mirror of
https://github.com/LCTT/TranslateProject.git
synced 2025-03-24 02:20:09 +08:00
Merge remote-tracking branch 'LCTT/master'
This commit is contained in:
Xingyu Wang
commit
055b43d7d0
@ -1,115 +0,0 @@
|
||||
[#]: collector: (lujun9972)
|
||||
[#]: translator: ( )
|
||||
[#]: reviewer: ( )
|
||||
[#]: publisher: ( )
|
||||
[#]: url: ( )
|
||||
[#]: subject: (Why Sorting is O(N log N))
|
||||
[#]: via: (https://theartofmachinery.com/2019/01/05/sorting_is_nlogn.html)
|
||||
[#]: author: (Simon Arneaud https://theartofmachinery.com)
|
||||
|
||||
Why Sorting is O(N log N)
|
||||
======
|
||||
|
||||
Any decent algorithms textbook will explain how fast sorting algorithms like quicksort and heapsort are, but it doesn’t take crazy maths to prove that they’re as asymptotically fast as you can possibly get.
|
||||
|
||||
### A pedantic note about notation
|
||||
|
||||
Most computer scientists use big-O notation to mean “asymptotically equal, up to a constant scaling factor”, which isn’t quite what it means to other mathematicians. Sorry, I’ll use big-O like in CS textbooks, but at least I won’t mix it with other mathematical notation.
|
||||
|
||||
## Comparison-based sorting
|
||||
|
||||
Let’s look at the special case of algorithms that compare values two at a time (like quicksort and heapsort, and most other popular algorithms). The ideas can be extended to all sorting algorithms later.
|
||||
|
||||
### A simple counting argument for the worst case
|
||||
|
||||
Suppose you have an array of four elements, all different, in random order. Can you sort it by comparing just one pair of elements? Obviously not, but here’s one good reason that proves you can’t: By definition, to sort the array, you need to how to rearrange the elements to put them in order. In other words, you need to know which permutation is needed. How many possible permutations are there? The first element could be moved to one of four places, the second one could go to one of the remaining three, the third element has two options, and the last element has to take the one remaining place. So there are (4 \times 3 \times 2 \times 1 = 4! = 24) possible permutations to choose from, but there are only two possible results from comparing two different things: “BIGGER” and “SMALLER”. If you made a list of all the possible permutations, you might decide that “BIGGER” means you need permutation #8 and “SMALLER” means you need permutation #24, but there’s no way you could know when you need the other 22 permutations.
|
||||
|
||||
With two comparisons, you have (2 \times 2 = 4) possible outputs, which still isn’t enough. You can’t sort every possible shuffled array unless you do at least five comparisons ((2^{5} = 32)). If (W(N)) is the worst-case number of comparisons needed to sort (N) different elements using some algorithm, we can say
|
||||
|
||||
[2^{W(N)} \geq N!]
|
||||
|
||||
Taking a logarithm base 2,
|
||||
|
||||
[W(N) \geq \log_{2}{N!}]
|
||||
|
||||
Asymptotically, (N!) grows like (N^{N}) (see also [Stirling’s formula][1]), so
|
||||
|
||||
[W(N) \succeq \log N^{N} = N\log N]
|
||||
|
||||
And that’s an (O(N\log N)) limit on the worst case just from counting outputs.
|
||||
|
||||
### Average case from information theory
|
||||
|
||||
We can get a stronger result if we extend that counting argument with a little information theory. Here’s how we could use a sorting algorithm as a code for transmitting information:
|
||||
|
||||
1. I think of a number — say, 15
|
||||
2. I look up permutation #15 from the list of permutations of four elements
|
||||
3. I run the sorting algorithm on this permutation and record all the “BIGGER” and “SMALLER” comparison results
|
||||
4. I transmit the comparison results to you in binary code
|
||||
5. You re-enact my sorting algorithm run, step by step, referring to my list of comparison results as needed
|
||||
6. Now that you know how I rearranged my array to make it sorted, you can reverse the permutation to figure out my original array
|
||||
7. You look up my original array in the permutation list to figure out I transmitted the number 15
|
||||
|
||||
|
||||
|
||||
Okay, it’s a bit strange, but it could be done. That means that sorting algorithms are bound by the same laws as normal encoding schemes, including the theorem proving there’s no universal data compressor. I transmitted one bit per comparison the algorithm does, so, on average, the number of comparisons must be at least the number of bits needed to represent my data, according to information theory. More technically, [the average number of comparisons must be at least the Shannon entropy of my input data, measured in bits][2]. Entropy is a mathematical measure of the information content, or unpredictability, of something.
|
||||
|
||||
If I have an array of (N) elements that could be in any possible order without bias, then entropy is maximised and is (\log_{2}{N!}) bits. That proves that (O(N\log N)) is an optimal average for a comparison-based sort with arbitrary input.
|
||||
|
||||
That’s the theory, but how do real sorting algorithms compare? Below is a plot of the average number of comparisons needed to sort an array. I’ve compared the theoretical optimum against naïve quicksort and the [Ford-Johnson merge-insertion sort][3], which was designed to minimise comparisons (though it’s rarely faster than quicksort overall because there’s more to life than minimising comparisons). Since it was developed in 1959, merge-insertion sort has been tweaked to squeeze a few more comparisons out, but the plot shows it’s already almost optimal.
|
||||
|
||||
![Plot of average number of comparisons needed to sort randomly shuffled arrays of length up to 100. Bottom line is theoretical optimum. Within about 1% is merge-insertion sort. Naïve quicksort is within about 25% of optimum.][4]
|
||||
|
||||
It’s nice when a little theory gives such a tight practical result.
|
||||
|
||||
### Summary so far
|
||||
|
||||
Here’s what’s been proven so far:
|
||||
|
||||
1. If the array could start in any order, at least (O(N\log N)) comparisons are needed in the worst case
|
||||
2. The average number of comparisons must be at least the entropy of the array, which is (O(N\log N)) for random input
|
||||
|
||||
|
||||
|
||||
Note that #2 allows comparison-based sorting algorithms to be faster than (O(N\log N)) if the input is low entropy (in other words, more predictable). Merge sort is close to (O(N)) if the input contains many sorted subarrays. Insertion sort is close to (O(N)) if the input is an array that was sorted before being perturbed a bit. None of them beat (O(N\log N)) in the worst case unless some array orderings are impossible as inputs.
|
||||
|
||||
## General sorting algorithms
|
||||
|
||||
Comparison-based sorts are an interesting special case in practice, but there’s nothing theoretically special about [`CMP`][5] as opposed to any other instruction on a computer. Both arguments above can be generalised to any sorting algorithm if you note a couple of things:
|
||||
|
||||
1. Most computer instructions have more than two possible outputs, but still have a limited number
|
||||
2. The limited number of outputs means that one instruction can only process a limited amount of entropy
|
||||
|
||||
|
||||
|
||||
That gives us the same (O(N\log N)) lower bound on the number of instructions. Any physically realisable computer can only process a limited number of instructions at a time, so that’s an (O(N\log N)) lower bound on the time required, as well.
|
||||
|
||||
### But what about “faster” algorithms?
|
||||
|
||||
The most useful practical implication of the general (O(N\log N)) bound is that if you hear about any asymptotically faster algorithm, you know it must be “cheating” somehow. There must be some catch that means it isn’t a general purpose sorting algorithm that scales to arbitrarily large arrays. It might still be a useful algorithm, but it’s a good idea to read the fine print closely.
|
||||
|
||||
A well-known example is radix sort. It’s often called an (O(N)) sorting algorithm, but the catch is that it only works if all the numbers fit into (k) bits, and it’s really (O({kN})).
|
||||
|
||||
What does that mean in practice? Suppose you have an 8-bit machine. You can represent (2^{8} = 256) different numbers in 8 bits, so if you have an array of thousands of numbers, you’re going to have duplicates. That might be okay for some applications, but for others you need to upgrade to at least 16 bits, which can represent (2^{16} = 65,536) numbers distinctly. 32 bits will support (2^{32} = 4,294,967,296) different numbers. As the size of the array goes up, the number of bits needed will tend to go up, too. To represent (N) different numbers distinctly, you’ll need (k \geq \log_{2}N). So, unless you’re okay with lots of duplicates in your array, (O({kN})) is effectively (O(N\log N)).
|
||||
|
||||
The need for (O(N\log N)) of input data in the general case actually proves the overall result by itself. That argument isn’t so interesting in practice because we rarely need to sort billions of integers on a 32-bit machine, and [if anyone’s hit the limits of a 64-bit machine, they haven’t told the rest of us][6].
