹识别、whatweb等

    (1)常见网站信息识别网站:

    潮汐指纹:http://finger.tidesec.net/(推荐)

    云悉(现在需要邀请码):http://www.yunsee.cn/info.html

    CMS指纹识别:http://whatweb.bugscaner.com/look/

    第三方历史漏洞库:乌云、seebug、CNVD等

    (2)Waf识别:https://github.com/EnableSecurity/wafw00f  

    kali上自带wafw00f,一条命令直接使用。建议最好在kali下使用,windows下的使用很麻烦。Nmap上也包含识别waf指纹的脚本模块。

    (3)Dns区域传送漏洞,我们可以通过这个漏洞发现:

    1)网络的拓扑结构,服务器集中的IP地址段

    2)数据库服务器的IP地址,例如上述nwpudb2.nwpu.edu.cn

    3)测试服务器的IP地址,例如test.nwpu.edu.cn

    4)VPN服务器地址泄露

    5)其他敏感服务器

    具体参考链接如下:

    http://www.lijiejie.com/dns-zone-transfer-1

    https://blog.csdn.net/c465869935/article/details/53444117

    六 敏感目录文件收集

    攻防测试中探测web目录和隐藏的敏感文件是很重要环境,从中可以获取网站后台管理页面、文件上传界面、备份文件、WEB-INF、robots、svn和源代码等。

    主要通过工具扫描,主要有

    (1)御剑(互联网有很多字典加强版)

    (2)7kbstorm https://github.com/7kbstorm/7kbscan-WebPathBrute

    (3)搜索引擎(Google、baidu、bing等),搜索引擎搜索敏感文件也较为常见,一般是这样:site:xxx.xxx filetype:xls。

    (4)爬虫(AWVS、Burpsuite、北极熊等)

    (5)BBscan(lijiejie大佬的脚本:https://github.com/lijiejie/BBScastorn )

    (6)凌风云搜索:https://www.lingfengyun.com/(部分用户可能上传云盘被在线抓取)

    (7)github搜索

    七 社会工程学收集

    运用社会工程学进行信息收集和物理渗透,在近期

    奇安信的“攻守皆有道,百战护山河”中提及社会工程信息收集和物理渗透是他们重要攻击途径之一。

    社会工程学是一种通过对受害者心理弱点、本能反应、好奇心、信任、贪婪等心理陷阱进行诸如欺骗、伤害等危害手段;是一种黑客攻击方法,利用欺骗等手段骗取对方信任,获取机密情报;是一种利用人性脆弱点、贪婪等等的心理表现进行攻击。我们可以从社会工作人员和社工库入手,社工一家公司销售人、商务人员、门卫、前台人员来获得个人信息、邮箱、电话、内网地址、物理门禁;我们可以欺骗销售获得邮箱回复进而获取内网IP及服务器信息,我们可以欺骗客服申请重置密码、发送vpn账户等。

    我们可以通过社工库查询一些关键信息。对于很多社工库来说,存储达到T,数据量达到亿级别都是小case。内容方面包括帐号密码、邮箱地址、个人信息等等。

    互联网社工库,威力有多大,就看数据库的数量和质量了,理论上达到了一定的量,很多的东西都是可以查的出来的,特别是那些基本所有网站都一个密码的,只要一个社工库的收集的其中一个数据库有他的帐号密码,那么查出来的密码就可以直接登陆该用户的其他帐号了。

    八  近源信息收集

    (1)外接无线网卡主要是用来配合kali破解无线密码的,现在一般是通过抓握手包然后跑包来破解,还可以通过伪造SSID钓鱼、中间人攻击等等,主要是获取无线网密码、网段信息等。

