Posts

Showing posts from 2020

延維

Image
延維——傳說中的妖怪⋯⋯不應該是神咩?

海內經

有人曰苗民。有神焉,人首蛇身,
長如轅,左右有首,衣紫衣,
冠旃冠,名曰延維,
人主得而饗食之,伯天下。

譯文:有一種人叫做苗民。有一位神,長著人一樣的頭,蛇的身子,身長如車轅(yuan2),左右兩邊各長著頭,穿紫色的衣服,頭戴紅色的帽子,名字叫做延維,那個國君若是能得到他並且祭祀他,就能稱霸天下。

車轅:大車前部駕牲口的兩根直木。

有一說,延維其實是伏羲和女媧相互纏身的形象。伏羲和女媧在傳說中,是人頭蛇身的形象。當他們互纏,就像延維的形象了。另一點,是因為據說延維在打雷的時候,會呆立不動,而伏羲的母親是因為在雷澤,踏進雷神的腳印才懷上伏羲的。不過,這伏羲⋯⋯我在《山海經》裡沒找到,雷澤和雷神卻有出現在《山海經》裡。

也有的把延維和委蛇(wei1yi2)作同一⋯⋯不能說人啊⋯⋯因此,從《山海經》裡的神,演變成妖怪——兩頭蛇?!這就是經過時間河流裡的人們聯想、演變的結果。

不過,也沒有人說,這穿紫衣的,就聯想到東華帝君啊!哈!網上很多提及《三海經》裡有說關於東華帝君,不過在《三海經》裡也找不到。後來繼續搜,才發現,那不是《山海經》啦!那是《神异經》啦!仿《山海經》的古代神話志怪小說集裡面出現的。東華帝君沒有在《山海經》裡。東華帝君沒有在《山海經》裡。東華帝君沒有在《山海經》裡。重要的事要重複三遍!離題了⋯⋯

話說回來,數百年後,這《三海經》會被傳成什麼模樣,還真難說。或許,唐七公子可能變成了像郭璞等級的《山海經》做注人之一。:P

延伸閱讀:
延维(委蛇)他是帝嚳和嫦娥的兒子,人獸蛇身的雙頭神獸,見到他的人即可稱霸 這篇,隨便看看就可以了,不用當真。至少,我是這麼認為。

因因乎

Image
因因乎——南方風神

大荒南經

有神名曰因因乎,南方曰因乎,
夸風曰乎民。處南極以出入風。

譯文:南方有一位神叫做因因乎,南方稱他為因乎,夸風稱他為乎民。因因乎住在最南端,掌管風的出入。

突然覺得,這《山海經》的確寫了不少神仙、神獸、地理等,不過⋯⋯故事方面,還真的寫得極少⋯⋯

這因因乎,就僅有他是南方風神的資料⋯⋯還是,因為我只是隨便翻,沒從頭到尾地讀?

Anyway,這段是接在不延胡余的後面,他們倆應該是鄰居。海神和風神,應該會互相拜訪吧?

這是這段日子讀到的第二為風神,於是就去搜了四方風神的資料。如果沒時間去翻開尋找下一章要寫什麼,就寫另外兩方的風神吧。:P

延伸閱讀: 因因乎中国故事之400:四方风神

九鳳

Image
九鳳——九頭神鳥

大荒北經

大荒之中,有山名曰北極天樻,海水北注焉。
有神,九首人面鳥身,名曰九鳳。
又有神衘蛇操蛇,其狀虎首人身,
四蹄長肘,名曰彊良。

譯文:在最荒遠之地有一座山,叫做北極天樻,海水從它的北面流入山中。山裏有一位神,他長著九個頭,人一樣的臉,鳥一樣的身子,叫做九鳳。還有另一位神,嘴裡銜著蛇,手裡也握著蛇,長著虎一樣的頭,人一樣的身子,有四隻蹄子,肘臂很長,叫做彊良。

這篇主要寫的是九鳳。原想不把最後一句放在這篇裡,不過,他們倆既然是鄰居,就也放進去吧。

今天《三生三世枕上書》大結局。戲裡的女主叫做白鳳九。之前在看一些網民的留言,說白鳳九這個名字不好聽,有些還說會叫做白鳳九是因為我們華人有一大補藥,叫做白鳳丸。笑死我了~不過,這九鳳,根據一些人的說法,她是《山海經》裡的上古神女之一。我想,唐七公子可能也因為這樣,才給這九尾紅狐名字叫做鳳九吧。這是題外話。

九鳳是楚人所崇拜的神鳥,也是戰國時代楚國先祖所崇拜的半人半鳥的圖腾形象。傳說,九鳳原是帝顓頊的九個妃嬪,被楚王家族奉為先祖,成為出國的護國神女,然後逐漸演變成神鳥、圖騰。

至於這神女或神鳥掌管什麼⋯⋯有什麼super power,就不得而知了⋯⋯不過,九鳳的存在就已經是一種瑞祥,還需要什麼其他的嗎?

延伸閱讀:
《山海经》中的“九凤”真实性探查①:多人曾宣称目击“九头鸟”《山海经》里3位上古神女,九凤被当成神兽,此女像鱼又像龙

蓐收

Image
蓐收——秋神、西方的神

西山經

又西二百九十里,曰泑山,神蓐收居之。
其上多嬰短之玉,其陽多瑾瑜之玉,其陰多青雄黃。
是山也,西望日之所入,其氣員,神紅光之所司也。

譯文:在天山往西二百九十裡,有座山,叫泑山,是一位叫做蓐收的神所居住的地方。山上有很多嬰短玉,山的南面有很多美玉,北面有很多石青和雄黃。從此山向西望過去,可以看到太陽落山的渾圓的氣象,這樣的景色,是由一名叫做紅光的神掌管的。

