Web应用程序安全外文翻译参考文献(文档含中英文对照即英文原文和中文翻译)
原文:
Basic Security Practices for Web Applications
Even if you have limited experience with and knowledge of application security, there are basic measures that you should take to help protect your Web applications. The following sections in this topic provide minimum-security guidelines that apply to all Web applications.General Web Application Security Recommendations;Run Applications with Minimum Privileges ;Know Your Users; Guard Against Malicious User Input;Access Databases Securely;Create Safe Error Messages;Keep Sensitive Information Safely;Use Cookies Securely;Guard Against Denial-of-Service Threats.
1. General Web Application Security Recommendations
Even the most elaborate application security can fail if a malicious user can use simple ways to gain access to your computers. General Web application security recommendations include the following: Back up data often and keep your backups physically secure.Keep your Web server physically secure so that unauthorized users cannot gain access to it, turn it off, physically steal it, and so https://www.doczj.com/doc/ec8322256.html,e the Windows NTFS file system, not FAT32. NTFS offers substantially more security than FAT32. Protect the Web server and all of the computers on the same network with strong passwords.Follow best practices for securing Internet Information Services (IIS). Close any unused ports and turn off unused services.Run a virus checker that monitors site https://www.doczj.com/doc/ec8322256.html,e a firewall.Learn about and install the latest security updates from Microsoft and other https://www.doczj.com/doc/ec8322256.html,e Windows event logging and examine the logs frequently for suspicious activity. This includes repeated attempts to log on to your system and excessive requests against your Web server.
2. Run Applications with Minimum Privileges
When your application runs, it runs within a context that has specific privileges on the local computer and potentially on remote computers. For information about configuring application identity, see Configuring https://www.doczj.com/doc/ec8322256.html, Process Identity.To run with the minimum number of privileges needed, follow these guidelines: Do not run your application with the identity of a system user (administrator).Run the application in the context of a user with the minimum practical privileges. Set permissions (ACLs, or Access Control Lists) on all the resources required for your application. Use the most restrictive setting. For example, if practical in your application, set files to be read-only. For a list of the minimum ACL permissions required for the identity of your https://www.doczj.com/doc/ec8322256.html, application, see https://www.doczj.com/doc/ec8322256.html, Required Access Control Lists (ACLs).Keep files for your Web application in a folder below the application root. Do not allow users the option of specifying a path for any file access in your application. This helps prevent users from getting access to the root of your server.
3. Know Your Users
In many applications, it is possible for users to access the site without having to provide credentials. If so, your application accesses resources by running in the
context of a predefined user. By default, this context is the local ASPNET user (Windows 2000 or Windows XP) or NETWORK SERVICE user (Windows Server 2003) on the Web server.To restrict access to users who are authenticated, follow these guidelines: If your application is an intranet application, configure it to use Windows Integrated security. This way, the user's login credentials can be used to access resources.If you need to gather credentials from the user, use one of the https://www.doczj.com/doc/ec8322256.html, authentication strategies. For an example, see the https://www.doczj.com/doc/ec8322256.html, Forms Authentication Overview.
4. Guard against Malicious User Input
As a general rule, never assume that input you get from users is safe. It is easy for malicious users to send potentially dangerous information from the client to your application. To help guard against malicious input, follow these guidelines: In forms, filter user input to check for HTML tags, which might contain script. For details, see How to: Protect Against Script Exploits in a Web Application by Applying HTML Encoding to Strings.Never echo (display) unfiltered user input. Before displaying untrusted information, encode HTML to turn potentially harmful script into display strings.Similarly, never store unfiltered user input in a database.If you want to accept some HTML from a user, filter it manually. In your filter, explicitly define what you will accept. Do not create a filter that tries to filter out malicious input; it is very difficult to anticipate all possible malicious input.Do not assume that information you get from the header (usually via the Request object) is safe. Use safeguards for query strings, cookies, and so on. Be aware that information that the browser reports to the server (user agent information) can be spoofed, in case that is important in your application.If possible, do not store sensitive information in a place that is accessible from the browser, such as hidden fields or cookies.
5. Access Databases Securely
Databases typically have their own security. An important aspect Web application security is designing a way for the application to access the database securely. Follow these guidelines: Use the inherent security of your database to limit who can access database resources. The exact strategy depends on your database and your application:
If practical in your application, use Windows Integrated security so that only Windows-authenticated users can access the database. Integrated security is more secure than using SQL Server standard security.If your application uses anonymous access, create a single user with very limited permissions, and perform queries by connecting as this user.Do not create SQL statements by concatenating strings that involve user input. Instead, create a parameterized query and use user input to set parameter values. If you must store a user name and password somewhere to use as the database login credential, store them securely. If practical, encrypt or hash them. For details, see Encrypting and Decrypting Data.
6. Create Safe Error Messages
If you are not careful, a malicious user can deduce important information about your application from the error messages it displays. Follow these guidelines: Do not write error messages that echo information that might be useful to malicious users, such as a user name.Configure the application not to show detailed errors to users. If you want to display detailed error messages for debugging, check first that the user is local to the Web server. For details, see How to: Display Safe Error https://www.doczj.com/doc/ec8322256.html,e the customErrorsconfiguration element to control who can view exceptions from the server.Create custom error handling for situations that are prone to error, such as database access.
