document/TranslateProject
2
0
Fork 0
mirror of https://github.com/LCTT/TranslateProject.git synced 2024-12-26 21:30:55 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #16 from LCTT/master

Browse Source 
更新 20190319
This commit is contained in:
Chang Liu 2019-03-19 23:44:15 +08:00 committed by GitHub
commit 05899cebc4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 401 additions and 421 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

194
published/20180826 Be productive with Org-mode.md Normal file
View File

@ -0,0 +1,194 @@
[#]: collector: (lujun9972)
[#]: translator: (lujun9972)
[#]: reviewer: (wxy)
[#]: publisher: (wxy)
[#]: url: (https://linux.cn/article-10634-1.html)
[#]: subject: (Be productive with Org-mode)
[#]: via: (https://www.badykov.com/emacs/2018/08/26/be-productive-with-org-mode/)
[#]: author: (Ayrat Badykov https://www.badykov.com)
高效使用 Org 模式
======
![org-mode-collage][1]
### 简介
在我 [前一篇关于 Emacs 的文章中][2] 我提到了 <ruby>[Org 模式][3]<rt>Org-mode</rt></ruby>,这是一个笔记管理工具和组织工具。本文中,我将会描述一下我日常的 Org 模式使用案例。
### 笔记和代办列表
首先而且最重要的是Org 模式是一个管理笔记和待办列表的工具Org 模式的所有工具都聚焦于使用纯文本文件记录笔记。我使用 Org 模式管理多种笔记。
#### 一般性笔记
Org 模式最基本的应用场景就是以笔记的形式记录下你想记住的事情。比如,下面是我正在学习的笔记内容:
```
* Learn
** Emacs LISP
*** Plan
- [ ] Read best practices
- [ ] Finish reading Emacs Manual
- [ ] Finish Exercism Exercises
- [ ] Write a couple of simple plugins
- Notification plugin
*** Resources
https://www.gnu.org/software/emacs/manual/html_node/elisp/index.html
http://exercism.io/languages/elisp/about
[[http://batsov.com/articles/2011/11/30/the-ultimate-collection-of-emacs-resources/][The Ultimate Collection of Emacs Resources]]
** Rust gamedev
*** Study [[https://github.com/SergiusIW/gate][gate]] 2d game engine with web assembly support
*** [[ggez][https://github.com/ggez/ggez]]
*** [[https://www.amethyst.rs/blog/release-0-8/][Amethyst 0.8 Relesed]]
** Upgrade Elixir/Erlang Skills
*** Read Erlang in Anger
```
借助 [org-bullets][4] 它看起来是这样的:
![notes][5]
在这个简单的例子中,你能看到 Org 模式的一些功能:
- 笔记允许嵌套
- 链接
- 带复选框的列表
#### 项目待办
我在工作时时常会发现一些能够改进或修复的事情。我并不会在代码文件中留下 TODO 注释 (坏味道),相反我使用 [org-projectile][6] 来在另一个文件中记录一个 TODO 事项,并留下一个快捷方式。下面是一个该文件的例子:
```
* [[elisp:(org-projectile-open-project%20"mana")][mana]] [3/9]
:PROPERTIES:
:CATEGORY: mana
:END:
** DONE [[file:~/Development/mana/apps/blockchain/lib/blockchain/contract/create_contract.ex::insufficient_gas_before_homestead%20=][fix this check using evm.configuration]]
CLOSED: [2018-08-08 Ср 09:14]
[[https://github.com/ethereum/EIPs/blob/master/EIPS/eip-2.md][eip2]]:
If contract creation does not have enough gas to pay for the final gas fee for
adding the contract code to the state, the contract creation fails (i.e. goes out-of-gas)
rather than leaving an empty contract.
** DONE Upgrade Elixir to 1.7.
CLOSED: [2018-08-08 Ср 09:14]
** TODO [#A] Difficulty tests
** TODO [#C] Upgrage to OTP 21
** DONE [#A] EIP150
CLOSED: [2018-08-14 Вт 21:25]
*** DONE operation cost changes
CLOSED: [2018-08-08 Ср 20:31]