海外西經

西方蓐收,左耳有蛇,乘兩龍。

譯文:西方的神,蓐(ru4)收,他的左耳有蛇,駕乘兩條龍飛行。

蓐收是白帝少昊的輔佐神,也是傳說中的司秋之神。

有一說,那紅光之神,就是蓐收,掌管日落之神。

另外,隨著後來的記載,這蓐收還有多重的身份。有的說,蓐收是白帝少昊的兒子,是金神,還兼管天下刑戮。

延伸閱讀:
中国神话人物:五行神话之金神蓐收蓐收

不延胡余

Image
不延胡余——南海海神

大荒南經

南海渚中,有神,人面,
珥兩青蛇,踐兩赤蛇,曰不廷胡余。

譯文:在南海的一個島上,有一位神,長著人的臉,以兩條青蛇為耳飾,腳下踏著兩條紅蛇,叫做不延胡余。

在《山海經》裡,其他三位海神都是長著人面鳥身,不過沒有對不延胡余的身體有所描述,因此被推敲為人身。

至於關於不延胡余的故事嘛~找不到。只說是南海海神,而且不是很出名的南海海神⋯⋯

延伸閱讀:
海洋神话——中国古海神不廷胡余的传说 雖然這篇文章的題目是不延胡余的傳說,不過內容則關於南海海神的演變。

鑿齒

Image
鑿齒——怪獸,或者是⋯⋯野人。

海外南經

羿與鑿齒戰於壽華之野,羿射殺之。
在崑崙墟東。羿持弓矢,鑿齒持盾。

譯文:后羿和鑿齒交戰於壽華的原野,后羿用箭射死了鑿齒。交戰的地方,就在崑崙虛的東部。當時,后羿手拿弓箭,鑿齒手拿盾牌。

大荒南經

有人曰鑿齒,羿殺之。

有一個人叫做鑿齒,被后羿殺死。

有一說,這鑿齒是禍害人類的怪獸之一,帝堯令后羿去除這禍獸。

這鑿齒,有的指是牙齒長得長的人,也有說是將牙齒拔掉的人,還把拔牙的習俗和史前文化連接起來。

延伸閱讀:
山海经:被羿诛杀的凿齿,是怪兽还是人?考古大汶口的拔牙习俗山海经神话故事系列:上古神兽之一“凿齿”上(第59期)

奢比尸

Image
奢比尸——是神?是尸?

大荒東經

有神,人面、犬耳、獸身,
珥兩青蛇,名曰奢比尸。

譯文:有一位神,長著和人一樣的臉,狗一樣的耳朵,獸一樣的身體,有兩條青蛇為耳飾,名字叫做奢比尸。

海外東經

奢比之尸在其北,獸身、人面、
大耳,珥兩青蛇。

譯文:奢比尸在大人國的北邊,長著獸一樣的身體,人一樣的臉,耳朵大大的,有兩條青蛇為耳飾。

《山海經》沒怎麼提及奢比尸是做什麼的。網絡搜到的資料也很少。有後人在《三海經》裡註解說是肝榆之尸。

有一說,奢比尸本是天神,因為被殺而靈魂不滅,以尸的型態繼續活動。

還有一說,奢比尸死後,把靈魂寄託在野獸身上,再和自己的半尸結合在一起,成了現在的樣子。他的大耳朵靠著兩條青蛇給自己傳遞鬼神兩界的信息,被派往冥界掌管鬼國。

好吧,我繼續搜冥王、鬼王、閻王、陰間天子⋯⋯等,都沒提到奢比尸啊⋯⋯

延伸閱讀:
读《山海经》,看神兽:奢比尸僵尸的始祖,一个半人半兽的妖怪,游走阴阳两界 山海经:上古神话中五类“尸象”有何含义?生死之间有大恐怖!盘点民间神话里那些统治阴间的神,阎王原来只是打杂的。 這篇文章的題目⋯⋯應該只為吸睛。不過,閻王應該是受佛教影響,沒有上古的悠久。在阎罗王随佛教传入中国以前,中国的阴间主宰是谁 和奢比尸無關,不過⋯⋯我好奇。

禺䝞

Image
禺䝞——東海海神

大荒東經

東海之渚中,有神,人面鳥身,
珥兩黃蛇,踐兩黃蛇,名曰禺䝞。
黃帝生禺䝞,禺䝞生禺京,
禺京處北海,禺䝞處東海,是惟海神。

譯文:東海的小島上,有一位神,長著人面鳥身,用兩條黃蛇作為耳飾,腳下踏著兩條黃蛇,叫做禺䝞(hao4)。黃帝生了禺䝞,禺䝞生了禺京。禺京住在北海,禺䝞住在東海,他們都是海神。

我聽過精衛填海的故事,不過⋯⋯印象止於某人被海淹死後,化成了精衛鳥,誓死要把海填了。

沒想到,讀關於禺䝞的文章,竟然引出了這段故事。這個版本,我還真沒印象,於是搜了精衛填海的故事。搜尋結果,也帶來了好幾個不一樣的故事。這裡,就說說和禺䝞相關的故事吧。

女娃,是炎帝的幺女。一天,她到東海去玩。沒想到碰到了禺䝞伸懶腰,害得女娃溺斃。女娃死不瞑目,化身精衛鳥,不斷地從西山銜來石子和枯枝,想要把大海填平。

話說回來,這個禺䝞的䝞字,在網上有多個別字。一些寫成了虢(guo2),一些寫成了猇(xiao1)。百度是說,這個䝞字念xiao1,不過,查字典,或者用拼音輸入法,的確念hao4。

延伸閱讀:
禺䝞精衛填海

叔均

Image
叔均——耕種始祖?

大荒西經

有西周之國,姬姓,食穀。
有人方耕,名曰叔均。
帝俊生后稷,稷降以百穀。
稷之弟曰台蠒,生叔均。
叔均是代其父及稷播百穀,始作耕。

譯文:有一個西周國,這個國家的人姓姬,以轂類為食。有個人正在耕種,叫做叔均。帝俊生了后稷,后稷把各種穀物的種子從天上帶到人間。后稷的弟弟叫做台璽,生了叔均。叔均代替他的父親和后稷播種穀物,才開始有了耕種。

我不曉得山海經的段落怎麼分的。在這段的最後一句好像沒啥連繫,就不放了。

這叔均,和前一篇關於女魃的叔均應該是同一個人。那篇的譯文,可能有點不對,當時覺得有點不對勁,不過整段的譯文還是有邏輯。如果先看了這段,才看那一段的話,我會把“叔均乃為田祖”換成,叔均是耕種始祖。

話說回來,后稷比較有名。真正的耕種始祖,可能套在后稷的名字會比較容易被接受吧?畢竟,穀物的種子是后稷帶來的,本文也說了,叔均代替他的父親和后稷作耕。關於叔均的資料,真的不多⋯⋯

延伸閱讀: 从《山海经》的叔均入手,来看《史记》先周世系制度存在哪些疏漏 好複雜的說~

女魃

Image
女魃——旱魃、旱神

大荒北經

有係昆之山者,有共工之臺,射者不敢北嚮。
有人衣青衣,名曰黃帝女魃。
蚩尤作兵伐黃帝,黃帝乃令應龍攻之冀州之野。
應龍畜水,蚩尤請風伯、雨師,縱大風雨。
黃帝乃下天女曰魃。雨止,遂殺蚩尤。
魃不得復上,所居不雨。
叔均言之帝,後置之赤水之北,叔均乃為田祖。
魃時亡之。所欲逐之者,令曰:「神北行!」
先除水道,決通溝瀆。