7. Keep Sensitive Information Safely
Sensitive information is any information that you need to keep private. A typical piece of sensitive information is a password or an encryption key. If a malicious user can get to the sensitive information, then the data protected by the secret is compromised. Follow these guidelines: If your application transmits sensitive information between the browser and the server, consider using Secure Sockets Layer (SSL). Use Protected Configuration to secure sensitive information in configuration files such as the Web.config or Machine.config files. For more information, see Encrypting Configuration Information Using Protected Configuration.If you must store sensitive information, do not keep it in a Web page, even in a form that you think people will not be able to view (such as in server code).Use the strong
encryption algorithms supplied in the System Security Cryptography namespace.
8 . Use Cookies Securely
Cookies are an easy and useful way to keep user-specific information available. However, because cookies are sent to the browser's computer, they are vulnerable to spoofing or other malicious use. Follow these guidelines: Do not store any critical information in cookies. For example, do not store a user's password in a cookie, even temporarily. As a rule, do not store any sensitive information in a cookie that. Instead, keep a reference in the cookie to a location on the server where the information is located. Set expiration dates on cookies to the shortest practical time you can. Avoid permanent cookies if possible.Consider encrypting information in cookies. Consider setting the Secure and HttpOnly properties on your cookies to true.
9. Guard against Denial-of-Service Threats
An indirect way that a malicious user can compromise your application is by making it unavailable. The malicious user can keep the application too busy to service other users, or if nothing else can simply crash the application. Follow these guidelines: Close or release any resource you use. For example, always close data connections and data readers, and always close files when you are done using https://www.doczj.com/doc/ec8322256.html,e error handling (for example, try/catch blocks). Include a finally block in which you release resources in case of failure.Configure IIS to use throttling, which prevents an application from using a disproportionate amount of CPU. Test size limits of user input before using or storing it.Put size safeguards on database queries to help guard against large queries using up system resources.You can also use the RequestLengthDiskThreshold property in to reduce the memory overhead of large uploads and form posts.
译文:
Web 应用程序的基本安全做法
即使您对应用程序安全性的体验和了解非常有限,也应采取一些基本措施来保护您的Web 应用程序。以下各部分提供了适用于所有Web 应用程序的最低安全性准则。常规Web 应用程序安全性建议;使用最少特权运行应用程序;了解您的用户;防止恶意用户的输入;安全地访问数据库;创建安全的错误消息;保证敏感信息的安全;安全地使用Cookie;防止拒绝服务威胁。
1.常规Web 应用程序安全性建议;
如果恶意用户可以使用简单方法进入您的计算机,即使是最精心设计的应用程序安全性也会失败。常规Web 应用程序安全性建议包括以下内容:经常备份数据,并将备份存放在安全的场所;将您的Web 服务器放置在安全的场所,使未经授权的用户无法访问它、关闭它、带走它,等等。使用Windows NTFS 文件系统,不使用FAT32。NTFS 的安全性比FAT32 高得多。使用不易破解的密码,保护Web 服务器和同一网络上的所有计算机的安全。遵循用于确保Internet 信息服务(IIS) 安全的最佳做法。关闭任何不使用的端口并关闭不使用的服务。运行监视网站通信量的病毒检查程序。使用防火墙。了解和安装来自Microsoft 和其他供应商的最新安全更新。使用Windows 事件日志记录,并且经常检查这
些日志,以查找可疑活动。这样的活动包括:反复尝试登录您的系统,以及向您的Web 服务器发出数量巨大的请求。
2.使用最少特权运行应用程序
当您的应用程序运行时,它运行在一个具有本地计算机(还可能是远程计算机)的特定特权的上下文中。有关配置应用程序标识的信息,请参见配置https://www.doczj.com/doc/ec8322256.html, 进程标识。若要以最少特权运行,请遵循以下准则:不要以系统用户(管理员)身份运行应用程序。在具有最少实用特权的用户上下文中运行应用程序。设置应用程序所需的所有资源上的权限(ACL 或访问控制列表)。使用最严格的设置。例如,如果在您的应用程序中是可行的,则将文件设置为只读。有关https://www.doczj.com/doc/ec8322256.html, 应用程序标识所需的最少ACL 权限的列表,请参见https://www.doczj.com/doc/ec8322256.html, 必需的访问控制列表(ACL)。将您的Web 应用程序的文件保存在应用程序根目录下的一个文件夹中。不要让用户指定在应用程序中进行文件访问的路径。这样有助于防止用户访问服务器的根目录。