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
via: https://theartofmachinery.com/2019/01/05/sorting_is_nlogn.html
|
||||
|
||||
作者:[Simon Arneaud][a]
|
||||
选题:[lujun9972][b]
|
||||
译者:[译者ID](https://github.com/译者ID)
|
||||
校对:[校对者ID](https://github.com/校对者ID)
|
||||
|
||||
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
|
||||
|
||||
[a]: https://theartofmachinery.com
|
||||
[b]: https://github.com/lujun9972
|
||||
[1]: http://hyperphysics.phy-astr.gsu.edu/hbase/Math/stirling.html
|
||||
[2]: https://en.wikipedia.org/wiki/Shannon%27s_source_coding_theorem
|
||||
[3]: https://en.wikipedia.org/wiki/Merge-insertion_sort
|
||||
[4]: /images/sorting_is_nlogn/sorting_algorithms_num_comparisons.svg
|
||||
[5]: https://c9x.me/x86/html/file_module_x86_id_35.html
|
||||
[6]: https://sortbenchmark.org/
|
||||
@ -1,140 +0,0 @@
|
||||
[#]: collector: (lujun9972)
|
||||
[#]: translator: ( )
|
||||
[#]: reviewer: ( )
|
||||
[#]: publisher: ( )
|
||||
[#]: url: ( )
|
||||
[#]: subject: (What is DNS and how does it work?)
|
||||
[#]: via: (https://www.networkworld.com/article/3268449/what-is-dns-and-how-does-it-work.html)
|
||||
[#]: author: (Keith Shaw and Josh Fruhlinger )
|
||||
|
||||
What is DNS and how does it work?
|
||||
======
|
||||
The Domain Name System resolves the names of internet sites with their underlying IP addresses adding efficiency and even security in the process.
|
||||
Thinkstock
|
||||
|
||||
The Domain Name System (DNS) is one of the foundations of the internet, yet most people outside of networking probably don’t realize they use it every day to do their jobs, check their email or waste time on their smartphones.
|
||||
|
||||
At its most basic, DNS is a directory of names that match with numbers. The numbers, in this case are IP addresses, which computers use to communicate with each other. Most descriptions of DNS use the analogy of a phone book, which is fine for people over the age of 30 who know what a phone book is.
|
||||
|
||||
[[Get regularly scheduled insights by signing up for Network World newsletters.]][1]
|
||||
|
||||
If you’re under 30, think of DNS like your smartphone’s contact list, which matches people’s names with their phone numbers and email addresses. Then multiply that contact list by everyone else on the planet.
|
||||
|
||||
### A brief history of DNS
|
||||
|
||||
When the internet was very, very small, it was easier for people to correspond specific IP addresses with specific computers, but that didn’t last for long as more devices and people joined the growing network. It's still possible to type a specific IP address into a browser to reach a website, but then, as now, people wanted an address made up of easy-to-remember words, of the sort that we would recognize as a domain name (like networkworld.com) today. In the 1970s and early '80s, those names and addresses were assigned by one person — [Elizabeth Feinler at Stanford][2] – who maintained a master list of every Internet-connected computer in a text file called [HOSTS.TXT][3].
|
||||
|
||||
This was obviously an untenable situation as the Internet grew, not least because Feinler only handled requests before 6 p.m. California time, and took time off for Christmas. In 1983, Paul Mockapetris, a researcher at USC, was tasked with coming up with a compromise among multiple suggestions for dealing with the problem. He basically ignored them all and developed his own system, which he dubbed DNS. While it's obviously changed quite a bit since then, at a fundamental level it still works the same way it did nearly 40 years ago.
|
||||
|
||||
### How DNS servers work
|
||||
|
||||
The DNS directory that matches name to numbers isn’t located all in one place in some dark corner of the internet. With [more than 332 million domain names listed at the end of 2017][4], a single directory would be very large indeed. Like the internet itself, the directory is distributed around the world, stored on domain name servers (generally referred to as DNS servers for short) that all communicate with each other on a very regular basis to provide updates and redundancies.
|
||||
|
||||
### Authoritative DNS servers vs. recursive DNS servers
|
||||
|
||||
When your computer wants to find the IP address associated with a domain name, it first makes its request to a recursive DNS server, also known as recursive resolver*.* A recursive resolver is a server that is usually operated by an ISP or other third-party provider, and it knows which other DNS servers it needs to ask to resolve the name of a site with its IP address. The servers that actually have the needed information are called authoritative DNS servers*.*
|
||||
|
||||
### DNS servers and IP addresses
|
||||
|
||||
Each domain can correspond to more than one IP address. In fact, some sites have hundreds or more IP addresses that correspond with a single domain name. For example, the server your computer reaches for [www.google.com][5] is likely completely different from the server that someone in another country would reach by typing the same site name into their browser.
|
||||
|
||||
Another reason for the distributed nature of the directory is the amount of time it would take for you to get a response when you were looking for a site if there was only one location for the directory, shared among the millions, probably billions, of people also looking for information at the same time. That’s one long line to use the phone book.
|
||||
|
||||
### What is DNS caching?
|
||||
|
||||
To get around this problem, DNS information is shared among many servers. But information for sites visited recently is also cached locally on client computers. Chances are that you use google.com several times a day. Instead of your computer querying the DNS name server for the IP address of google.com every time, that information is saved on your computer so it doesn’t have to access a DNS server to resolve the name with its IP address. Additional caching can occur on the routers used to connect clients to the internet, as well as on the servers of the user’s Internet Service Provider (ISP). With so much caching going on, the number of queries that actually make it to DNS name servers is a lot lower than it would seem.
|
||||
|
||||
### How do I find my DNS server?
|
||||
|
||||
Generally speaking, the DNS server you use will be established automatically by your network provider when you connect to the internet. If you want to see which servers are your primary nameservers — generally the recursive resolver, as described above — there are web utilities that can provide a host of information about your current network connection. [Browserleaks.com][6] is a good one, and it provides a lot of information, including your current DNS servers.
|
||||
|
||||
### Can I use 8.8.8.8 DNS?
|
||||
|
||||
It's important to keep in mind, though, that while your ISP will set a default DNS server, you're under no obligation to use it. Some users may have reason to avoid their ISP's DNS — for instance, some ISPs use their DNS servers to redirect requests for nonexistent addresses to [pages with advertising][7].
|
||||
|
||||
If you want an alternative, you can instead point your computer to a public DNS server that will act as a recursive resolver. One of the most prominent public DNS servers is Google's; its IP address is 8.8.8.8. Google's DNS services tend to be [fast][8], and while there are certain questions about the [ulterior motives Google has for offering the free service][9], they can't really get any more information from you that they don't already get from Chrome. Google has a page with detailed instructions on how to [configure your computer or router][10] to connect to Google's DNS.