譯文:有一座係昆山,有一座共工台,射箭的人不敢朝共工台的北方射箭。有一個穿著青色衣服的人,叫做黃帝女魃。蚩尤製造兵器攻打黃帝的時候,黃帝派了應龍在冀州的原野和蚩尤作戰。應龍蓄積了很多水,蚩尤便請來風伯和雨師,掀起了狂風暴雨。黃帝於是請來了一名叫做魃的天女。天女到的時候,雨就停了。黃帝於是殺了蚩尤。魃也無法回到天上,凡是她居住的地方就不會下雨。叔均將此事告訴了黃帝,黃帝就讓魃住到赤水的北面。叔均被命為管理田地的官。魃常逃亡到別的地方去,人們想要趕走她,便禱告說:“神啊!請你向北行。”並先要清理水道,疏通溝渠。

我知道關於女魃,還是因為看了桐華的《曾許諾》,然後就開始搜一些關於上古的資料。顯然,上古的女魃不像在小說裡,和蚩尤是一起的。不過,記得那個時候就搜到了關於旱魃。女魃,看來幫了黃帝後,慢慢地失去了天女的身份,變成了不受人們歡迎的怪物。

有趣的是,原來現代還有另一個故事,把女魃和應龍湊成一對,是一款遊戲。不過,看了《曾許諾》,其他的就成了過眼雲煙⋯⋯

《山海經》裡,還有別處說了關於女魃的事。

在這段章節後,還有一段如此寫。

有鍾山者。有女子衣青衣,名曰赤水女子獻。

譯文:有座鍾山,住這著一名身穿青衣的女子,叫做赤水女子獻。

根據註釋,這獻,就是魃。

黄帝是中华民族祖先,为什么他请来女魃,给人间带来旱灾 這個分析不錯,也有那女魃怎麼逐漸變成了旱魃的一說。女魃:或名女妭,是中国古代神话传说中的旱神

天吳

Image
天吳——水神,更早前為掌管狩獵。

海外東經

朝陽之谷,神曰天吳,是為水伯、在虹虹北兩水間。
其為獸也,八首人面,八足八尾,皆青黃。

譯文:朝陽谷住著一位叫天吳的神,是一位水神。朝陽谷就在雙重彩虹北邊的兩條河中間。這位神仙的形狀和野獸相似,長著八個人頭,有八條腿和八條尾巴,全身是青黃色。

大荒東經

有神人,八首人面,虎身十尾,名曰天吳。

譯文:有一位神人,長著八個人頭,老虎的身體,十條尾巴,叫做天吳。

這兩段都說關於天吳,不過,尾巴的數量有變化。可能從大荒搬遷到了海外,不小心弄丟了兩條尾巴。(我亂說的。)

至於天吳怎麼是水神,沒看到《山海經》有進一步的說明。《山海經》也沒說天吳曾搬遷。不過,《山海經》的章節,先有海外東經,再有大荒東經,我之前的聯想是,天吳從海外走到了大荒,路途中吸取了足夠的靈氣而生了多兩條尾的說。不過,從網上搜文,提及的都是從陸地搬遷到靠海,於是改了聯想。:P

不過,我的聯想太幼稚。百度裡的關於天吳的形象解釋得合理多了,那虎身形象是因為吳人以狩獵為主,崇拜一種類似老虎的某種古動物,作為圖騰。(那多個人頭和尾巴,可是裝飾?這個沒交代。)

天吳之前保護吳人一族狩獵多收穫,搬遷到大海後,就這樣轉為水神了。 《山海经》天吴为何变水神?和开明兽有什么关系? 短篇交代怎麼變成水神。天吳 比較詳細說起吳人從森林地帶搬遷到海外。

太子長琴

Image
太子長琴——祝融的孩子,樂神。

大荒西經

有芒山。有桂山。有榣山。
其上有人,號曰太子長琴。
顓頊生老童,老童生祝融,祝融生太子長琴,
是處搖山,始作樂風。

譯文:有芒山、桂山。還有座榣山,山上住著一個人,名字叫做太子長琴。顓頊(zhuan1 xu1)生了老童,老童生了祝融,祝融生了太子長琴。太子長琴住在榣山上,開始創作樂曲。

傳說,在太子長琴出世的時候,懷裡抱著一把小琴,天地也因他的出生而歡唱。

這段譯文雖然說顓頊是老童的父親,不過,在我搜關於老童的資料時,百度在這段加一層關係。"顓頊生伯稱,伯稱生老童,老童生祝融,祝融生太子長琴。"

於是我繼續搜讀。根據郭璞對《山海經》的註文,老童的確是顓頊的兒子。

不過,伯稱的確是顓頊的另一個兒子,不是祝融的老童的父親啊!我這才驚覺,我現在在查別人的家譜⋯⋯還有,百度亂亂寫。:P

關於太子長琴的故事不多。在《左傳》也只找到祝融的名字,沒找到長琴的名字。我放棄。

話說回來,百度裡說,在上古的大戰裡,這太子長琴是和蚩尤站同一隊的。加分、加分!

延伸閱讀:
太子長琴 這裡有寫關於上古戰爭的隊伍。出處不曉得。(別告訴我是來自《古劍奇譚》噢~)《山海经》中的太子长琴地位尊贵,琴声能吸引凤凰,长相是这样! 這篇文章說這太子長琴一家,根本就是音樂世家嘛!

常羲

Image
常羲——月亮之母

大荒西經

有女子方浴月。帝俊妻常羲,生月十有二,此始浴之。

譯文:有一名女子正在給月亮洗澡。帝俊的妻子常羲,生了十二個月亮,這是她開始為月亮洗澡。

從這段,其實我不曉得怎麼百度會提及根據《山海經》,她也叫“女和月母“。在大荒東經裡則提及了女和月母,一個國名。“有女和月母之國。有人名曰鵷(書上說它念wan3,不過字典說它念yuan1),北方曰鵷,來之風曰【犭炎】(這個字在字典裡找不到,書上說它念yan3),是處東極隅以止日月,使無相間出沒,司其短長。”不過,它沒提及常羲和“女和月母”的關係啊~而且⋯⋯百度也提及了常羲負責訂製陰曆的月份⋯⋯

還有一些說常羲是嫦娥的前身。《三海經》沒提及,不在討論範圍裡。

《山海經》很簡單、直接的說,常羲是十二個月亮的母親。如此而已。除非,這譯文可以換個方面解釋⋯⋯有個女子在做月光浴。帝俊的妻子,常羲,生了孩子有十二個月了,終於可以開始做月光浴了。(此譯文,純屬玩玩而已⋯⋯)