3.了解您的用户
在许多应用程序中,用户有可能不必提供凭据即可访问网站。如果是这样,则您的应用程序通过在预定义用户的上下文中运行即可访问资源。默认情况下,此上下文是Web 服务器上的本地ASPNET 用户(Windows 2000 或Windows XP)或NETWORK SERVICE 用户(Windows Server 2003)。若要仅允许已授权用户进行访问,请遵循以下准则:如果您的应用程序是Intranet 应用程序,则将其配置为使用Windows 集成安全性。这样,用户的登录凭据就可以用于访问资源。如果您需要从用户收集凭据,则使用其中一种https://www.doczj.com/doc/ec8322256.html, 身份验证策略。有关示例,请参见https://www.doczj.com/doc/ec8322256.html, Forms 身份验证概述。
4.防止恶意用户的输入
通常,决不假定从用户获得的输入是安全的。对恶意用户来说,从客户端向您的应用程序发送潜在危险的信息是很容易的。若要帮助防止恶意输入,请遵循以下准则:在窗体中,筛选用户输入以查找HTML 标记,其中可能包含脚本。有关详细信息,请参见如何:通过对字符串应用HTML 编码在Web 应用程序中防止脚本侵入。决不回显(显示)未经筛选的用户输入。在显示不受信任的信息之前,对HTML 进行编码以将潜在有害的脚本转换为显示字符串。类似地,决不将未经筛选的用户输入存储在数据库中。如果要接受来自用户的一些HTML,则手动筛选它。在您的筛选器中,显式定义将要接受的内容。不要创建一个试图筛选出恶意输入的筛选器;因为预料到所有可能的恶意输入是非常困难的。不要假定您从标头(通常通过Request 对象)获得的信息是安全的。对查询字符串、Cookie 等采取安全措施。注意,浏览器向服务器报告的信息(用户代理信息)可以被假冒(如果此信息在您的应用程序中相当重要)。如有可能,不要将敏感信息(如隐藏字段或Cookie)存储在可从浏览器访问的位置。例如,不要将密码存储在Cookie 中。
5.安全地访问数据库
数据库通常具有它们自己的安全性。Web 应用程序安全性的一个重要方面是设计一种应用程序安全地访问数据库的方式。请遵循这些指导:使用数据库的内在安全性来限制可以访问数据库资源的人员。确切的策略取决于您的数据库和应用程序:如果在您的应用程序中切实可行,请使用Windows 集成安全性以便只有Windows 授权的用户才能访问数据库。集成安全性比使用SQL Server 标准安全性更安全。如果您的应用程序使用匿名访问,请创建具有非常有限的权
限的单个用户,并以此用户身份连接来执行查询。不要通过串联涉及用户输入的字符串创建SQL 语句。相反,创建参数化查询并使用用户输入设置参数值。如果您必须将用户名和密码存储在某个位置以用作数据库登录凭据,请安全地存储它们。如果可行,请对它们进行加密或计算哈希值。
6.创建安全的错误消息
如果您不小心,恶意用户就可以从应用程序显示的错误消息推断出有关您的应用程序的重要信息。请遵循这些指导:不要编写会回显可能对恶意用户有用的信息(例如用户名)的错误消息。将应用程序配置为不向用户显示详细错误。如果为进行调试而要显示详细错误消息,请先检查该用户是否为Web 服务器的本地用户。使用customErrors 配置元素控制谁可以查看服务器发出的异常。对于容易发生错误的情况(如数据库访问)创建自定义错误处理方式。
7.保证敏感信息的安全
“敏感信息”是需要保密的任意信息。密码或加密密钥即是典型的敏感信息。如果恶意用户可以获得敏感信息,则该信息保护的数据将受到威胁。请遵循这些指导:如果您的应用程序在浏览器和服务器之间传输敏感信息,请考虑使用安全套接字层(SSL)。使用受保护的配置来确保配置文件(如Web.config 或Machine.config 文件)中敏感信息的安全。如果您必须存储敏感信息,即使是以您认为人们将无法看到它的形式(如在服务器代码中)进行保存,也不要将它保存在网页中。使用System.Security.Cryptography 命名空间中提供的强加密算法。
8.安全地使用Cookie
为了让用户特定的信息保持可用,Cookie 是一种容易而有用的方法。但是,由于Cookie 会被发送到浏览器所在的计算机,因此它们容易被假冒或用于其他
恶意用途。请遵循这些指导:不要将任何关键信息存储在Cookie 中。例如,不要将用户的密码存储在Cookie 中,即使是暂时存储也不要这样做。作为一项原则,不要在Cookie 中存储任何敏感信息。而是在Cookie 中保存对信息在服务器上的位置的引用。将Cookie 的过期日期设置为可以设置的最短时间。尽可能避免使用永久的Cookie。考虑对Cookie 中的信息加密。考虑将Cookie 的Secure 和HttpOnly 属性设置为true。
9.防止拒绝服务威胁
恶意用户危害您的应用程序的一种间接方式是使其不可用。恶意用户可以使应用程序太忙而无法为其他用户提供服务,或者仅仅使应用程序出现故障。请遵循这些指导:关闭或释放您使用的任何资源。例如,在使用完毕后,始终关闭数据连接和数据读取器,而且始终关闭文件。使用错误处理机制(例如,try/catch 块)。包含finally 块,以便万一失败就可以在其中释放资源。将IIS 配置为使用调节,这样可以防止应用程序消耗过多的CPU。在使用或存储用户输入之前,测试它的大小限制。对数据库查询设置大小保护措施,以防止大型查询耗尽系统资源。如果文件上载是您的应用程序的一部分,则对它们的大小加以限制。还可以使用RequestLengthDiskThreshold 属性来减少大型上载和窗体发布所需的内存开销。
通信工程专业英语翻译 JXTA is a crystallization by Sun company's chief scientist Bill Joy's more than twenty years of brewing."JXTA technology is a platform for Network programming and calculation.To solve the modern distribution calculation especially peer-to-peer (Peer to Peer, P2P) in the calculation of the problem".[1] JXTA research project,which will provide a new framework that make the user more convenient to access to connect on the Internet's personal computer resources, thus further expand Internet 's space. At the same time JXTA is also the Sun's "ONE Internet" strategic continuance, and will take a more positive attitude to compete with the .net strategy of Microsoft and Hailstorm plan . JXTA agreement defines a set of six agreement based on XML, the organization of node into node group, release and found some resources, communication and mutual monitoring provides standardized method.(Endpoint Routing Protocol,ERP) is used for node found routing.To send a message to other nodes, and through the potential firewall and connection.(Rendezvous Protocol,RVP) s used for the nodes in the group to spread information.(Peer Resolver Protocol,PRP) is Used to one or more points to send general inquiries, and receive the response of inquiries.