|
||||
|
||||
### How DNS adds efficiency
|
||||
|
||||
DNS is organized in a hierarchy that helps keep things running quickly and smoothly. To illustrate, let’s pretend that you wanted to visit networkworld.com.
|
||||
|
||||
The initial request for the IP address is made to a recursive resolver, as discussed above. The recursive resolver knows which other DNS servers it needs to ask to resolve the name of a site (networkworld.com) with its IP address. This search leads to a root server, which knows all the information about top-level domains, such as .com, .net, .org and all of those country domains like .cn (China) and .uk (United Kingdom). Root servers are located all around the world, so the system usually directs you to the closest one geographically.
|
||||
|
||||
Once the request reaches the correct root server, it goes to a top-level domain (TLD) name server, which stores the information for the second-level domain, the words used before you get to the .com, .org, .net (for example, that information for networkworld.com is “networkworld”). The request then goes to the Domain Name Server, which holds the information about the site and its IP address. Once the IP address is discovered, it is sent back to the client, which can now use it to visit the website. All of this takes mere milliseconds.
|
||||
|
||||
Because DNS has been working for the past 30-plus years, most people take it for granted. Security also wasn’t considered when building the system, so [hackers have taken full advantage of this][11], creating a variety of attacks.
|
||||
|
||||
### DNS reflection attacks
|
||||
|
||||
DNS reflection attacks can swamp victims with high-volume messages from DNS resolver servers. Attackers request large DNS files from all the open DNS resolvers they can find and do so using the spoofed IP address of the victim. When the resolvers respond, the victim receives a flood of unrequested DNS data that overwhelms their machines.
|
||||
|
||||
### DNS cache poisoning
|
||||
|
||||
[DNS cache poisoning][12] can divert users to malicious Web sites. Attackers manage to insert false address records into the DNS so when a potential victim requests an address resolution for one of the poisoned sites, the DNS responds with the IP address for a different site, one controlled by the attacker. Once on these phony sites, victims may be tricked into giving up passwords or suffer malware downloads.
|
||||
|
||||
### DNS resource exhaustion
|
||||
|
||||
[DNS resource exhaustion][13] attacks can clog the DNS infrastructure of ISPs, blocking the ISP’s customers from reaching sites on the internet. This can be done by attackers registering a domain name and using the victim’s name server as the domain’s authoritative server. So if a recursive resolver can’t supply the IP address associated with the site name, it will ask the name server of the victim. Attackers generate large numbers of requests for their domain and toss in non-existent subdomains to boot, which leads to a torrent of resolution requests being fired at the victim’s name server, overwhelming it.
|
||||
|
||||
### What is DNSSec?
|
||||
|
||||
DNS Security Extensions is an effort to make communication among the various levels of servers involved in DNS lookups more secure. It was devised by the Internet Corporation for Assigned Names and Numbers (ICANN), the organization in charge of the DNS system.
|
||||
|
||||
ICANN became aware of weaknesses in the communication between the DNS top-level, second-level and third-level directory servers that could allow attackers to hijack lookups. That would allow the attackers to respond to requests for lookups to legitimate sites with the IP address for malicious sites. These sites could upload malware to users or carry out phishing and pharming attacks.
|
||||
|
||||
DNSSEC would address this by having each level of DNS server digitally sign its requests, which insures that the requests sent in by end users aren’t commandeered by attackers. This creates a chain of trust so that at each step in the lookup, the integrity of the request is validated.
|
||||
|
||||
In addition, DNSSec can determine if domain names exist, and if one doesn’t, it won’t let that fraudulent domain be delivered to innocent requesters seeking to have a domain name resolved.
|
||||
|
||||
As more domain names are created, and more devices continue to join the network via internet of things devices and other “smart” systems, and as [more sites migrate to IPv6][14], maintaining a healthy DNS ecosystem will be required. The growth of big data and analytics also [brings a greater need for DNS management][15].
|
||||
|
||||
### SIGRed: A wormable DNS flaw rears its head
|
||||
|
||||
The world got a good look recently at the sort of chaos weaknesses in DNS could cause with the discovery of a flaw in Windows DNS servers. The potential security hole, dubbed SIGRed, [requires a complex attack chain][16], but can exploit unpatched Windows DNS servers to potentially install and execute arbitrary malicious code on clients. And the exploit is "wormable," meaning that it can spread from computer to computer without human intervention. The vulnerability was considered alarming enough that U.S. federal agencies were [given only a few days to install patches][17].
|
||||
|
||||
### DNS over HTTPS: A new privacy landscape
|
||||
|
||||
As of this writing, DNS is on the verge of one of its biggest shifts in its history. Google and Mozilla, who together control the lion's share of the browser market, are encouraging a move towards [DNS over HTTPS][18], or DoH, in which DNS requests are encrypted by the same HTTPS protocol that already protects most web traffic. In Chrome's implementation, the browser checks to see if the DNS servers support DoH, and if they don't, it reroutes DNS requests to Google's 8.8.8.8.
|
||||
|
||||
It's a move not without controversy. Paul Vixie, who did much of the early work on the DNS protocol back in the 1980s, calls the move a "[disaster][19]" for security: corporate IT will have a much harder time monitoring or directing DoH traffic that traverses their network, for instance. Still, Chrome is omnipresent and DoH will soon be turned on by default, so we'll see what the future holds.
|
||||
|
||||
_(Keith Shaw is_ _a former senior editor for Network World and_ _an award-winning writer, editor and product reviewer who has written for many publications and websites around the world.)_
|
||||
|
||||
_(Josh Fruhlinger is a writer and editor who lives in Los Angeles.)_
|
||||
|
||||
Join the Network World communities on [Facebook][20] and [LinkedIn][21] to comment on topics that are top of mind.