延伸閱讀:
《山海经》能生出太阳和月亮的女神,若你是这些姓,可能是她后人中國神話故事之——常羲沐月 這個和百度一樣,提及了“女和月母”。更讓我感到不可思議的是,怎麼也是少昊的母親啊?!月母·常羲·嫦娥·广寒宫 這篇值得去看。文章裡的解釋比較有邏輯性。

石夷

Image
石夷——西方之神、西方風神

大荒西經

有人名曰石夷,來風曰韋,處西北隅以司日月之長短。

譯文:有個人,名叫石夷,風吹來的地方叫做韋,石夷在西北角,掌管日月運行時間的長短。

今天很累。昨天原本打算今天找后土的資料啃,然後再寫的。不過⋯⋯就一直被網上的資料帶著遊花園。海內西經到底哪段寫了炎帝的族譜啊?!

於是,就隨便翻《山海經》,找個沒什麼資料的。沒想到⋯⋯還真給我找個四海八荒六合裡也找不到比這個更神秘的人物了。(我也沒怎麼讀《山海經》,可能還有更神秘的,還沒被挖掘出來。)

除了簡單的譯文,還有不簡單的清朝學者郝懿行的註解:「西北隅為日月所不到,然其流光餘景,亦有晷度長短,故應有主司之者也。」就沒有找到其他的。

除了沒有其他的,還有沒有其他的其他則提了樹下野狐創作的玄幻小說裡的大荒十神之一的金神,也叫石夷,與《三海經》無關。:P

不過,根據這段譯文,和西方之神,或風神,好像都沒有關係啊!不是應該叫做晝夜之神嗎?是因為這是記載在大荒西經嗎?不過,如果把“來風曰韋”翻譯成:吹來的或帶來的風叫做韋或韋風,那就跟風神扯上關係啦~

話說回來,石夷和燭籠有關係嗎?畢竟,燭籠睜眼就是白天,閉眼就黑夜。難不成,石夷管燭籠的眼?正好,兩者都在西北方⋯⋯

石夷

夸父

Image
夸父——夸父逐日與不自量力總放在一起⋯⋯不過,他其實曾和蚩尤一起對戰黃帝,我敬他!

海外北經

夸父與日逐走,入日。
渴,欲得飲,飲於河渭;
河渭不足,北飲大澤。
未至,道渴而死。
棄其杖,化為鄧林。

譯文:夸父與太陽賽跑,離太陽越來越近。這個時候很口渴,想要喝水,於是去喝了黃河和渭河的水。然而,黃河和渭河的水不足夠,便想去北方的大澤喝水去。還未到達大澤前,夸父就渴死在半路中。夸父臨死前,丟了自己的手杖,這手杖後來變成了鄧林。

大荒東經

大荒東北隅中,有山名曰凶犁土丘。
應龍處南極,殺蚩尤與夸父,不得復上。
故下數旱,旱而為應龍之狀,乃得大雨。

譯文:在荒遠的東北部,有一座山,叫做凶犁之丘。應龍就住在這座山的南部,因為他殺了蚩尤和夸父,因此不能回天界,因此下界多次發生旱災。每當下界大旱的時候,人們便模仿應龍的樣子求雨,天上就會降雨。

大荒北經

大荒之中,有山名曰成都載天。
有人珥兩黃蛇,把兩黃蛇,名曰夸父。
后土生信,信生夸父。
夸父不量力,欲追日景,逮之於禺谷。
捋飲河而不足也,將走大澤,未至,死于此。
應龍已殺蚩尤,又殺夸父,
乃去南方處之,故南方多雨。

譯文:在荒遠的地方,有一座山,叫做成都載天。有一個人以兩條蛇為耳飾,手裡也拿著兩條蛇,他的名字叫夸父。后土生了信,信生了夸父。夸父不自量力,想要追太陽,終於在禺谷追趕上了。夸父口渴而喝了黃河的水,但是黃河的水不夠喝,因此便走向北方的大澤去喝水,結果還未到大澤前,就死了。應龍殺了蚩尤,又殺了夸父,於是跑到南方去住,因此南方比較多雨。

在《山海經》裡,這三段講述的夸父,都息息相關。山海經還有其他段落也提及夸父,不過是山名、鳥名、獸名,就不在這裡提了。

經過這次的閱讀,才發現夸父逐日竟還有不一樣的故事。在逐鹿之戰裡,夸父一族力助蚩尤奮戰黃帝。應龍應了黃帝的諭令,把黃河和渭河的水收了,於是夸父一族得往北尋找水源。在這逐鹿之戰中,應龍也把蚩尤和夸父的首領殺死了。

延伸讀物:
夸父追日 與其把夸父追日理解為不自量力,這更像是古代人民探索、征服大自然的強烈願望和頑強意志。读山海经才知道,夸父追的不是太阳,而是它!为何夸父追日而死,后来又被应龙斩杀?答案就在《山海经》里!

刑天

Image
刑天——戰鬥之神,炎帝的臣子

海外西經

形天與帝至此爭神,帝斷其首,葬之常羊之山,
乃以乳為目,以臍為口,操干戚以舞。

譯文:刑天與皇帝爭權,皇帝斬斷刑天的腦袋,把它埋在常羊山裡。刑天就以雙乳為眼睛,肚臍為嘴巴,繼續揮舞手中的盾牌和大斧。

刑天是炎帝的臣子。炎帝在阪泉之戰敗給黃帝以後,刑天有所不甘。於是,就偷偷地跑去攻打黃帝,想為炎帝奪回屬於他的地位。他們倆從天庭開打到凡間,然後來到常羊山旁。黃帝手中劍一揮往刑天的脖子砍去,把刑天的頭顱給砍下來了。刑天頓時驚慌,趕緊伸手在地上找自己的頭顱安裝回去。黃帝擔心刑天恢復以後,刑天會繼續糾纏下去,於是舉起寶劍用力劈向常羊山。只見那常羊山裂開,刑天的頭顱滾入了山中,常羊山隨後又合了起來。刑天意識到再也找不回自己的頭顱,加上志未酬,憤怒極了。刑天便將雙乳當成雙眼,將肚臍當作口,手持盾牌和大斧,繼續戰鬥。