On the vehicle sideslip angle estimation through neural networks: Numerical and experimental results. S. Melzi,E. Sabbioni Mechanical Systems and Signal Processing 25 (2011):14~28 电脑估计车辆侧滑角的数值和实验结果 S.梅尔兹,E.赛博毕宁 机械系统和信号处理2011年第25期:14~28
摘要 将稳定控制系统应用于差动制动内/外轮胎是现在对客车车辆的标准(电子稳定系统ESP、直接偏航力矩控制DYC)。这些系统假设将两个偏航率(通常是衡量板)和侧滑角作为控制变量。不幸的是后者的具体数值只有通过非常昂贵却不适合用于普通车辆的设备才可以实现直接被测量,因此只能估计其数值。几个州的观察家最终将适应参数的参考车辆模型作为开发的目的。然而侧滑角的估计还是一个悬而未决的问题。为了避免有关参考模型参数识别/适应的问题,本文提出了分层神经网络方法估算侧滑角。横向加速度、偏航角速率、速度和引导角,都可以作为普通传感器的输入值。人脑中的神经网络的设计和定义的策略构成训练集通过数值模拟与七分布式光纤传感器的车辆模型都已经获得了。在各种路面上神经网络性能和稳定已经通过处理实验数据获得和相应的车辆和提到几个处理演习(一步引导、电源、双车道变化等)得以证实。结果通常显示估计和测量的侧滑角之间有良好的一致性。 1 介绍 稳定控制系统可以防止车辆的旋转和漂移。实际上,在轮胎和道路之间的物理极限的附着力下驾驶汽车是一个极其困难的任务。通常大部分司机不能处理这种情况和失去控制的车辆。最近,为了提高车辆安全,稳定控制系统(ESP[1,2]; DYC[3,4])介绍了通过将差动制动/驱动扭矩应用到内/外轮胎来试图控制偏航力矩的方法。 横摆力矩控制系统(DYC)是基于偏航角速率反馈进行控制的。在这种情况下,控制系统使车辆处于由司机转向输入和车辆速度控制的期望的偏航率[3,4]。然而为了确保稳定,防止特别是在低摩擦路面上的车辆侧滑角变得太大是必要的[1,2]。事实上由于非线性回旋力和轮胎滑移角之间的关系,转向角的变化几乎不改变偏航力矩。因此两个偏航率和侧滑角的实现需要一个有效的稳定控制系统[1,2]。不幸的是,能直接测量的侧滑角只能用特殊设备(光学传感器或GPS惯性传感器的组合),现在这种设备非常昂贵,不适合在普通汽车上实现。因此, 必须在实时测量的基础上进行侧滑角估计,具体是测量横向/纵向加速度、角速度、引导角度和车轮角速度来估计车辆速度。 在主要是基于状态观测器/卡尔曼滤波器(5、6)的文学资料里, 提出了几个侧滑角估计策略。因为国家观察员都基于一个参考车辆模型,他们只有准确已知模型参数的情况下,才可以提供一个令人满意的估计。根据这种观点,轮胎特性尤其关键取决于附着条件、温度、磨损等特点。 轮胎转弯刚度的提出就是为了克服这些困难,适应观察员能够提供一个同步估计的侧滑角和附着条件[7,8]。这种方法的弊端是一个更复杂的布局的估计量导致需要很高的计算工作量。 另一种方法可由代表神经网络由于其承受能力模型非线性系统,这样不需要一个参
Unit 1 safety management system Accident causation models 事故致因理论 Safety management 安全管理Physical conditions 物质条件 Machine guarding 机械保护装置 House-keeping 工作场所管理 Top management 高层管理人员 Human errors 人因失误Accident-proneness models 事故倾向模型 Munitions factory 军工厂Causal factors 起因Risking taking 冒险行为Corporate culture 企业文化Loss prevention 损失预防Process industry 制造工业Hazard control 危险控制Intensive study 广泛研究Organizational performance 企业绩效 Mutual trust 相互信任Safety officer 安全官员 Safety committee 安全委员会Shop-floor 生产区Unionized company 集团公司Seniority 资历、工龄Local culture 当地文化 Absenteeism rate 缺勤率Power relations 权力关系Status review 状态审查 Lower-level management 低层管理者 Business performance 组织绩
效 Most senior executive 高级主管 Supervisory level 监督层Safety principle 安全规则Wall-board 公告栏Implement plan 执行计划Hazard identification 危险辨识 Safety performance 安全性能 One comprehensive definition for an organizational culture has been presented by Schein who has said the organizational culture is “a pattern of basic assumptions – invented, discovered, or developed by a given group as it learns to cope with its problems of external adaptation and internal integration –that has worked well enough to be considered valid and, therefore, to be taught to new members as the correct way to perceive, think, and feel in relation to those problems” 译文:Schein给出了组织文化的广泛定义,他认为组织文化是由若干基本假设组成的一种模式,这些假设是由某个特定团体在处理外部适应问题与内部整合问题的过程中发明、发现或完善的。由于以这种模式工作的有效性得到了认可,因此将它作为一种正确的方法传授给新成员,让他们以此来认识、思考和解决问题[指适应外部与整合内部的过程中的问题]。 The safety culture of an organization is the product of individual and group values, attitudes, perceptions, competencies, and patterns of behavior that determine the commitment to, and the style and proficiency of , an organization’s health and safety management. 译文:组织的安全文化由以下几项内容组成:个人和群体的价值观、态度、观念、能力和行为方式。这种行为方式决定了个人或团体对组织健康安全管理的责任,以及组织健康安全管理的形式和熟练程度。 Unit 2 System Safety Engineering System safety engineering 系统安全工程By-product 附带产生的结果