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
via: https://www.networkworld.com/article/3268449/what-is-dns-and-how-does-it-work.html
|
||||
|
||||
作者:[Keith Shaw and Josh Fruhlinger][a]
|
||||
选题:[lujun9972][b]
|
||||
译者:[译者ID](https://github.com/译者ID)
|
||||
校对:[校对者ID](https://github.com/校对者ID)
|
||||
|
||||
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
|
||||
|
||||
[a]:
|
||||
[b]: https://github.com/lujun9972
|
||||
[1]: https://www.networkworld.com/newsletters/signup.html
|
||||
[2]: https://www.internethalloffame.org/blog/2012/07/23/why-does-net-still-work-christmas-paul-mockapetris
|
||||
[3]: https://tools.ietf.org/html/rfc608
|
||||
[4]: http://www.verisign.com/en_US/domain-names/dnib/index.xhtml?section=cc-tlds
|
||||
[5]: http://www.google.com
|
||||
[6]: https://browserleaks.com/ip
|
||||
[7]: https://www.networkworld.com/article/2246426/comcast-redirects-bad-urls-to-pages-with-advertising.html
|
||||
[8]: https://www.networkworld.com/article/3194890/comparing-the-performance-of-popular-public-dns-providers.html
|
||||
[9]: https://blog.dnsimple.com/2015/03/why-and-how-to-use-googles-public-dns/
|
||||
[10]: https://developers.google.com/speed/public-dns/docs/using
|
||||
[11]: https://www.networkworld.com/article/2838356/network-security/dns-is-ubiquitous-and-its-easily-abused-to-halt-service-or-steal-data.html
|
||||
[12]: https://www.networkworld.com/article/2277316/tech-primers/tech-primers-how-dns-cache-poisoning-works.html
|
||||
[13]: https://www.cloudmark.com/releases/docs/whitepapers/dns-resource-exhaustion-v01.pdf
|
||||
[14]: https://www.networkworld.com/article/3254575/lan-wan/what-is-ipv6-and-why-aren-t-we-there-yet.html
|
||||
[15]: http://social.dnsmadeeasy.com/blog/opinion/future-big-data-dns-analytics/
|
||||
[16]: https://www.csoonline.com/article/3567188/wormable-dns-flaw-endangers-all-windows-servers.html
|
||||
[17]: https://federalnewsnetwork.com/cybersecurity/2020/07/cisa-gives-agencies-a-day-to-remedy-windows-dns-server-vulnerability/
|
||||
[18]: https://www.networkworld.com/article/3322023/dns-over-https-seeks-to-make-internet-use-more-private.html
|
||||
[19]: https://www.theregister.com/2018/10/23/paul_vixie_slaps_doh_as_dns_privacy_feature_becomes_a_standard/
|
||||
[20]: https://www.facebook.com/NetworkWorld/
|
||||
[21]: https://www.linkedin.com/company/network-world
|
||||
@ -0,0 +1,144 @@
|
||||
[#]: collector: (lujun9972)
|
||||
[#]: translator: ( )
|
||||
[#]: reviewer: ( )
|
||||
[#]: publisher: ( )
|
||||
[#]: url: ( )
|
||||
[#]: subject: (PCLinuxOS Review: This Classic Independent Linux Distribution is Definitely Worth a Look)
|
||||
[#]: via: (https://itsfoss.com/pclinuxos-review/)
|
||||
[#]: author: (John Paul https://itsfoss.com/author/john/)
|
||||
|
||||
PCLinuxOS Review: This Classic Independent Linux Distribution is Definitely Worth a Look
|
||||
======
|
||||
|
||||
Most of the Linux distributions that we cover on It’s FOSS are based on either Ubuntu or Arch.
|
||||
|
||||
No, we don’t have any affinity for either Ubuntu or Arch though personally, [I love using Manjaro][1]. It’s just that majority of new Linux distributions are based on these two.
|
||||
|
||||
While discussing within the team, we thought, why fixate over new distributions. Why not go for the classic distributions? Distributions that don’t belong to DEB/Arch domain.
|
||||
|
||||
So, today, we are going to be looking at an independent distro that tends to go against the flow. We’ll be looking at PCLinuxOS.
|
||||
|
||||
### What is PCLinuxOS?
|
||||
|
||||
![][2]
|
||||
|
||||
Back in 2000, Bill Reynolds (also known as Texstar) created a series of packages to improve Mandrake Linux, which later became [Mandriva Linux][3]. [PCLinuxOS][4] first became a separate distro in 2003 when Texstar forked Mandrake. He [said][5] that he made the move because he wanted “to provide an outlet for my crazy desire to package source code without having to deal with egos, arrogance and politics”.
|
||||
|
||||
As I said earlier, PCLinuxOS does not follow the rest of the Linux world. PCLinuxOS does not use systemd. Instead, it uses SysV init and “[will continue to do so for the foreseeable future][6]“.
|
||||
|
||||
It also has one of the oddest package management systems, I have ever encountered. PCLinuxOS uses apt and [synaptic][7] to handle RPM packages. Unlike most distros that use either apt or rpm, PCLinuxOS is a rolling distro. It also supports [Flatpak][8].
|
||||
|
||||
The PCLinuxOS team offers [three different versions][9]: **KDE**, **MATE**, and **XFCE**. The PCLinuxOS community has also created a number of [community][10] [releases][11] with more desktop options.
|
||||
|
||||
![PCLinuxOS Updater][12]
|
||||
|
||||
### System requirements for PCLinuxOS
|
||||
|
||||
According to the [PCLinuxOS wiki][13], the following hardware is recommended to run PCLinuxOS:
|
||||
|
||||
* Modern Intel or AMD processor.
|
||||
* 10 GB or more free space recommended.
|
||||
* Minimum 2 GB of memory. – Recommended 4 GB or more.
|
||||
* Any modern video card by Nvidia, ATI, Intel, SiS, Matrox, or VIA.
|
||||
* 3D desktop support requires a 3D instructions set compatible card.
|
||||
* Any Sound Blaster, AC97, or HDA compatible card.
|
||||
* A CD or DVD drive.
|
||||
* Flash drives can also be used to install, with PCLinuxOS-LiveUSB script just for this purpose.
|
||||
* Generally any onboard network card will suffice.
|
||||
* A high-speed internet connection is recommended for performing any updates/software installations as necessary.
|
||||
|
||||
|
||||
|
||||
### Experience with PCLinuxOS
|
||||
|
||||
I originally encountered PCLinuxOS when I was first entering the Linux world about 7+ years ago. Back then I was trying out distros like crazy. At the time, I didn’t quite understand it and ended up going with Lubuntu.
|
||||
|
||||
Recently, I was reminded of the distro when [Matt Hartley][14], community manager at [OpenShot][15] mentioned it on the [Bryan Lunduke podcast][16]. PCLinuxOS is Hartley’s daily driver and has been for a while. Based on his comments, I decided to take another look at it.
|
||||
|
||||
#### Smooth installation
|
||||
|
||||
![PCLinuxOS installer][17]
|
||||
|
||||
The majority of Linux distros use one of three installers, [Ubiquity][18], [Anaconda][19], or [Calamares][20]. PCLinuxOS is one of the few that has its own installer, which it inherited from Mandrake. The installation went quickly and without any issue.
|
||||
|
||||
After the installation, I booted into the MATE [desktop environment][21] (because I had to). A dialog box asked me if I wanted to enable the update notifier. It’s always best to be up-to-date, so I did.
|
||||
|
||||
#### Handy set of utilities
|
||||
|
||||
Besides the usual list of utilities, office programs, and web tools, PCLinuxOS has a couple of interesting additions. Both Zoom (a videoconferencing tool) and AnyDesk (a remote desktop application) come pre-installed for your remote working needs. The menu also includes an option to install VirtualBox GuestAdditions (in case you installed PCLinuxOS on VirtualBox).
|
||||
|
||||
![PCLinuxOS Control Center][22]
|
||||
|
||||
PCLinuxOS comes with a control center to handle all of your system admin needs. It covers installing software, file sharing, handles network connections, handles hardware issues, and security.
|
||||
|
||||
#### Create your own custom PCLinuxOS live disk
|
||||
|
||||
It also comes with a couple of apps that allow you to download a new PCLinuxOS ISO, write that ISO to a disc or USB, or create [your own LiveCD][23] based on your current system.
|
||||
|
||||
![It is easy to create your own custom PCLinuxOS ISO][24]
|
||||
|
||||
#### No sudo in PCLinuxOS
|
||||
|
||||
Interestingly, PCLinuxOS doesn’t have `sudo` installed. According to the [FAQ][6], “Some distros…leaving sudo in a default state where all administrator functions are allowed without the requirement to enter the root password. We consider this an unacceptable security risk.” Whenever you perform a task that requires admin privileges, a window appears asking for your password.
|
||||
|
||||
#### Strong community
|
||||
|
||||
One of the cool things about PCLinuxOS is its strong community. That community creates a monthly [e-magazine][25]. Each issue contains news, tutorials, puzzles, and even recipes. The only other distro (or family of distros) that has sustained a community publication for over 15 years is Ubuntu with the [Full Circle Magazine][26]. Be sure to check it out.
|
||||
|
||||
#### No hardware issues noticed (for my system)
|
||||
|
||||
This is one of the last distros I will review on my Dell Latitude D630. (I’m moving up to a newer Thinkpad.) One of the major problems I’ve had in the past was getting the Nvidia GPU to work correctly. I didn’t have any issues with PCLinuxOS. It just worked out of the box.