刑天雖然失敗,但是他那永不妥協的精神卻值得學習。

不過,他最後怎麼死?倒留下一個懸念。揮盾、斧而累死?還是最後被攻了死穴?他的死穴是什麼?頭顱被砍了都沒事啊~

在《山海經》裡,他叫形天。怎麼後來變成了刑天呢?陶淵明的《讀山海經·精衛銜微木》裡的文字,據說因為傳抄有誤,最後因為刑天比較合適,因此變成了刑天。

這段《山海經》的下一段,若和這一段聯結起來,反而更顯完整的故事。

女祭、女戚在其北,居兩水間,戚操魚䱉,祭操俎。

黃帝看見刑天如此剛勇不屈,心中嘆服,於是下令讓女祭、女戚向刑天的亡魂祭奠後,刑天才得以安寧,不繼續戰鬥下去。

延伸讀物:
刑天的名字由来是这样的! 這個其實只說刑天被黃帝砍了腦袋後,才有這個名字。不過,這篇文章交代了黃帝怎麼讓刑天“安息”。:D 刑天 這篇講述了形天怎麼變成了刑天。讀山海經。精衛銜微木

燭籠

Image
燭籠,能變換日夜四季的神;開辟神。

海外北經

鍾山之神,名曰燭陰,
視為晝,暝為夜,吹為冬,呼為夏,
不飲,不食,不息,息為風,
身長千里。在無䏿之東。
其為物人面蛇身,赤色,居鍾山下。

譯文:鍾山的山神叫燭陰;睜開眼的時候,天下是白天;閉上眼的時候,天下成黑夜;吹氣時成了冬天;呼氣時成了夏天;不喝水;不吃東西;不呼吸;只要呼吸就成了風;他的身體有一千里長。燭陰住在無䏿(qi3)國的東邊。他的形狀為人面蛇身,全身赤紅色,住在鍾山的山腳下。

大荒北經

西北海之外,赤水之北,有章尾山。
有神,人面蛇身而赤,直目正乘,
其瞑乃晦,其視乃明,
不食,不寢,不息,
風雨是謁。
是燭九陰,是謂燭龍。

譯文:在西北海的外面,赤水的北岸,有一座章尾山。山中有一位神,他長著人面蛇身,全身赤紅色,眼睛是豎著長;當他把眼睛閉上,天下變成了黑夜;當他睜開眼,天下變成了白天;他不吃東西、不睡覺、不呼吸;能吞食風雨。他能把幽眇之地照亮,他就是燭龍。

傳說,在大地仍處於混沌之初時,燭籠在北方幽暗的天門那裡,高舉“火精”而照亮了大地,一直照進了陰暗的九泉之下。因此,燭籠也叫做開辟神,和盤古齊名的創世之神。

也有人把燭籠排在四大神龍的榜首。這可能因為他太厲害了吧?不用飲食、休息、呼吸,而且眨個眼、呼吸個什麼的,就能改日夜、四季。

延伸讀物:
山海经中记载的八种龙中国古代四大神龙都有哪些绝招

豎亥

Image
豎亥——测地之神,步子極大,特別能走路。

帝命豎亥步,自東極至于西極,
五億十選九千八百步。
豎亥右手把算,左手指青丘北。

譯文:天帝命令豎亥以腳步測量距離,從最東邊到最西邊,五億十萬九千八百步。豎亥用右手拿著算子,左手指向青丘北部。

豎亥是一位特別能走路的神。在大禹平息了洪水之後,改變了部落聚居在一個地方的現象。為了重整及劃分區域,就必須了解地域的方位及土地面積,大禹派豎亥用腳步去量這大地的面積。豎亥從東走到西,一共走了五億十萬九千八百步;從南走到北,一共走了二億三萬三千五百七十五步。

有人做了古今測量尺寸的轉換,得出一里=200步=1000尺=現今的250米,拿來和其他古籍裡的南北距離做比較,四捨五入的,竟然也差不遠。剛開始,我有點納悶,拿東西的距離和南北的距離做比較嗎?不過,如果以天圓地方的概念來解釋這個,勉強還說得過去的⋯⋯

延伸讀物:
山海经神话故事系列:上古测地之神,量度制作鼻祖“竖亥”传说中的竖亥历史作用如此大,难怪可以成为中国上古创世神之一 我原不想放這連接,不過這文章裡提及這測量工程是由豎亥領隊,踏遍了中華大地,創造了測量儀器,和量度基本單位,有去神話的說法,值得一提。山海经:王亥与竖亥,他如何成为丈量之神?神州大地究竟有多大?

冰夷

Image
冰夷——水神⋯⋯之一。

從極之淵深三百仞,維冰夷恒都焉,
冰夷人面,乘兩龍。

譯文:從極淵有三百仞那麼深,只有冰夷經常住在那裡。冰夷長著人的臉,有兩條龍為坐騎。

這段時候來自《海內北經》。有些文章把冰夷和河伯混為一談,應該是因為都和“水神”相關。另一段來自《大荒東經》這麼提起河伯的。“有困民國,勾姓而食。有人曰王亥,兩手操鳥,方食其頭。王亥託于有易,河伯僕牛。有易殺王亥,取僕牛。河念有易,有易潛出,為國於獸,方食之,名曰搖民。帝舜生戲,戲生搖民。”既然這兩者在不一樣的區域發現,應該不是一夥的。

嗯,就是接受不了冰夷是河伯的言論,太多與河伯相關的不良故事。

話說回來,也有人把冰夷列入四大神龍。不過,和山海經裡形容的形象不一樣,應該也只是同名英雄,我找不到出處。

在小說《蠻荒記》裡,冰夷是名女子,水族十仙之首。這寫故事高手,真行!有空找這小說看。

隨便讀物:
上古四大神龙除了烛龙、五爪神龙还有谁?谁的战斗力最强?山海经:河伯与冰夷,到底是谁娶妻被揍?与南海之不延胡余有关?冰夷——上古四大神龙之最好色的神龙山海经中记载的八种龙 -- 這裡沒有冰夷!因此冰夷不是龍。而且,他有龍為交通工具咧!冰夷 -- 這個大部份是說關於在《蠻荒記》裡的冰夷

羲和

Image
這個月打算讀一些關於上古神話的事。這是第二次嘗試寫。之前先想寫關於天帝,看了好一些文章後,轉去寫關於伏羲。結果給這些天帝和伏羲的文章搞到頭昏腦脹。決定隨機翻開《山海經》,撿一些比較簡單的上古神話來讀。