*** DONE 1/64th for a call and create
CLOSED: [2018-08-14 Вт 21:25]
** TODO [#C] Refactor interfaces
** TODO [#B] Caching for storage during execution
** TODO [#B] Removing old merkle trees
** TODO do not calculate cost twice
* [[elisp:(org-projectile-open-project%20".emacs.d")][.emacs.d]] [1/3]
:PROPERTIES:
:CATEGORY: .emacs.d
:END:
** TODO fix flycheck issues (emacs config)
** TODO use-package for fetching dependencies
** DONE clean configuration
CLOSED: [2018-08-26 Вс 11:48]
```
它看起来是这样的:
![project-todos][7]
本例中你能看到更多的 Org 模式的功能:
- 代办列表具有 `TODO`、`DONE` 两个状态。你还可以定义自己的状态 (`WAITING` 等)
- 关闭的事项有 `CLOSED` 时间戳
- 有些事项有优先级 - A、B、C
- 链接可以指向文件内部 (`[[file:~/。..]`)
#### 捕获模板
正如 Org 模式的文档中所描述的,捕获可以在不怎么干扰你工作流的情况下让你快速存储笔记。
我配置了许多捕获模板,可以帮我快速记录想要记住的事情。
```
(setq org-capture-templates
'(("t" "Todo" entry (file+headline "~/Dropbox/org/todo.org" "Todo soon")
"* TODO %? \n %^t")
("i" "Idea" entry (file+headline "~/Dropbox/org/ideas.org" "Ideas")
"* %? \n %U")
("e" "Tweak" entry (file+headline "~/Dropbox/org/tweaks.org" "Tweaks")
"* %? \n %U")
("l" "Learn" entry (file+headline "~/Dropbox/org/learn.org" "Learn")
"* %? \n")
("w" "Work note" entry (file+headline "~/Dropbox/org/work.org" "Work")
"* %? \n")
("m" "Check movie" entry (file+headline "~/Dropbox/org/check.org" "Movies")
"* %? %^g")
("n" "Check book" entry (file+headline "~/Dropbox/org/check.org" "Books")
"* %^{book name} by %^{author} %^g")))
```
做书本记录时我需要记下它的名字和作者,做电影记录时我需要记下标签,等等。
### 规划
Org 模式的另一个超棒的功能是你可以用它来作日常规划。让我们来看一个例子:
![schedule][8]
我没有挖空心思虚构一个例子,这就是我现在真实文件的样子。它看起来内容并不多,但它有助于你花时间在在重要的事情上并且帮你对抗拖延症。
#### 习惯
根据 Org 模式的文档Org 能够跟踪一种特殊的代办事情,称为 “习惯”。当我想养成新的习惯时,我会将该功能与日常规划功能一起连用:
![habits][9]
你可以看到,目前我在尝试每天早期并且每两天锻炼一次。另外,它也有助于让我每天阅读书籍。
#### 议事日程视图
最后,我还使用议事日程视图功能。待办事项可能分散在不同文件中(比如我就是日常规划和习惯分散在不同文件中),议事日程视图可以提供所有待办事项的总览:
![agenda][10]
### 更多 Org 模式的功能
+ 手机应用([Android](https://play.google.com/store/apps/detailsid=com.orgzly&hl=en)、[ios](https://itunes.apple.com/app/id1238649962])
+ [将 Org 模式文档导出为其他格式](https://orgmode.org/manual/Exporting.html)html、markdown、pdf、latex 等)
+ 使用 [ledger](https://github.com/ledger/ledger-mode) [追踪财务状况](https://orgmode.org/worg/org-tutorials/weaving-a-budget.html)
### 总结
本文我描述了 Org 模式广泛功能中的一小部分,我每天都用它来提高工作效率,把时间花在重要的事情上。
--------------------------------------------------------------------------------
via: https://www.badykov.com/emacs/2018/08/26/be-productive-with-org-mode/
作者:[Ayrat Badykov][a]
选题:[lujun9972][b]
译者:[lujun9972](https://github.com/lujun9972)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://www.badykov.com
[b]: https://github.com/lujun9972
[1]: https://i.imgur.com/hgqCyen.jpg
[2]: http://www.badykov.com/emacs/2018/07/31/why-emacs-is-a-great-editor/
[3]: https://orgmode.org/
[4]: https://github.com/sabof/org-bullets
[5]: https://i.imgur.com/lGi60Uw.png
[6]: https://github.com/IvanMalison/org-projectile
[7]: https://i.imgur.com/Hbu8ilX.png
[8]: https://i.imgur.com/z5HpuB0.png
[9]: https://i.imgur.com/YJIp3d0.png
[10]: https://i.imgur.com/CKX9BL9.png