|
||||
|
||||
### Final Thoughts
|
||||
|
||||
![PCLinuxOS Desktop][27]
|
||||
|
||||
PCLinuxOS also provides an easy way to remaster the system after installation. It allows you to create a live disk of PCLinuxOS with your customization. I
|
||||
|
||||
PCLinuxOS feels like part of the past and part of the present. It reflects the pre-systemd days and offers a modern desktop and apps at the same time. The only thing I would complain about is that there are fewer applications available in the repos than more popular distros, but the availability of Flatpak and AppImages should fix that.
|
||||
|
||||
PCLinuxOS’ tag line is: “_**So cool ice cubes are jealous**_“. It might sound corny, but I think it’s true, especially if you aren’t a fan of the direction the rest of the Linux world has taken. If you find something lacking in the big Linux distros, check out this old-little distro with a great community.
|
||||
|
||||
Have you ever used PCLinuxOS? What is your favorite independent distro? Please let us know in the comments below. If you found this article interesting, please take a minute to share it on social media, Hacker News or [Reddit][28].
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
via: https://itsfoss.com/pclinuxos-review/
|
||||
|
||||
作者:[John Paul][a]
|
||||
选题:[lujun9972][b]
|
||||
译者:[译者ID](https://github.com/译者ID)
|
||||
校对:[校对者ID](https://github.com/校对者ID)
|
||||
|
||||
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
|
||||
|
||||
[a]: https://itsfoss.com/author/john/
|
||||
[b]: https://github.com/lujun9972
|
||||
[1]: https://itsfoss.com/why-use-manjaro-linux/
|
||||
[2]: https://i1.wp.com/itsfoss.com/wp-content/uploads/2020/09/PCLinuxOS-review.png?resize=800%2C450&ssl=1
|
||||
[3]: https://en.wikipedia.org/wiki/Mandriva_Linux
|
||||
[4]: https://www.pclinuxos.com/
|
||||
[5]: http://linux-blog.org/Experiment-Interview-with-Texstar-of-PCLinuxOS/
|
||||
[6]: https://pclinuxoshelp.com/index.php/Frequently_Asked_Questions
|
||||
[7]: https://itsfoss.com/synaptic-package-manager/
|
||||
[8]: https://pclinuxoshelp.com/index.php/Installing_Software#Using_Flatpak
|
||||
[9]: https://www.pclinuxos.com/?page_id=10
|
||||
[10]: https://ftp.nluug.nl/pub/os/Linux/distr/pclinuxos/pclinuxos/live-cd/community/
|
||||
[11]: https://pclosusers.com/communityiso/
|
||||
[12]: https://i2.wp.com/itsfoss.com/wp-content/uploads/2020/08/PCLinuxOS-updater.jpg?resize=800%2C487&ssl=1
|
||||
[13]: https://pclinuxoshelp.com/index.php/Hardware_Recommendations
|
||||
[14]: https://twitter.com/matthartley
|
||||
[15]: https://www.openshot.org/
|
||||
[16]: http://www.lunduke.com/
|
||||
[17]: https://i0.wp.com/itsfoss.com/wp-content/uploads/2020/08/PCLinuxOS-installer.jpg?resize=800%2C500&ssl=1
|
||||
[18]: http://launchpad.net/ubiquity
|
||||
[19]: https://fedoraproject.org/wiki/Anaconda
|
||||
[20]: https://calamares.io/
|
||||
[21]: https://itsfoss.com/what-is-desktop-environment/
|
||||
[22]: https://i2.wp.com/itsfoss.com/wp-content/uploads/2020/08/PCLinuxOS-Control-Center.jpg?resize=800%2C585&ssl=1
|
||||
[23]: https://pclinuxoshelp.com/index.php/LiveCD,_Create_your_own
|
||||
[24]: https://i0.wp.com/itsfoss.com/wp-content/uploads/2020/08/PCLinuxOS-downloader.jpg?resize=800%2C608&ssl=1
|
||||
[25]: https://pclosmag.com/index.html
|
||||
[26]: https://fullcirclemagazine.org/
|
||||
[27]: https://i1.wp.com/itsfoss.com/wp-content/uploads/2020/08/PCLinuxOS-desktop.jpg?resize=800%2C500&ssl=1
|
||||
[28]: http://reddit.com/r/linuxusersgroup
|
||||
115
translated/talk/20190105 Why Sorting is O(N log N).md
Normal file
115
translated/talk/20190105 Why Sorting is O(N log N).md
Normal file
@ -0,0 +1,115 @@
|
||||
[#]: collector: (lujun9972)
|
||||
[#]: translator: (silentdawn-zz)
|
||||
[#]: reviewer: ( )
|
||||
[#]: publisher: ( )
|
||||
[#]: url: ( )
|
||||
[#]: subject: (Why Sorting is O(N log N))
|
||||
[#]: via: (https://theartofmachinery.com/2019/01/05/sorting_is_nlogn.html)
|
||||
[#]: author: (Simon Arneaud https://theartofmachinery.com)
|
||||
|
||||
为什么排序的复杂度为 O(N log N)
|
||||
======
|
||||
|
||||
基本上所有正而八经的算法教材都会解释什么是快速排序算法,比如 quicksort 和堆排序,但又都基本上不会动用复杂的数学来证明这些算法只能趋近你所能达到的速度。
|
||||
|
||||
### 关于标记的说明
|
||||
|
||||
大多数计算机专业的科学家使用大写字母 O 标记来指代“趋近与乘以一个常数比例因子”,这与数学专业所指代的意义是有所区别的。这里我使用的大 O 标记的含义与计算机教材所指相同,且不会混杂使用数学专业所指含义。
|
||||
|
||||
## 基于比较的排序
|
||||
|
||||
先来看个特例,即每次比较两个值大小的算法(quicksort、堆排序及其它通用排序算法基本上都是这样的)。这种思想后续可以扩展至所有排序算法。
|
||||
|
||||
### A simple counting argument for the worst case
|
||||
|
||||
假设有 4 个互不相等的数,且顺序随机,那么,可以通过比较一对数字完成排序吗?显然不能,证明如下:根据定义,对该数组排序,需要按照某种顺序重新排列数字。那么究竟有多少种可能的排列呢?第一个数字可以放在四个位置中的任意一个,第二个数字可以放在剩下三个位置中的任意一个,第三个数字可以放在剩下两个位置中的任意一个,最后一个数字只有剩下的一个位置可选。这样,共有 4×3×2×1 = 4! = 24 种排列可供选择。通过一次比较大小,只能产生两种可能的结果。如果列出所有的排列,那么“从小到大”排序对应的可能是第 8 种排列,按“从大到小”排序对应的可能是第 22 种排列,但无法知道什么时候需要的是其它 22 种排列。
|
||||
|
||||
通过 2 次比较,可以得到 2×2=4 种可能的结果,这仍然不够。只要比较的次数少于 5(对应 (2^{5} = 32) 种输出),就无法完成 4 个随机次序的数字的排序。如果 (W(N)) 是最差情况下对 (N) 个不同元素进行排序所需要的比较次数,那么
|
||||
|
||||
[2^{W(N)} \geq N!]