用于多跳认知无线电网络的分布式网络编码控制信道 Alfred Asterjadhi等著 1 前言 大多数电磁频谱由政府机构长期指定给公司或机构专门用于区域或国家地区。由于这种资源的静态分配,许可频谱的许多部分在许多时间和/或位置未使用或未被充分利用。另一方面,几种最近的无线技术在诸如IEEE802.11,蓝牙,Zigbee之类的非许可频段中运行,并且在一定程度上对WiMAX进行操作;这些技术已经看到这样的成功和扩散,他们正在访问的频谱- 主要是2.4 GHz ISM频段- 已经过度拥挤。为了为这些现有技术提供更多的频谱资源,并且允许替代和创新技术的潜在开发,最近已经提出允许被许可的设备(称为次要用户)访问那些许可的频谱资源,主要用户未被使用或零星地使用。这种方法通常被称为动态频谱接入(DSA),无线电设备发现和机会性利用未使用或未充分利用的频谱带的能力通常称为认知无线电(CR)技术。 DSA和CR最近都引起了无线通信和网络界的极大关注。通常设想两种主要应用。第一个是认知无线接入(CW A),根据该认知接入点,认知接入点负责识别未使用的许可频谱,并使用它来提供对次用户的接入。第二个应用是我们在这个技术中研究的应用,它是认知自组织网络(CAN),也就是使用 用于二级用户本身之间通信的无许可频谱,用于诸如点对点内容分发,环境监控,安全性等目的,灾难恢复情景通信,军事通信等等。 设计CAN系统比CW A有更多困难,主要有两个原因。第一是识别未使用的频谱。在CW A中,接入点的作用是连接到互联网,因此可以使用简单的策略来推断频谱可用性,例如查询频谱调节器在其地理位置的频谱可用性或直接与主用户协商频谱可用性或一些中间频谱经纪人另一方面,在CAN中,与频谱调节器或主要用户的缺乏直接通信需要二级用户能够使用检测技术自己识别未使用的频谱。第二个困难是辅助用户协调媒体访问目的。在CW A中存在接入点和通常所有二级用户直接与之通信(即,网络是单跳)的事实使得直接使用集中式媒体接入控制(MAC)解决方案,如时分多址(TDMA)或正交频分多址(OFDMA)。相反,预计CAN将跨越多跳,缺少集中控制器;而对于传统的单通道多跳自组织网络而言,这个问题的几个解决方案是已知的,因为假设我们处理允许设备访问的具有成
The development of automobile As the world energy crisis and the war and the energy consumption of oil -- and are full of energy in one day someday it will disappear without a trace. Oil is not inresources. So in oil consumption must be clean before finding a replacement. With the development of science and technology the progress of the society people invented the electric car. Electric cars will become the most ideal of transportation. In the development of world each aspect is fruitful especially with the automobile electronic technology and computer and rapid development of the information age. The electronic control technology in the car on a wide range of applications the application of the electronic device cars and electronic technology not only to improve and enhance the quality and the traditional automobile electrical performance but also improve the automobile fuel economy performance reliability and emission spurification. Widely used in automobile electronic products not only reduces the cost and reduce the complexity of the maintenance. From the fuel injection engine ignition devices air control and emission control and fault diagnosis to the body auxiliary devices are generally used in electronic control technology auto development mainly electromechanical integration. Widely used in automotive electronic control ignition system mainly electronic control fuel injection system electronic control ignition system electronic control automatic transmission electronic control ABS/ASR control system electronic control suspension system electronic control power steering system vehicle dynamic control system the airbag systems active belt system electronic control system and the automatic air-conditioning and GPS navigation system etc. With the system response the use function of quick car high reliability guarantees of engine power and reduce fuel consumption and emission regulations meet standards. The car is essential to modern traffic tools. And electric cars bring us infinite joy will give us the physical and mental relaxation. Take for example automatic transmission in road can not on the clutch can achieve automatic shift and engine flameout not so effective improve the driving convenience lighten the fatigue strength. Automatic transmission consists mainly of hydraulic torque converter gear transmission pump hydraulic control system electronic control system and oil cooling system etc. The electronic control of suspension is mainly used to cushion the impact of the body and the road to reduce vibration that car getting smooth-going and stability. When the vehicle in the car when the road uneven road can according to automatically adjust the height. When the car ratio of height low set to gas or oil cylinder filling or oil. If is opposite gas or diarrhea. To ensure and improve the level of driving cars driving stability. Variable force power steering system can significantly change the driver for the work efficiency