羲和————太陽之母。

東南海之外,甘水之間,有羲和之國,
有女子名曰羲和,方日浴於甘淵。
羲和者,帝俊之妻,生十日。

譯文:在東海之外,甘水之間,有個羲和國。這裡有個叫羲和的女子,正在甘淵中給太陽洗澡。羲和這個女子,是帝俊的妻子,生了十個太陽。

羲和這個名字出現在關於后羿射日的故事裡。這十個太陽和母親羲和就住在東海邊上。羲和常將這十兄弟放在甘淵洗澡,然後就讓他們棲息在一顆大樹上。一個太陽棲息在樹梢,其餘的九個太陽則棲息在比較矮的樹枝上。黎明來臨時,在樹梢上的太陽會飛越天空,照亮人間。

在我看關於天帝的資料,也提及了這帝俊。不過,《山海經》裡,似乎帝俊不是指同一個人。至少在同一《大荒南經》裡,另一段“大荒之中,有不庭之山,榮水窮焉。有人三身,帝俊妻娥皇,生此三身之國,姚姓,黍食,使四鳥。有淵四方,四隅皆達,北屬黑水,南屬大荒,北旁名曰少和之淵,南旁名曰從淵,舜之所浴也。“這段的帝俊是指舜。除非⋯⋯羲和是另一個妻子?不過,娥皇的孩子⋯⋯不一樣啊!不是太陽啊!

有點離題了。

更多資料:https://baike.baidu.com/item/%E7%BE%B2%E5%92%8C/278594

MIME - Multipurpose Internet Mail Extensions

Image
Today marks the last day for my 31-day challenge to explain IT related term. I didn't have any actual plan for this, so I got my terms randomly from bookmarked URL, books, or what I heard/read.

DKIM was one of the terms that I found in an email raw message. Today's word, MIME is the second term I choose from the email raw message. :P

MIME, or Multipurpose Internet Mail Extensions, is an Internet standard to extends the email content format that contains text in character sets other than ASCII, with attachments in audio/image/video/any other non-text file, or it is a multi-part message.

I thought this is the part to define the content of the email, but actually, it is not. Normally, in an email, you'll just specify the MIME version, and the format of the message is defined in Content-Type.

I inspected a few of received newsletters in my mailbox, seems like in single email, we can have both plain text and html content to be sent in single email! There's a "divi…

DKIM - DomainKeys Identified Mail

Image
DKIM or DomainKeys Identified Mail is a security measurement to check if an email is sent from authorized or unauthorized sender.

It adds a digital signature to every message sent. This allows the receiving server can verify if the message is forged.

A sender can pretend the message is sent from abcbank.com, for example. You might see the sender email is admin@abcbank.com, but actually it is sent from malicious source. Checking the DKIM, will reveal if this email is indeed sent from a specific domain, that is authorized by the domain's owner.

2 other terms related to DKIM are SPF (Sender Policy Framework) and DMARC (Domain-based Message Authentication, Reporting, and Conformance).

Further reads:
http://dkim.org/https://www.dmarcanalyzer.com/dkim/

WebSockets

Image
WebSockets is a protocol introduced at session layer in OSI (Open Systems Interconnection) model and rely on TCP (Transmission Control Protocol) to connect and send data. It provides full-duplex communication, i.e. enable bi-directional network data transfer at the same time.

It is often compared to HTTP/2.0 (Hypertext Transfer Protocol v2), however it is not meant to replace HTTP protocol. HTTP and WebSockets have their own pros and cons, developer should choose carefully which protocol to be used for optimal performance of the system.

Anyway, to start the connection for WebSockets, the client will always ask the server if the server supports WebSockets. This request is sent as HTTP-request. Once the server confirm by sending HTTP-response, then the client-server will start to communicate using WebSockets.

Further reads:
https://blogs.windows.com/windowsdeveloper/2016/03/14/when-to-use-a-http-call-instead-of-a-websocket-or-http-2-0/https://stackoverflow.com/questions/14703627/we…

Broadband

Image
I asked my sister, any IT jargon that you'd like to know? She answered, broadband.

I am like... What?!

She challenged back, "See, you can't explain!"

"Broadband is high speed Internet."

"So, broadband is Internet?"

"It's high speed Internet."

Then I tried to mimic Jaring dialing sound. :D

I googled a bit, and found this article https://www.broadbandgenie.co.uk/broadband/help/beginners-guide-to-broadband. The dial-up connection is called "narrowband".

Webhook

Image
My first encounter with this term is with Github, when I "reactivated" my Github account again early this year.

After reading a few articles, I am not sure if I really get what webhook is, but here's my understanding.

Webhook is something like a callback http api. It is triggered after a defined event happened.

In Github, it can be set in a repository. The target URL (or it's called payload URL) could be setup in other server, which is accessible via http post request. You can select upon which event run, this webhook should be triggered. In Github, the default settings is, when any push actvity happen, this webhook will be called. The target URL could be an API to inform a list of recipient on the push activity.

Due to of this "event-trigger" attribute and always relates to notification, some define webhook as an automated notification. However, webhook can do more than that.

It could be used in sending data to another system, say Kafka, for big da…

CIA - confidentiality, integrity, availability

Image
CIA triad, confidentiality, integrity, availability, is the three-fundamentals in security principle.

Confidential ensures the data or information is only accessible by authorised personnel only.

Integrity ensures the data is not tampered or destroyed by unauthorised activity.

Availability ensure the data or services are accessible by authorised personnel at any time.

When a security incident happened, you can be sure one or more of these principles are violated.

Further reads:
https://www.csoonline.com/article/3519908/the-cia-triad-definition-components-and-examples.htmlhttps://www.f5.com/labs/articles/education/what-is-the-cia-triad

Computer Virus

Image
Today's term is about virus. Not talking about the Covid-19, but about computer virus.

Computer virus shares the "virus" name, because they share common characteristics. They replicate themselves and spread from host to host.

A computer virus, is a self-replicating program, that produces its own copy by modifying other computer program, computer boot sector or document. It is generally transmitted via file downloads, infected disk/flash drives, email attachments, or within the infected network.

To countermeasure it as in common sense, we download files only from trusted source, use external disk/flash drives only from trusted source, do not open email or click link or attachment from unknown sender, install and keep anti-virus up-to-date.

Further reads:
https://softwarelab.org/what-is-a-computer-virus/https://us.norton.com/internetsecurity-malware-what-is-a-computer-virus.html

Enumeration

Image
Enumeration in computer security, is a phase or process to creates active connections to system and performs direct queries to gain more information about the target.

There are quite a number of techniques to perform enumeration. For examples, some sites use Wordpress and the default admin credentials could be a way to gain more information, if the default credentials are still intact; brute force techniques to find valid user name; using tools like SuperScan to detect open ports on a target computer; and so on.

With this further information, a hacker could proceed to plan for the system hacking. This is one of the step in pre-attack phase.