|
||||
|
||||
两边取以 2 为底的对数,得
|
||||
|
||||
[W(N) \geq \log_{2}{N!}]
|
||||
|
||||
(N!) 的增长近似于 (N^{N}) (参阅 [Stirling 公式][1]),那么
|
||||
|
||||
[W(N) \succeq \log N^{N} = N\log N]
|
||||
|
||||
这就是最差情况下从输出计数的角度得出的 (O(N\log N)) 上限。
|
||||
|
||||
### 信息论角度平均状态的例子
|
||||
|
||||
使用一些信息论知识,就可以从上面的讨论中得到一个更有力的结论。下面,使用排序算法作为信息传输的编码器:
|
||||
|
||||
1. 任取一个数,比如 15
|
||||
2. 从 4 个数字的排列列表中查找第 15 种排列
|
||||
3. 对这种排列运行排序算法,记录所有的“大”、“小”比较结果
|
||||
4. 用二进制编码发送比较结果
|
||||
5. 接收端重新逐步执行发送端的排序算法,需要的话可以引用发送端的比较结果
|
||||
6. 现在接收端就可以知道发送端如何重新排列数字以按照需要排序,接收端可以对排列进行逆算,得到 4 个数字的初始顺序
|
||||
7. 接收端在排列表中检索发送端的原始排列,指出发送端发送的是 15
|
||||
|
||||
|
||||
|
||||
确实,这有点奇怪,但确实可以。这意味着排序算法遵循着与编码方案相同的定律,包括理论所证明的通用数据压缩算法的不存在。算法中每次比较发送 1 bit 的比较结果编码数据,根据信息论,比较的次数至少是能表示所有数据的二进制位数。更技术语言点,[平均所需的最小比较次数是输入数据的香农熵以二进制的位数][2]。熵是信息等不可预测量的数学度量。
|
||||
|
||||
包含 (N) 个元素的数组,元素次序随机且无偏时的熵最大,其值为 (\log_{2}{N!}) 二进制位。这证明 (O(N\log N)) 是基于比较的排序对任意输入所需的比较次数。
|
||||
|
||||
以上都是理论说法,那么实际的排序算法如何做比较的呢?下面是一个数组排序所需比较次数均值的图。我比较的是理论值与 quicksort 及 [Ford-Johnson 合并插入排序][3] 的表现。后者设计目的就是最小化比较次数(整体上没比 quicksort 快多少,因为生命中相对于最小化比较,还有更多其它的事情)。又因为合并插入排序是在 1959 年提出的,它又减少了一些比较次数,但图示说明,它基本上达到了最优状态。
|
||||
|
||||
![随机排列 100 个元素所需的平均排序次数图。最下面的线是理论值,约 1% 处的是合并插入算法,原始 quicksort 大约在 25% 处。][4]
|
||||
|
||||
一点点理论导出这么实用的结论,这感觉真棒!
|
||||
|
||||
### 小结
|
||||
|
||||
证明了:
|
||||
|
||||
1. 如果数组可以是任意顺序,在最坏情况下至少需要 (O(N\log N)) 次比较。
|
||||
2. 数组的平均比较次数最少是数组的熵,对随机输入而言,其值是 (O(N\log N)) 。
|
||||
|
||||
|
||||
|
||||
注意,第 2 个结论允许基于比较的算法优于 (O(N\log N)),前提是输入是低熵的(换言之,是部分可预测的)。如果输入包含很多有序的子序列,那么合并排序的性能接近 (O(N))。如果在确定一个位之前,其输入是有序的,插入排序性能接近 (O(N))。在最差情况下,以上算法的性能表现都不超出 (O(N\log N))。
|
||||
|
||||
## 一般排序算法
|
||||
|
||||
基于比较的排序在实践中是个有趣的特例,但计算机的 [`CMP`][5] 指令与其它指令相比,并没有任何理论上的区别。在下面两条的基础上,前面两种情形都可以扩展至任意排序算法:
|
||||
|
||||
1. 大多数计算机指令有多于两个的输出,但输出的数量仍然是有限的。
|
||||
2. 一条指令有限的输出意味着一条指令只能处理有限的熵。
|
||||
|
||||
|
||||
|
||||
这给出了 (O(N\log N)) 对应的指令下限。任何物理可实现的计算机都只能在给定时间内执行有限数量的指令,所以算法的执行时间也有对应 (O(N\log N)) 的下限。
|
||||
|
||||
### 什么是更快的算法?
|
||||
|
||||
一般意义上的 (O(N\log N)) 下限,放在实践中来看,如果听人说到任何更快的算法,你要知道,它肯定以某种方式“作弊”了,其中肯定有圈套,即它不是一个可以处理任意大数组的通用排序算法。可能它是一个有用的算法,但最好看明白它字里行间隐含的东西。
|
||||
|
||||
一个广为人知的例子是基数排序算法 radix sort,它经常被称为 (O(N)) 排序算法,但它只能处理所有数字都是 (k) 位的情况,所以实际上它的性能是 (O({kN}))。
|
||||
|
||||
什么意思呢?假如你用的 8 位计算机,那么 8 个二进制位可以表示 (2^{8} = 256) 个不同的数字,如果数组有上千个数字,那么其中必有重复。对有些应用而言这是可以的,但对有些应用就必须用 16 个二进制位来表示,16 个二进制位可以表示 (2^{16} = 65,536) 个不同的数字。32 个二进制位可以表示 (2^{32} = 4,294,967,296) 不同的数字。随着数组长度的增长,所需要的二进制位数也在增长。要表示 (N) 个不同的数字,需要 (k \geq \log_{2}N) 个二进制位。所以,只有允许数组中存在重复的数字时,(O({kN})) 才优于 (O(N\log N))。
|
||||
|
||||
一般意义上输入数据的 (O(N\log N)) 的性能已经说明了全部问题。这个讨论不那么有趣因为很少需要在 32 位计算机上对几十亿整数进行排序,[如果有谁的需求超出了 64 位计算机的极限,他一定没有说出他的全部][6]。
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
via: https://theartofmachinery.com/2019/01/05/sorting_is_nlogn.html
|
||||
|
||||
作者:[Simon Arneaud][a]
|
||||
选题:[lujun9972][b]
|
||||
译者:[silentdawn-zz](https://github.com/译者ID)
|
||||
校对:[校对者ID](https://github.com/校对者ID)
|
||||
|
||||
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
|
||||
|
||||
[a]: https://theartofmachinery.com
|
||||
[b]: https://github.com/lujun9972
|
||||
[1]: http://hyperphysics.phy-astr.gsu.edu/hbase/Math/stirling.html
|
||||
[2]: https://en.wikipedia.org/wiki/Shannon%27s_source_coding_theorem
|
||||
[3]: https://en.wikipedia.org/wiki/Merge-insertion_sort
|
||||
[4]: /images/sorting_is_nlogn/sorting_algorithms_num_comparisons.svg
|
||||
[5]: https://c9x.me/x86/html/file_module_x86_id_35.html
|
||||
[6]: https://sortbenchmark.org/
|
||||
135
translated/tech/20200826 What is DNS and how does it work.md
Normal file
135
translated/tech/20200826 What is DNS and how does it work.md
Normal file
@ -0,0 +1,135 @@
|
||||
[#]: collector: (lujun9972)
|
||||
[#]: translator: (wxy)
|
||||
[#]: reviewer: ( )
|
||||
[#]: publisher: ( )
|
||||
[#]: url: ( )
|
||||
[#]: subject: (What is DNS and how does it work?)
|
||||
[#]: via: (https://www.networkworld.com/article/3268449/what-is-dns-and-how-does-it-work.html)
|
||||
[#]: author: (Keith Shaw, Josh Fruhlinger )
|
||||
|
||||
什么是 DNS,它是如何工作的?