and the state so widely used in electric cars. VDC to vehicle performance has important function it can according to the need of active braking to change the wheels of the car car motions of state and optimum control performance and increased automobile adhesion controlling and stability. Besides these appear beyond 4WS 4WD electric cars can greatly improve the performance of the value and ascending simultaneously. ABS braking distance is reduced and can keep turning skills effectively improve the stability of the directions simultaneously reduce tyre wear. The airbag appear in large programs protected the driver and passengers safety and greatly reduce automobile in collision of drivers and passengers in the buffer to protect the safety of life. Intelligent electronic technology in the bus to promote safe driving and that the other functions. The realization of automatic driving through various sensors. Except some smart cars equipped with multiple outside sensors can fully perception of information and traffic facilities
Unit6 Industry hygiene工业卫生physical hazard物理危害、物质危害nonionizing radiation非电离辐射adverse effects副作用loud noise嘈杂的声音chemical bum化学烧伤live electrical circuits 带电电路confined space密闭空间hearing loss听力丧失physical or mental disturbance身体或精神障碍annoyance烦恼power tools电动工具impulse脉冲sound level meter噪声计jet engine喷气式发动机time-weighted average时间加权平均heat stress热应力、热威胁shivering 颤抖hard labor辛苦工作fatigued疲劳的living tissue活组织plastic sealer塑料密封机biological hazard生物危害potable water饮用水sewage污水physical contact身体接触allergic reaction 过敏反应severe pain剧烈疼痛manual handing手工处理airborne空中的on a daily basis每天hazard communication standard危害通识规定stipulation规定、条款trade name商标名 工业卫生被定义为:“致力于预测、识别、评估和控制环境因素或压力的科学与技术,这些压力产生或来自与工作场所,能够造成疾病、损害人们的幸福安康、或是工程或社区居民的工作效率不高,并使他们感觉到很不舒服。(P67) 当噪音导致暂时或永久的听力丧失,使身体或精神发生紊乱,对语言交流产生干扰,或对工作、休息、放松、睡觉产生干扰时,它是一种非常严重的危害。噪音是任何不被期望的声音,它通常是一种强度变化但不包括任何信息的声音。他干扰人们对正常声音的辨别,可能是有害的,能使人烦恼,并干扰人们说话。(P68) Unit9 Accident investigation事故调查after-the-fact事实背后的take an investigation进行调查fact-finding process寻找事实的过程insurance carrier保险公司/承保人plance blame推卸责任permanent total disability永久全部劳动力丧失for simplicity为简单起见accident prevention 事故预防investigation procedures调查过程fact finding寻找事实operating procedures flow diagrams操作过程流程图maintenance chart维修图表bound notebook活页笔记本physical or chemical law物理或化学定律table of contens 目录narrative叙事的counter-measure干预措施 调查人员在调查过程中从各方面收集证据,从证人、旁观者及一些相关报道中得到信息,在事故发生后尽快的找目击证人谈话,在事故现场遭到改变前进行检查,对事故场景进行拍照并绘制草图,记录与地形相关的所有数据,并将所有的报道复印保存。记录常规的操作流程图、维修图表或对困难、异常现象的报告等非常有用。在活页笔记本中完整准确地记录。记录事故发生前的环境、事故顺序及事故发生后的环境情况等。另外,记录伤者、证人、机械能量来源和危害物质的位置。(P119) Unit10 Safety electricity安全用电electrical equipment电力设备fuse puller保险丝夹break contact断开接点/触电hot side高压端load side 负荷端line side线路/火线端groundfault circuit Interrupt 漏电保护器ground fault接地故障receptacle电源插座hot bubs热水澡桶underwater lighting水底照明fountains 人工喷泉ungrounded(hot)conductor 未接地(高压)单体/火线neutral conductor中性导体fault current载荷中心panelboard 配电板branch-circuit分支电路CB一种多功能插座plug-in插入式 上锁/挂牌成套设备也是可用的。上锁/挂牌套件中包含有必须满足OSHA上锁/挂牌标准的组件。上锁/挂牌套件中包含有可重复使用的危险标签、临时悬挂标志、各种闭锁、锁、磁性标志、及与上锁/挂牌相关的信息。无论什么原因停下工作或当天不能完成工作时,在返回
Unit1 Safety Management Systems 1. Accident Causation Models The most important aim of safety management is to maintain and promote workers' health and safety at work. Understanding why and how accidents and other unwanted events develop is important when preventive activities are planned. Accident theories aim to clarify the accident phenomena,and to explain the mechanisms that lead to accidents. All modem theories are based on accident causation models which try to explain the sequence of events that finally produce the loss. In ancient