Further reads:
https://resources.infosecinstitute.com/what-is-enumeration/https://resources.infosecinstitute.com/process-scanning-and-enumeration/

Exploit

Image
Exploit, in computer security, is technique or program to leverage the vulnerability in computer or software, that would cause the system to not work as expected. It could caused the system to output or display something that is not expected, and in worst case can cause data breach or system down.

Metasploit is one of the top tools for pen-testing. It has a framework that contains a lot of exploits, and you can write your own exploits too.

Further reads:
https://www.rapid7.com/products/metasploit/https://sectools.org/tag/sploits/
I actually planned FQDN for today. But... maybe when I don't have any term in mind next time. :P

DNS - Domain Name System

Image
DNS or Domain Name System is like a phonebook for the internet. It translate human readable computer hostnames into IP addresses. This process is called DNS name resolution.

For your internet connection, normally you'll use the DNS provided by your ISP (Internet Service Provider), or you can specify your desired DNS. Go to your network connection settings, if you don't see DNS settings there, try to find in advance settings. There was once I remember the default DNS was unable to serve my requests. I Googled and found the workaround, is by using Google public DNS. If you are interested to change it, try 8.8.8.8 for DNS server.

When a request is made, the DNS resolver will send the request to a DNS root nameserver, where it responds with TLD (Top Level Domain : .com / .net) nameserver based on the request. Say, the request is for kdb.jcrys26.com. The request will be redirected to .com TLD nameserver. The TLD server will then responds with the IP of for jcrys26.com's nam…

Database Sharding

Image
First time I see this word sharding, is when I first get in touch with MongoDB... was it like more than 5 years ago?

Anyway, back to the main topic.

Database sharding is a way of database horizontal partitioning into several machines or nodes. Data are stored in one of the node based on the shard key distribution.

If the database is very big, by partitioning the database in this way, the performance can be improved. Each machine/node has its own resource and readwrite process. However, sharding design, or the shard key distribution is vital to get the benefits of this performance improvement. If it is not designed carefully, it could leads to poor performance though.

Further readings:
https://www.quora.com/Whats-the-difference-between-sharding-DB-tables-and-partitioning-themhttps://docs.mongodb.com/manual/core/sharded-cluster-components/https://instagram-engineering.com/sharding-ids-at-instagram-1cf5a71e5a5c

ABAC - Attribute-Based Access Control

Image
ABAC or Attribute-Based Access Control is another type of access control model. Instead of create roles for access management, and assign user to the appropriate role in RBAC, ABAC defines policies based on the attributes of the user/object/environment or even function/action in the system to manage the access control.

Due to this complexity, it is more difficult to implement compared to RBAC. However, if the policies and attributes framework is defined, the access management would be easy and can be controlled in more granular.

There are access models combining RBAC and ABAC. Check out the article by Ekran System below.

Further reads:
https://www.ekransystem.com/en/blog/rbac-vs-abachttps://csrc.nist.gov/Projects/Attribute-Based-Access-Control

RBAC - Role-Based Access Control

Image
RBAC or Role-Based Access Control is a type of access control models. This model makes the access control implementation easier. Groups or roles are created and the access is defined for each group/role. Users are then assigned to the appropriate role, thus the proper access is granted to the user based on the role assigned.

Instead of having to define or assign each access to each individual user, this approach has greatly reduce the effort to manage the access control.

A lot of RBAC related articles are paid content. sien.

A 4D-Role Based Access Control Model for Multitenancy Cloud Platform is just too... mathematical...

Further reads:
https://blogs.gartner.com/alessandro-perilli/multitenancy-is-not-just-network-isolation-and-rbac/https://auth0.com/docs/authorization/rbac

RASP - Runtime application self-protection

Image
RASP or Runtime application self-protection is a security measurement implemented at the application that run in Production environment. It captures the request and handle the valication within the application. It can raise alert and prevent an attack by terminating the request operation.

2 closest security measurements mentioned earlier in this 31-day terminology series, to RASP, are IAST and WAF.

RASP is different from IASP, where IAST is focused on identifying vulnerabilities, while RASP focused on protecting against cyber security attacks. IASP normally run in Test environment, while RASP run in Production environment.

RASP is also different from WAF, where WAF performing the filter on the request and response as a proxy without knowing the application, while RASP sits inside the application and "understand" the application.

This is my first time hearing this term. I went through a RASP tool list by G2, and have never heard of any of them, except Contrast which OWA…

IAST - Interactive Application Security Testing

Image
IAST or Interactive Application Security Testing, can be seen as a third testing methodology to complement SAST and DAST. It is like an agent working inside the running application to perform the security testing.

SAST can do code analysis where application is not running, while DAST can perform http scanning when the application is running. IAST can perform code analysis, accompanied by automated/manual testing, to assess the application performance and detect vulnerabilities during run time. It could also assess the control flow and data flow, and could easily integrated into CI/CD pipelines.

Based on OWASP website, Contrast Community Edition is the only free IAST tool available currently.

Though Synopsys give a very good article on IAST, the link on the page for IAST solution happened to link to its SAST solution. :P

Further read:
https://owasp.org/www-community/Free_for_Open_Source_Application_Security_Toolshttps://www.synopsys.com/glossary/what-is-iast.html

DAST - Dynamic Analysis Security Testing

Image
As opposed to SAST, Dynamic Analysis Security Testing or DAST is a black-box testing. It is performed when the application is running. It is normally run using a tool to scan and perform attacks to the web application.

OWASP Zed Attack Proxy (ZAP) is the world's most popular free DAST tool. You could input your home URL into the tool and allow it to perform scan and attack your web application. You can also provide some parameters or authentication credentials to allow the tool to continue to detect vulnerabilities in your web application. It also allows user interactions combined with the tool to complement the DAST testings. It will capture if the web page that user accessed contains any vulnerabilities. The report provides the CWE (Common Weakness Enumeration) ID, description, solution and reference. It is so handy that you could assess and take necessary step on the reported vulnerabilities.

Furhter reads:
https://www.zaproxy.org/zap-in-ten/

SAST - Static Analysis Security Testing

Image
Static Analysis Security Testing or SAST is considered as white-box testing, where the tester has knowledge and access to the underlying design and source code. The testing performed by analyzing the source code without deploy or run the application.

A lot of time, this testing is automated by using tool to perform the source code scan and analyze. The SAST tools is based on a set of rules to identify known or potential security flaw in the source code.

Performing SAST during development can find the vulnerabilities earlier, and thus can be fixed earlier and easier.