|
||||
======
|
||||
|
||||
> 域名系统解析互联网网站的名称及其底层 IP 地址,并在此过程中增加了效率和安全性。
|
||||
|
||||
|
||||
|
||||
<ruby>域名系统<rt>Domain Name System</rt></ruby>(DNS)是互联网的基础之一,然而大多数不懂网络的人可能并不知道他们每天都在使用它来工作、查看电子邮件或在智能手机上浪费时间。
|
||||
|
||||
就其本质而言,DNS 是一个与数字匹配的名称目录。这些数字,在这种情况下是 IP 地址,计算机用 IP 地址来相互通信。大多数对 DNS 的描述都是用电话簿来比喻,这对于 30 岁以上的人来说是没有问题的,因为他们知道电话簿是什么。
|
||||
|
||||
如果你还不到 30 岁,可以把 DNS 想象成你的智能手机的联系人名单,它将人们的名字与他们的电话号码及电子邮件地址进行匹配,然后这个联系人名单的就像地球上的人一样多。
|
||||
|
||||
### DNS 简史
|
||||
|
||||
当互联网还非常、非常小的时候,人们很容易将特定的 IP 地址与特定的计算机对应起来,但随着越来越多的设备和人加入到不断发展的网络中,这种简单的情况就没法持续多久了。现在仍然可以在浏览器中输入一个特定的 IP 地址来到达一个网站,但当时和现在一样,人们希望得到一个由容易记忆的单词组成的地址,也就是我们今天所认识的那种域名(比如 linux.cn)。在 20 世纪 70 年代和 80 年代早期,这些名称和地址是由一个人指定的,她是[斯坦福大学的 Elizabeth Feinler][2],她在一个名为 [HOSTS.TXT][3] 的文本文件中维护着一个主列表,记录了每一台连接互联网的计算机。
|
||||
|
||||
随着互联网的发展,这种局面显然无法维持下去,尤其是因为 Feinler 只处理加州时间下午 6 点之前的请求,而且圣诞节也要请假。1983 年,南加州大学的研究人员 Paul Mockapetris 受命在处理这个问题的多种建议中提出一个折中方案。他基本上无视了所有提出的建议,并开发了自己的系统,他将其称为 DNS。虽然从那时起,现今的它显然发生了很大的变化,但在基本层面上,它的工作方式仍然与将近 40 年前相同。
|
||||
|
||||
### DNS 服务器是如何工作的
|
||||
|
||||
将名字与数字相匹配的 DNS 目录并不是整个藏在互联网的某个黑暗角落的一个地方。截至 2017 年底,[它记录了超过 3.32 亿个域名][4],如果作为一个目录确实会非常庞大。就像互联网本身一样,该目录分布在世界各地,存储在域名服务器(一般简称 DNS 服务器)上,这些服务器都会非常有规律地相互沟通,以提供更新和冗余。
|
||||
|
||||
### 权威 DNS 服务器与递归 DNS 服务器的比较
|
||||
|
||||
当你的计算机想要找到与域名相关联的 IP 地址时,它首先会向<ruby>递归<rt>recursive</rt></ruby> DNS 服务器提出请求,也称为递归解析器。递归解析器是一个通常由 ISP 或其他第三方提供商运营的服务器,它知道需要向其他哪些 DNS 服务器请求解析一个网站的名称与其 IP 地址。实际拥有所需信息的服务器称为<ruby>权威<rt>authoritative</rt></ruby> DNS 服务器。
|
||||
|
||||
### DNS 服务器和 IP 地址
|
||||
|
||||
每个域名可以对应一个以上的 IP 地址。事实上,有些网站有数百个或更多的 IP 地址与一个域名相对应。例如,你的计算机访问 [www.google.com][5] 所到达的服务器,很可能与其他国家的人在浏览器中输入相同的网站名称所到达的服务器完全不同。
|
||||
|
||||
该目录的分布式性质的另一个原因是,如果这个目录只有一个位置,在数百万,可能是数十亿同样在同一时间寻找信息的人中共享,那么当你在寻找一个网站时,你需要花费多少时间才能得到响应 —— 这就像是排着长队使用电话簿一样。
|
||||
|
||||
### 什么是 DNS 缓存?
|
||||
|
||||
为了解决这个问题,DNS 信息在许多服务器之间共享。但最近访问过的网站的信息也会在客户端计算机上本地缓存。你有可能每天使用 google.com 好几次。你的计算机不是每次都向 DNS 名称服务器查询 google.com 的 IP 地址,而是将这些信息保存在你的计算机上,这样它就不必访问 DNS 服务器来解析这个带有 IP 地址的名称。额外的缓存可能出现在用于将客户端连接到互联网的路由器上,以及用户的互联网服务提供商(ISP)的服务器上。有了这么多的缓存,实际上对 DNS 名称服务器的查询数量比看起来要少很多。
|
||||
|
||||
### 如何找到我的 DNS 服务器?
|
||||
|
||||
一般来说,当你连接到互联网时,你使用的 DNS 服务器将由你的网络提供商自动建立。如果你想看看哪些服务器是你的主要名称服务器(一般是递归解析器,如上所述),有一些网络实用程序可以提供关于你当前网络连接的信息。[Browserleaks.com][6] 是一个很好的工具,它提供了很多信息,包括你当前的 DNS 服务器。
|
||||
|
||||
### 我可以使用 8.8.8.8 的 DNS 吗?
|
||||
|
||||
但要记住,虽然你的 ISP 会设置一个默认的 DNS 服务器,但你没有义务使用它。有些用户可能有理由避开他们 ISP 的 DNS —— 例如,有些 ISP 使用他们的 DNS 服务器将不存在的地址的请求重定向到[带有广告的网页][7]。
|
||||
|
||||
如果你想要一个替代方案,你可以将你的计算机指向一个公共 DNS 服务器,以它作为一个递归解析器。最著名的公共 DNS 服务器之一是谷歌的,它的 IP 地址是 8.8.8.8 和 8.8.4.4。Google 的 DNS 服务往往是[快速的][8],虽然对 [Google 提供免费服务的别有用心的动机][9]有一定的质疑,但他们无法真正从你那里获得比他们从 Chrome 中获得的更多信息。Google 有一个页面,详细说明了如何[配置你的电脑或路由器][10]连接到 Google 的 DNS。
|
||||
|
||||
### DNS 如何提高效率
|
||||
|
||||
DNS 的组织结构有助于保持事情的快速和顺利运行。为了说明这一点,让我们假设你想访问 linux.cn。
|
||||
|
||||
如上所述,对 IP 地址的初始请求是向递归解析器提出的。递归解析器知道它需要请求哪些其他 DNS 服务器来解析一个网站(linux.cn)的名称与其 IP 地址。这种搜索会传递至根服务器,它知道所有顶级域名的信息,如 .com、.net、.org 以及所有国家域名,如 .cn(中国)和 .uk(英国)。根服务器位于世界各地,所以系统通常会将你引导到地理上最近的一个服务器。
|
||||
|
||||
一旦请求到达正确的根服务器,它就会进入一个顶级域名(TLD)名称服务器,该服务器存储二级域名的信息,即在你到达 .com、.org、.net 之前所使用的单词(例如,linux.cn 的信息是 “linux”)。然后,请求进入域名服务器,域名服务器掌握着网站的信息和 IP 地址。一旦 IP 地址被发现,它就会被发回给客户端,客户端现在可以用它来访问网站。所有这一切都只需要几毫秒的时间。
|
||||
|
||||
因为 DNS 在过去的 30 多年里一直在工作,所以大多数人都认为它是理所当然的。在构建系统的时候也没有考虑到安全问题,所以[黑客们充分利用了这一点][11],制造了各种各样的攻击。
|
||||
|
||||
### DNS 反射攻击
|
||||
|
||||
DNS 反射攻击可以用 DNS 解析器服务器的大量信息淹没受害者。攻击者使用受害者的欺骗 IP 地址来向他们能找到的所有开放的 DNS 解析器请求大量的 DNS 数据。当解析器响应时,受害者会收到大量未请求的 DNS 数据,使其机器不堪重负。
|
||||
|
||||
### DNS 缓存投毒
|
||||
|
||||
[DNS 缓存投毒][12]可将用户转移到恶意网站。攻击者设法在 DNS 中插入虚假的地址记录,这样,当潜在的受害者请求解析其中一个中毒网站的地址时,DNS 就会以另一个由攻击者控制的网站的 IP 地址作出回应。一旦访问了这些假网站,受害者可能会被欺骗,泄露密码或下载了恶意软件。
|
||||
|
||||
### DNS 资源耗尽
|
||||
|
||||
[DNS 资源耗尽][13]攻击可以堵塞 ISP 的 DNS 基础设施,阻止 ISP 的客户访问互联网上的网站。攻击者注册一个域名,并通过将受害者的名称服务器作为域名的权威服务器来实现。因此,如果递归解析器不能提供与网站名称相关的 IP 地址,就会询问受害者的名称服务器。攻击者会对自己注册的域名产生大量的请求,并查询不存在的子域名,这就会导致大量的解析请求发送到受害者的名称服务器,使其不堪重负。