    (2)大菠萝可以捕获握手包并模仿目标AP。大菠萝可以完全模仿首选网络,从而实现中间人攻击,获取我们想要的无线网信息,为攻击目标系统收集信息。

    (3)当前电子设备和电路的工作频率不断提高,而工作电压却逐渐降低,因此对电磁脉冲(EMP)的敏感性和易损性也不断增加。同时,电子系统中的集成电路对电磁脉冲比较敏感,往往一个较大的电磁脉冲,就会使集成块产生误码、甚至电子元器件失效或烧毁,所以我们可以使用EMP干扰来打开部分电子门禁和电子密码锁。如果我们使用EMP无法打开门禁,那我们还有一个方法,但是需要我们稍微靠近一下目标,找合适的机会破解IC卡,或复制ID卡。进而突破门禁,实现物理攻击和信息收集。

    (4)当然我们也可由通过社工获取指纹信息,拓印出一个跟原指纹一模一样的指纹膜突破物理门禁、办公PC指纹识别等。

    (5)如果你能接触到目标主机,那你就可以将键盘记录器接入到主机和键盘之间,并配置连接WI-FI,将键盘敲击的数据实时传回远程服务器。

    (6)进入办公地点或者内网之后,可以在内网偷偷装一个PacketSquirrel,作为中间人攻击工具,PacketSquirrel可以捕获网络端点的数据包、并且可以使用VPN和反向shell获得远程访问权限,为攻击目标系统收集部分信息。

    (7) badusb是HID(人机接口)攻击的一种,也称为热插拔攻击。想象一下,你可以走到一台计算机上,插入看似无害的USB驱动器,然后安装后门,窃听文档,窃取相关密码.,收集目标系统相关信息。

           近源渗透的攻击方式还有很多,近源信息收集现在已经是攻防训练中的信息收集方式之一,一些详细近源攻击可关注团队小伙伴的“物联网IOT安全”公众号。

    最后给大家推荐下大神整理的2019年Github上开源的安全渗透攻击类工具Jihe:https://zhuanlan.zhihu.com/p/53112370

    参考大佬链接:

    https://www.freebuf.com/database/195169.html

    https://www.freebuf.com/articles/web/204883.html

    https://www.cnblogs.com/nul1/p/11311731.html

    展开全文
  • 0x00 who命令是什么? 我使用的系统环境是Ubuntu 18.04,通过who命令我们可以知道谁在使用系统: ...我们可以从unix的帮助文档中(man who)找到登录用户信息 If FILE is not specified, use /var/ru...
  • 由于红队不同于一般的渗透测试,强调更多的是如何搞进去拿到相应机器权限或者实现某特定目的,而不局限于你一定要在什么时间,用什么技术或者必须通过什么途径去搞,相比传统渗透测试,红队则更趋于真实的入侵活动,...
  • 欢迎,来自IP地址为:110.247.163.57 的朋友这里将向您展示11种在Linux系统中查找用户信息的有用方法。...1、id命令id是一个简单的命令行实用工具,用于显示真实有效的用户和用户组的ID,示例如下:# id serviceuid...
  • Unit 3 -What Is News? What Is News? Neil Postman and Steve Powers All this talk about news—what is it? We turn to this question because unless a television viewer has considered it, he or she is ...
  • Life is short(人生如此短暂)

    千次阅读 2019-11-29 15:17:34
    Life is short, as everyone knows. When I was a kid I used to wonder about this. Is life actually short, or are we really complaining about its finiteness? Would we be just as lik...
  • Unit 2 - The Woman Who Would Not Tell Aunt Bettie is faced with a difficult decision. A wounded Union soldier is found hiding in a farmhouse near her home. She has to decide whether to help him or ...
  • Web安全 信息收集 (收集 Web服务器 的重要信息.)

    千次阅读 多人点赞 2022-03-30 17:48:40
    信息收集” 会对渗透测试工程师和网络安全工程师具有重大作用:...收集的信息有:目标的真实IP地址,服务器的敏感目录,网站的搭建环境,网站使用的系统,网站防火墙,常用端口信息,目录网站是用什么脚本写得等信息.
  • mysql 复选框数据查询Before we talk about how to query data frames, we need to talk about Boolean masking. Boolean masking is the heart of fast and efficient querying in NumPy. It’s analogous a bit to...
  • 信息收集方法总结