Further readings:
https://www.synopsys.com/glossary/what-is-sast.htmlhttps://owasp.org/www-community/Source_Code_Analysis_Tools

WAF - Web Application Firewall

Image
WAF, or web application firewall is a security measurement to detect and filter anything malicious for web application.

It is a type of reverse-proxy, acting as an intermediary to block any malicious traffic traveling to the web application, and prevents any unauthorized data from leaving the web application.

Some articles for further read.
https://www.f5.com/services/resources/glossary/web-application-firewallhttps://www.cloudflare.com/learning/ddos/glossary/web-application-firewall-waf/

Identity federation

Image
Identity federation is a system to integrate or handle the authentication and access control between multiple IdPs and SPs.

Example, an organization employee, Dave, needs to work with multiple applications provided by his own organization and also different organizations. Say, one of the external application is LinkedIn Learning. In the meantime, LinkedIn Learning also provides their service to multiple organizations.

Dave could login to LinkedIn Learning using his company's email or his company account. How this works? By implementing identity federation.

Identity federation establish the trust relationship between the IdP, that could be Azure AD from Dave's organization, and the SP, which is LinkedIn Learning in this case.

SAML - Security Assertion Markup Language

Image
SAML is an open standard to allow authentication and authorization request/response exchange.

I normally hear about SP (Service Provider) and IdP (Identity Provider) in SAML (at work). There is a 3rd role involved in SAML, which is the principal (the user).

User will request a service from SP. SP will request an authentication assertion from IdP, then based on the SAML response to decide the access level.

SAML main use case is to support Single-sign on (SSO). The SP and IdP could be from different organization, but "work together" via SAML protocol to make user see them as "one-stop solution".

Some articles for further read.
https://www.gluu.org/resources/documents/articles/how-does-saml-work-idps-sps/https://auth0.com/blog/how-saml-authentication-works/

OAuth

Image
OAuth or Open Authentication is an open standard to allow end users authorize 3rd party service to access to their account information without exposing their account credential.

An application that uses OAuth, will first request for authorization acknowledgement from user, where it will be then forwarded to an authorization server to get the access token. This access token will be used to access to the protected resources from the server.

Some articles for further read.
https://auth0.com/docs/protocols/protocol-oauth2
Reference sites:
https://tools.ietf.org/html/rfc6749https://oauth.net/https://www.oauth.com/

WebAuthn

Image
I received a newsletter from Okta few weeks ago, and their blog post was talking about WebAuthn. Okta is a company that provides services in IAM (Identity and access management).

WebAuthn is a new (not really that new) W3C (World Wide Web Consortium) recommendation for web authentication using using public key cryptography instead of a password.

It seems similar to https, where the certificate(s) is used for authentication, encryptions and integrity between website and web client, but WebAuthn is between web user and website. Website hold the private key in https case, and user (or user device) hold the private key for WebAuthn case.

I am not sure if WebAuthn will have self-signed or CA (certificate authority) signed concept, just like in https. My main concern is, it must be free. :D

Some articles for further read.
https://www.okta.com/blog/2019/03/what-is-webauthn/https://webauthn.guide/

Single Sign-On - SSO

Image
Single Sign-On is an authentication method to allow a user to login once to an IdP (Identity Provider) and it is authenticated to multiple applications or systems.

It is different from Directory Server Authentication, where the same IdP is used for multiple applications, but user is required to key in credential to login separately to each of the applications.

Some articles for further read.
https://www.onelogin.com/learn/how-single-sign-on-workshttps://auth0.com/learn/how-to-implement-single-sign-on/

Encryption

Image
Encryption is a process to "lock" a data in plain text by encode it into something that is not readable (ciphertext) with a special key or password.

Only people who has the key, or know the password can decode the ciphertext back to readable (plain text) format.

Redis

Image
Redis is a NoSQL (not RDBMS), an in-memory dataset, using cache. It is designed to improve the performance to read/write data. It holds the data in memory directly.

For database that is not in-memory dataset and relational database, it would need to make query to retrieve the data then load to memory. This increase the data access latency, and thus giving impact on the performance.

Application that uses Redis could have a mechanism to write the data to persistent storage periodically. In the case of system restart, the application will reconstruct the data to memory again.

Some articles for further read.
https://redis.io/topics/introduction

High Availability

Image
I often hear HA at work. There are some HA projects on-going, or done, I am not sure. I am not involved in the projects, yet. I hope. :D

As a cloud service provider, high availability design is one of the vital architecture considerations. With HA architecture, the service would run at optimal performance even it is running at high load or one of the server node is down. Anyway, it is normally measured as the percentage of uptime in a year. Scheduled downtime most of the time does not count in the HA measurement.

I quote this from Wiki : By doing this, they can claim to have phenomenally high availability, which might give the illusion of continuous availability.

There's another numbered system for this HA measurement. One nine, refers to 90%; two nines is 99%; three nines is 99.9%; four nines is 99.99% and so on. The more nines, the better HA the system is.

There are a lot of design principle to ensure HA. For example, redundancies, load balance, failover mechanism, etc.

S…

Scalable and Elastic

Image
I got confused with these 2 terms. To me, they seemed to be referring to the same thing, until I attended an online course on Azure.

Scalable is you can increase or decrease the resources based on the demand or workload anytime. Cloud computing can support both vertical scaling (scale up) and horizontal scaling (scale out) depends on your need. Scale up is adding resources to existing server, and scale out is adding more server to support the additional loads.

Elastic means, the cloud computing can automatically adding or removing resources based on demand.

The big difference between scalable and elastic is the magic word, automatically. :)

Serverless

Image
Serverless or serverless computing is a platform provided by cloud service provider, to allow developer to develop or deploy a piece of code or function, without worry about the resources or underlying infrastructure or operating system. It is currently the most granular cloud computing approach to build or run a service.



It incorporate 2 service models, the Backend as a Service (BaaS) and Function as a Service (FaaS) to allow developer to upload the codes, and service provider to manage the required resources to execute the function when called.

Some articles for further read.
https://martinfowler.com/articles/serverless.htmlhttps://www.stratoscale.com/blog/compute/keeping-small-serverless-functions-vs-microservices/https://rubygarage.org/blog/monolith-soa-microservices-serverless

Undercloud and Overcloud

Image
I was thinking to separate this into 2 days. But, to understand undercloud better, I need to know what is overcloud. :)

Undercloud is the very basic setup and infrastructure that is required to setup the "cloud infrastructure" -- overcloud, to be used by consumer. It deploys and manages overcloud.

Red Hat OpenStack Platform (RHOSP) Director is the undercloud that that deploy and manage a complete overcloud infrastructure.

The overcloud, is the production cloud that is used to deploy VMs and containers to perform cloud workload.