times, accidents were seen as an act of God and very little could be done to prevent them. In the beginning of the 20th century,it was believed that the poor physical conditions are the root causes of accidents. Safety practitioners concentrated on improving machine guarding, housekeeping and inspections. In most cases an accident is the result of two things :The human act, and the condition of the physical or social environment Petersen extended the causation theory from the individual acts and local conditions to the management system. He concluded that unsafe acts, unsafe conditions,and accidents are all symptoms of something wrong in the organizational management system. Furthermore, he stated that it is the top management who is responsible for building up such a system that can effectively control the hazards associated to the organization’s
5G无线通信网络中英文对照外文翻译文献(文档含英文原文和中文翻译)
翻译: 5G无线通信网络的蜂窝结构和关键技术 摘要 第四代无线通信系统已经或者即将在许多国家部署。然而,随着无线移动设备和服务的激增,仍然有一些挑战尤其是4G所不能容纳的,例如像频谱危机和高能量消耗。无线系统设计师们面临着满足新型无线应用对高数据速率和机动性要求的持续性增长的需求,因此他们已经开始研究被期望于2020年后就能部署的第五代无线系统。在这篇文章里面,我们提出一个有内门和外门情景之分的潜在的蜂窝结构,并且讨论了多种可行性关于5G无线通信系统的技术,比如大量的MIMO技术,节能通信,认知的广播网络和可见光通信。面临潜在技术的未知挑战也被讨论了。 介绍 信息通信技术(ICT)创新合理的使用对世界经济的提高变得越来越重要。无线通信网络在全球ICT战略中也许是最挑剔的元素,并且支撑着很多其他的行业,它是世界上成长最快最有活力的行业之一。欧洲移动天文台(EMO)报道2010年移动通信业总计税收1740亿欧元,从而超过了航空航天业和制药业。无线技术的发展大大提高了人们在商业运作和社交功能方面通信和生活的能力无线移动通信的显著成就表现在技术创新的快速步伐。从1991年二代移动通信系统(2G)的初次登场到2001年三代系统(3G)的首次起飞,无线移动网络已经实现了从一个纯粹的技术系统到一个能承载大量多媒体内容网络的转变。4G无线系统被设计出来用来满足IMT-A技术使用IP面向所有服务的需求。在4G系统中,先进的无线接口被用于正交频分复用技术(OFDM),多输入多输出系统(MIMO)和链路自适应技术。4G无线网络可支持数据速率可达1Gb/s的低流度,比如流动局域无线访问,还有速率高达100M/s的高流速,例如像移动访问。LTE系统和它的延伸系统LTE-A,作为实用的4G系统已经在全球于最近期或不久的将来部署。 然而,每年仍然有戏剧性增长数量的用户支持移动宽频带系统。越来越多的
汽车保险中英文对照外文翻译文献(文档含英文原文和中文翻译)
汽车保险 汽车保险是在事故后保证自己的财产安全合同。尽管联邦法律没有强制要求,但是在大多数州(新罕布什和威斯康星州除外)都要求必须购买汽车保险;在各个州都有最低的保险要求。在鼻腔只购买汽车保险的两个州,如果没有足够的证据表明车主财力满足财务责任法的要求,那么他就必须买一份汽车保险。就算没有法律规定,买一份合适的汽车保险对司机避免惹上官和承担过多维修费用来说都是非常实用的。 依据美国保险咨询中心的资料显示,一份基本的保险单应由6个险种组成。这其中有些是有州法律规定,有些是可以选择的,具体如下: 1.身体伤害责任险 2.财产损失责任险 3.医疗险或个人伤害保护险 4.车辆碰撞险 5.综合损失险 6.无保险驾驶人或保额不足驾驶人险 责任保险 责任险的投保险额一般用三个数字表示。不如,你的保险经纪人说你的保险单责任限额是20/40/10,这就代表每个人的人身伤害责任险赔偿限额是2万美元,每起事故的热身上海责任险赔偿限额是4万美元,每起事故的财产损失责任险的赔偿限额是1万美元。 人身伤害和财产损失责任险是大多数汽车保险单的基础。要求汽车保险的每个州都强令必须投保财产损失责任险,佛罗里达是唯一要求汽车保险但不要求投保人身伤害责任险的州。如果由于你的过错造成了事故,你的责任险会承担人身伤害、财产损失和法律规定的其他费用。人身伤害责任险将赔偿医疗费和误工工资;财产损失责任险将支付车辆的维修及零件更换费用。财产损失责任险通常承担对其他车辆的维修费用,但是也可以对你的车撞坏的灯杆、护栏、建筑物等其他物品的损坏进行赔偿。另一方当事人也可以决定起诉你赔偿精神损失。
The major contributors in component technology have been the semi-conductor components. (译为“起主要作用”,不译“主要贡献者”。) There are three steps which must be taken before we graduate from the integrated circuit technology. (译为“完全掌握”,不译“毕业于”。) The purpose of a driller is to holes. (译为“钻孔”) A single-point cutting tool is used to cut threads on engine lathes. (译为“车”) The major contributors in component technology have been the semi-conductor components. (译为“起主要作用”,不译“主要贡献者”。) There are three steps which must be taken before we graduate from the integrated circuit technology. (译为“完全掌握”,不译“毕业于”。) The iron ore used to make steel comes from open-pit and underground mines. (译为“炼钢”,不译“制造刚”。) An insulator offers a very high resistance to the passage through which electric current goes. (译为“很大阻力”,不译“高阻力”) Mater can be changed into energy, and energy into mater. 物质可以转换为能,能也可以转化为物质。 The best conductor has the least resistance and the poorest has the greatest. 最好的导体电阻最小,最差的导体电阻最大。 If A is equal to D, A plus B equals D plus B. 若A=D,则A+B=D+B。 The first electronic computers used vacuum tubes and other components, and this made the equipment very large and bulky. 第一代电子计算机使用真空管和其他元件,这使得设备又大又笨。 