    2021-12-20 09:11:13
    爱站工具网和站长网都可以查询到域名的相关信息如域名服务商,域名拥有者,以及邮箱电话,地址等信息) 网站的关于页面/网站地图(可查询到企业的相关信息介绍,如域名、备案信息等) 域传输漏洞:dig baidu.com。 ...
  • 渗透武器库---信息收集工具大全

    千次阅读 2020-11-30 13:13:21
    点击"仙网攻城狮”关注我们哦~不当想研发的渗透人不是好运维让我们每天进步一点点简介渗透的本质是信息收集,在渗透开始时能收集的数据和信息的多少会直接影响到最后的测试结果。本篇演示如...
  • 在本系列的第一篇文章中,我讨论了RDBMS作为Java™... 大约十年来,信息存储和检索几乎已经成为RDBMS的同义词,但是最近情况已经开始改变。 尤其是Java开发人员对所谓的对象关系阻抗不匹配感到沮丧,并且对尝试解...
  • 6.The world makes way for the man who knows where he is going.———— 如果你明确自己的方向,世界也会为你让路。 7.Nobody can go back and start a new begining, but anyone can start today and make a ...
  • 信息收集总结

    千次阅读 多人点赞 2019-01-27 13:20:18
    作为一名菜鸟,写文章,有点紧张,希望大佬们轻点。...我觉得信息收集在我们渗透测试的过程当中,是最重要的一环,这一环节没做好,没收集到足够多的可利用的信息,我们很难进行下一步的操作。 信息收集主...
  • 2.4真实IP查询 1.无CDN 2.有CDN 2.5CMS指纹识别 2.6整站分析 2.7网络空间搜索引擎 2.8Github 2.9SRC漏洞平台 2.10收集敏感目录文件 2.XGoogle hacking语法 总结 前言 在渗透测试的过程中第一个要做的...
  • 渗透测试的灵魂:信息收集

    千次阅读 2020-07-20 17:15:57
    渗透测试的灵魂:信息收集
  • 红队技术之信息收集

    千次阅读 2021-08-31 19:34:01
    信息收集也称踩点,信息收集毋庸置疑就是尽可能的收集目标的信息,包括端口信息、DNS信息、员工邮箱等等看似并不起眼的一些信息都算是信息收集,这些看似微乎其微的信息,对于渗透测试而言就关乎到成功与否了。...
  • 渗透测试前期——信息收集

    千次阅读 2021-12-20 20:09:53
    本章主要介绍的是渗透测试前期准备工作-信息收集,将从IP资源,域名发现,服务器信息收集,网站关键信息识别,社会工程学几个方面谈谈如何最大化收集信息,首先讲的是域名发现。 1.域名发现 何为域名?域名(英语...
  •   一般说道sqlserver调优,我们会首先想到,存储过程,...今天,我不准备围绕这几个话题展开讨论,就单独说说,sp_lock,sp_who在数据库调优中起到的作用。   SQL Server数据库引擎为了保证每一次只有一个线程同
  • 黑客入侵16进制密码Time to read — 5 to 15 minutes. 阅读时间-5至15分钟。 1....ASSWORD vs PASSWORD (The only difference is ‘P’). Your PASSWORD could have been better & protected by ‘P’....
  • ** Notes Fifteenth Day-渗透攻击-红队-打入内网(dayu) ...不要未经授权在真实网络环境中复现任何本书中描述的攻击。即使是出于好奇而不是恶意,你仍然会因未授权测试行为而陷入很多麻烦。为了个人能更
  • 2020年软考信息安全工程师备考学习资料包 第1题: 根据密码分析者可利用的数据资源来分类,可将密码攻击的类型分为四类,其中密码分析者能够选择密文并获得相应明文的攻击密码的类型属于(). A.仅知密文攻击 B....
  • Hierarchical Queries (SQL层次查询) If a table contains hierarchical data, then you can select rows in a hierarchical order using the hierarchical query clause: hierarchical_query_clause::= ...

空空如也

空空如也

1 2 3 4 5 ... 20
收藏数 13,490
精华内容 5,396
关键字:

who is查询的信息真实吗