99
translated/tech/20190227 How To Find Available Network Interfaces On Linux.md → published/20190227 How To Find Available Network Interfaces On Linux.md
View File

@ -1,8 +1,8 @@
[#]: collector: (lujun9972)
[#]: translator: (FSSlc)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: reviewer: (wxy)
[#]: publisher: (wxy)
[#]: url: (https://linux.cn/article-10635-1.html)
[#]: subject: (How To Find Available Network Interfaces On Linux)
[#]: via: (https://www.ostechnix.com/how-to-find-available-network-interfaces-on-linux/)
[#]: author: (SK https://www.ostechnix.com/author/sk/)
@ -18,9 +18,9 @@
我们可以使用下面的这些方法来找到可用的网络接口。
**方法 1 —— 使用 `ifconfig` 命令:**
#### 方法 1 使用 ifconfig 命令
使用 **`ifconfig`** 命令来查看网络接口仍然是最常使用的方法。我相信还有很多 Linux 用户仍然使用这个方法。
使用 `ifconfig` 命令来查看网络接口仍然是最常使用的方法。我相信还有很多 Linux 用户仍然使用这个方法。
```
$ ifconfig -a
@ -30,39 +30,39 @@ $ ifconfig -a
```
enp5s0: flags=4098<BROADCAST,MULTICAST> mtu 1500
ether 24:b6:fd:37:8b:29 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ether 24:b6:fd:37:8b:29 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 171420 bytes 303980988 (289.8 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 171420 bytes 303980988 (289.8 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 171420 bytes 303980988 (289.8 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 171420 bytes 303980988 (289.8 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
wlp9s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.225.37 netmask 255.255.255.0 broadcast 192.168.225.255
inet6 2409:4072:6183:c604:c218:85ff:fe50:474f prefixlen 64 scopeid 0x0<global>
inet6 fe80::c218:85ff:fe50:474f prefixlen 64 scopeid 0x20<link>
ether c0:18:85:50:47:4f txqueuelen 1000 (Ethernet)
RX packets 564574 bytes 628671925 (599.5 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 299706 bytes 60535732 (57.7 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
inet 192.168.225.37 netmask 255.255.255.0 broadcast 192.168.225.255
inet6 2409:4072:6183:c604:c218:85ff:fe50:474f prefixlen 64 scopeid 0x0<global>
inet6 fe80::c218:85ff:fe50:474f prefixlen 64 scopeid 0x20<link>
ether c0:18:85:50:47:4f txqueuelen 1000 (Ethernet)
RX packets 564574 bytes 628671925 (599.5 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 299706 bytes 60535732 (57.7 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
```
如上面的输出所示,在我的 Linux 机子上有两个网络接口,它们分别叫做 **enp5s0**(主板上的有线网卡)和 **wlp9s0**(无线网卡)。其中的 **lo** 是环回网卡,被用来访问本地的网络的服务,通常它的 IP 地址为 127.0.0.1。
如上面的输出所示,在我的 Linux 机器上有两个网络接口,它们分别叫做 `enp5s0`(主板上的有线网卡)和 `wlp9s0`(无线网卡)。其中的 `lo` 是环回网卡,被用来访问本地的网络的服务,通常它的 IP 地址为 `127.0.0.1`
我们也可以在许多 UNIX 变种例如 **FreeBSD** 中使用相同的 `ifconfig` 来列出可用的网卡。
我们也可以在许多 UNIX 变种例如 FreeBSD 中使用相同的 `ifconfig` 来列出可用的网卡。
**方法 2 —— 使用 `ip` 命令:**
#### 方法 2 使用 ip 命令
在最新的 Linux 版本中, `ifconfig` 命令已经被弃用了。你可以使用 **`ip`** 命令来罗列出网络接口,正如下面这样:
在最新的 Linux 版本中, `ifconfig` 命令已经被弃用了。你可以使用 `ip` 命令来罗列出网络接口,正如下面这样:
```
$ ip link show
@ -72,11 +72,11 @@ $ ip link show
```
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp5s0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/ether 24:b6:fd:37:8b:29 brd ff:ff:ff:ff:ff:ff
link/ether 24:b6:fd:37:8b:29 brd ff:ff:ff:ff:ff:ff
3: wlp9s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DORMANT group default qlen 1000
link/ether c0:18:85:50:47:4f brd ff:ff:ff:ff:ff:ff