Oxidation will make iron and steel rusty. 氧化作用会使钢铁生锈。 The cost of such a power plant is a relatively small portion of the total cost of the development. 这样一个发电站的修建费用仅占该开发工程总费用的一小部分。 The resistance of the pipe to the flow of water through it depends upon the length of the pipe, the diameter of the pipe, and the feature of the inside walls(rough or smooth)。 水管对通过的水流的阻力取决于下列三个因素:管道长度、管道直径、管道内壁的特性(粗糙或光滑)。Heat from the sun stirs up the atmosphere, generating winds. 太阳发出的热能搅动大气,于是产生了风。 In general, all the metals are good conductors, with silver the best and copper the second. 一般来说,金属都是良导体,其中以银为最好,铜次之。 The world of work injury insurance is complex. 工伤保险是复杂的。 Any substance is made of atoms whether it is a solid, a liquid, or a gas. 任何物质,不论是固体、液体或是气体,都是有原子组成的。 In the absence of force, a body will either remain at rest, or continue to move with constant speed in a straight line. 无外力作用,物体则保持静止状态,或作匀速直线运动。 A wire lengthens while it is heated. 金属丝受热则伸长。 Practically all substances expand when heated and contract when cooled. 几乎所有的物质都是热胀冷缩的。
Unit 1 Safety Management Systems 安全管理体系 1.Accident Causation Models 1.事故致因理论 The most important aim of safety management is to maintain and promote workers' health and safety at work. Understanding why and how accidents and other unwanted events develop is important when preventive activities are planned. Accident theories aim to clarify the accident phenomena,and to explain the mechanisms that lead to accidents. All modem theories are based on accident causation models which try to explain the sequence of events that finally produce the loss. In ancient times, accidents were seen as an act of God and very little could be done to prevent them. In the beginning of the 20th century,it was believed that the poor physical conditions are the root causes of accidents. Safety practitioners concentrated on improving machine guarding, housekeeping and inspections. In most cases an accident is the result of two things :The human act, and the condition of the physical or social environment. 安全管理系统最重要的目的是维护和促进工人们在工作时的健康和安全。在制定预防性计划时,了解为什么、怎样做和其他意外事故的发展是十分重要的。事故致因理论旨在阐明事故现象,和解释事故的机理。所有现代理论都是基于试图解释事件发生、发展过程和最终引起损失的事故致因理论。在古老的时期,事故被看做是上帝的行为并且几乎没有预防的方法去阻止他们。在20世纪开始的时候,人们开始相信差的物理条件是事故发生的根源。安全从业人员集中注意力在提高机器监护、维护和清理上。在大多数情况下,一件事故的发生主要有两个原因:人类的行为和物理或者社会环境。 Petersen extended the causation theory from the individual acts and local conditions to the management system. He concluded that unsafe acts, unsafe conditions,and accidents are all symptoms of something wrong in the organizational management system. Furthermore, he stated that it is the top management who is responsible for building up such a system that can effectively control the hazards associated to the organization’s operation. The errors done by a single person can be intentional or unintentional. Rasmussen and Jensen have presented a three-level skill-rule-knowledge model for describing the origins of the different types of human errors. Nowadays,this model is one of the standard methods in the examination of human errors at work. 彼得森根据管理体系中个人的行为结合当地的环境扩充了事故致因理论。他的结论是像不安全行为、不安全情况是一些错误的组织管理系统导致事故的征兆。另外,他指出,高层管理人员负责建立一个能够有效控制危险源有关组织。一个人出现的错误可能是有意的或者是无意的。拉斯姆森和杰森已经提出了三个层次的技能规则知识模型来描述不同种类的人错误的起源。如今,这种模式已经成为在工作中检验人的错误的标准之一。 Accident-proneness models suggest that some people are more likely to suffer anaccident than others. The first model was created in 1919,based on statistical examinations in a mumilions factory. This model dominated the safety thinking and research for almost 50 years, and it is still used in some organizations. As a result of this thinking, accident was blamed solely