|
||||
|
||||
### 什么是 DNSSec?
|
||||
|
||||
DNS 安全扩展是为了使参与 DNS 查询的各级服务器之间的通信更加安全。它是由负责 DNS 系统的<ruby>互联网名称与数字地址分配机构<rt>Internet Corporation for Assigned Names and Numbers</rt></ruby>(ICANN)设计的。
|
||||
|
||||
ICANN 意识到 DNS 顶级、二级和三级目录服务器之间的通信存在弱点,可能会让攻击者劫持查询。这将允许攻击者用恶意网站的 IP 地址来响应合法网站的查询请求。这些网站可能会向用户上传恶意软件,或者进行网络钓鱼和网络欺骗攻击。
|
||||
|
||||
DNSSec 将通过让每一级 DNS 服务器对其请求进行数字签名来解决这个问题,这就保证了终端用户发送进来的请求不会被攻击者利用。这就建立了一个信任链,这样在查询的每一步,请求的完整性都会得到验证。
|
||||
|
||||
此外,DNSSec 可以确定域名是否存在,如果不存在,它就不会让该欺诈性域名交付给寻求域名解析的无辜请求者。
|
||||
|
||||
随着越来越多的域名被创建,越来越多的设备继续通过物联网设备和其他“智能”系统加入网络,随着[更多的网站迁移到 IPv6][14],将需要维持一个健康的 DNS 生态系统。大数据和分析的增长也[带来了对 DNS 管理的更大需求][15]。
|
||||
|
||||
### SIGRed: 蠕虫病毒 DNS 漏洞再次出现
|
||||
|
||||
最近,随着 Windows DNS 服务器缺陷的发现,全世界都看到了 DNS 中的弱点可能造成的混乱。这个潜在的安全漏洞被称为 SIGRed,[它需要一个复杂的攻击链][16],但利用未打补丁的 Windows DNS 服务器,有可能在客户端安装和执行任意恶意代码。而且该漏洞是“可蠕虫”的,这意味着它可以在没有人为干预的情况下从计算机传播到计算机。该漏洞被认为足够令人震惊,以至于美国联邦机构[被要求在几天时间内安装补丁][17]。
|
||||
|
||||
### DNS over HTTPS:新的隐私格局
|
||||
|
||||
截至本报告撰写之时,DNS 正处于其历史上最大的一次转变的边缘。谷歌和 Mozilla 共同控制着浏览器市场的大部分份额,他们正在鼓励向 [DNS over HTTPS][18](DoH)的方向发展,在这种情况下,DNS 请求将被已经保护了大多数 Web 流量的 HTTPS 协议加密。在 Chrome 的实现中,浏览器会检查 DNS 服务器是否支持 DoH,如果不支持,则会将 DNS 请求重新路由到谷歌的 8.8.8.8。
|
||||
|
||||
这是一个并非没有争议的举动。早在上世纪 80 年代就在 DNS 协议上做了大量早期工作的 Paul Vixie 称此举对安全来说是“[灾难][19]”:例如,企业 IT 部门将更难监控或引导穿越其网络的 DoH 流量。不过,Chrome 浏览器是无所不在的,DoH 不久就会被默认打开,所以我们会看到未来会发生什么。
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
via: https://www.networkworld.com/article/3268449/what-is-dns-and-how-does-it-work.html
|
||||
|
||||
作者:[Keith Shaw][a], [Josh Fruhlinger][c]
|
||||
选题:[lujun9972][b]
|
||||
译者:[wxy](https://github.com/wxy)
|
||||
校对:[校对者ID](https://github.com/校对者ID)
|
||||
|
||||
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
|
||||
|
||||
[a]: https://www.networkworld.com/author/Keith-Shaw/
|
||||
[c]: https://www.networkworld.com/author/Josh-Fruhlinger/
|
||||
[b]: https://github.com/lujun9972
|
||||
[1]: https://www.networkworld.com/newsletters/signup.html
|
||||
[2]: https://www.internethalloffame.org/blog/2012/07/23/why-does-net-still-work-christmas-paul-mockapetris
|
||||
[3]: https://tools.ietf.org/html/rfc608
|
||||
[4]: http://www.verisign.com/en_US/domain-names/dnib/index.xhtml?section=cc-tlds
|
||||
[5]: http://www.google.com
|
||||
[6]: https://browserleaks.com/ip
|
||||
[7]: https://www.networkworld.com/article/2246426/comcast-redirects-bad-urls-to-pages-with-advertising.html
|
||||
[8]: https://www.networkworld.com/article/3194890/comparing-the-performance-of-popular-public-dns-providers.html
|
||||
[9]: https://blog.dnsimple.com/2015/03/why-and-how-to-use-googles-public-dns/
|
||||
[10]: https://developers.google.com/speed/public-dns/docs/using
|
||||
[11]: https://www.networkworld.com/article/2838356/network-security/dns-is-ubiquitous-and-its-easily-abused-to-halt-service-or-steal-data.html
|
||||
[12]: https://www.networkworld.com/article/2277316/tech-primers/tech-primers-how-dns-cache-poisoning-works.html
|
||||
[13]: https://www.cloudmark.com/releases/docs/whitepapers/dns-resource-exhaustion-v01.pdf
|
||||
[14]: https://www.networkworld.com/article/3254575/lan-wan/what-is-ipv6-and-why-aren-t-we-there-yet.html
|
||||
[15]: http://social.dnsmadeeasy.com/blog/opinion/future-big-data-dns-analytics/
|
||||
[16]: https://www.csoonline.com/article/3567188/wormable-dns-flaw-endangers-all-windows-servers.html
|
||||
[17]: https://federalnewsnetwork.com/cybersecurity/2020/07/cisa-gives-agencies-a-day-to-remedy-windows-dns-server-vulnerability/
|
||||
[18]: https://www.networkworld.com/article/3322023/dns-over-https-seeks-to-make-internet-use-more-private.html
|
||||
[19]: https://www.theregister.com/2018/10/23/paul_vixie_slaps_doh_as_dns_privacy_feature_becomes_a_standard/
|
||||
[20]: https://www.facebook.com/NetworkWorld/
|
||||
[21]: https://www.linkedin.com/company/network-world
|
||||
Loading…
Reference in New Issue
Block a user