link/ether c0:18:85:50:47:4f brd ff:ff:ff:ff:ff:ff
```
![](https://www.ostechnix.com/wp-content/uploads/2019/02/ip-command.png)
@ -91,15 +91,15 @@ $ ip addr
$ ip -s link
```
你注意到了吗?这些命令同时还显示出了已经连接的网络接口的状态。假如你仔细查看上面的输出,你将注意到我的有线网卡并没有跟网络线缆连接(从上面输出中的 **DOWN** 可以看出)。另外,我的无线网卡已经连接了(从上面输出中的 **UP** 可以看出)。想知晓更多的细节,可以查看我们先前的指南 [**在 Linux 中查看网络接口的已连接状态**][1]。
你注意到了吗?这些命令同时还显示出了已经连接的网络接口的状态。假如你仔细查看上面的输出,你将注意到我的有线网卡并没有跟网络线缆连接(从上面输出中的 `DOWN` 可以看出)。另外,我的无线网卡已经连接了(从上面输出中的 `UP` 可以看出)。想知晓更多的细节,可以查看我们先前的指南 [在 Linux 中查看网络接口的已连接状态][1]。
这两个命令ifconfig 和 ip已经足够在你的 LInux 系统中查看可用的网卡了。
这两个命令(`ifconfig``ip`)已经足够在你的 LInux 系统中查看可用的网卡了。
然而,仍然有其他方法来列出 Linux 中的网络接口,下面我们接着看。
**方法 3**
#### 方法 3 使用 /sys/class/net 目录
Linux 内核将网络接口的详细信息保存在 **/sys/class/net** 目录中,你可以通过查看这个目录的内容来检验可用接口的列表是否和前面的结果相符。
Linux 内核将网络接口的详细信息保存在 `/sys/class/net` 目录中,你可以通过查看这个目录的内容来检验可用接口的列表是否和前面的结果相符。
```
$ ls /sys/class/net
@ -111,9 +111,9 @@ $ ls /sys/class/net
enp5s0 lo wlp9s0
```
**方法 4**
#### 方法 4 使用 /proc/net/dev 目录
在 Linux 操作系统中,文件 **/proc/net/dev** 中包含有关网络接口的信息。
在 Linux 操作系统中,文件 `/proc/net/dev` 中包含有关网络接口的信息。
要查看可用的网卡,只需使用下面的命令来查看上面文件的内容:
@ -131,9 +131,9 @@ enp5s0: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
lo: 303980988 171420 0 0 0 0 0 0 303980988 171420 0 0 0 0 0 0
```
**方法 5 使用 `netstat` 命令*
#### 方法 5 使用 netstat 命令
**netstat** 命令可以列出各种不同的信息,例如网络连接、路由表、接口统计信息、伪装连接和多播成员等。
`netstat` 命令可以列出各种不同的信息,例如网络连接、路由表、接口统计信息、伪装连接和多播成员等。
```
$ netstat -i
@ -150,11 +150,11 @@ wlp9s0 1500 565625 0 0 0 300543 0 0 0 BMRU
请注意 `netstat` 被弃用了, `netstat -i` 的替代命令是 `ip -s link`。另外需要注意的是这个方法将只列出激活的接口,而不是所有可用的接口。
**方法 6 使用 `nmcli` 命令**
#### 方法 6 使用 nmcli 命令
`nmcli` 是一个用来控制 `NetworkManager` 和报告网络状态的命令行工具。它可以被用来创建、展示、编辑、删除、激活、停用网络连接和展示网络状态。
`nmcli` 是一个用来控制 NetworkManager 和报告网络状态的命令行工具。它可以被用来创建、展示、编辑、删除、激活、停用网络连接和展示网络状态。
假如你的 Linux 系统中安装了 `Network Manager`,你便可以使用下面的命令来使用 `nmcli` 列出可以的网络接口:
假如你的 Linux 系统中安装了 NetworkManager你便可以使用下面的命令来使用 `nmcli` 列出可以的网络接口:
```
$ nmcli device status
@ -168,13 +168,10 @@ $ nmcli connection show
现在你知道了如何在 Linux 中找到可用网络接口的方法,接下来,请查看下面的指南来知晓如何在 Linux 中配置 IP 地址吧。
[如何在 Linux 和 Unix 中配置静态 IP 地址][2]
[如何在 Ubuntu 18.04 LTS 中配置 IP 地址][3]
[如何在 Arch Linux 中配置静态和动态 IP 地址][4]
[如何在 Linux 中为单个网卡分配多个 IP 地址][5]
- [如何在 Linux 和 Unix 中配置静态 IP 地址][2]
- [如何在 Ubuntu 18.04 LTS 中配置 IP 地址][3]
- [如何在 Arch Linux 中配置静态和动态 IP 地址][4]
- [如何在 Linux 中为单个网卡分配多个 IP 地址][5]
假如你知道其他快捷的方法来在 Linux 中找到可用的网络接口,请在下面的评论部分中分享出来,我将检查你们的评论并更新这篇指南。
@ -189,7 +186,7 @@ via: https://www.ostechnix.com/how-to-find-available-network-interfaces-on-linux
作者:[SK][a]
选题:[lujun9972][b]
译者:[FSSlc](https://github.com/FSSlc)
校对:[校对者ID](https://github.com/校对者ID)
校对:[wxy](https://github.com/wxy)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出

2
sources/tech/20180719 Building tiny container images.md
View File

@ -1,3 +1,5 @@
hankchow translating
Building tiny container images
======

170
sources/tech/20190220 Set up two-factor authentication for SSH on Fedora.md
View File

@ -1,170 +0,0 @@
[#]: collector: (lujun9972)
[#]: translator: (MjSeven)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: subject: (Set up two-factor authentication for SSH on Fedora)
[#]: via: (https://fedoramagazine.org/two-factor-authentication-ssh-fedora/)
[#]: author: (Curt Warfield https://fedoramagazine.org/author/rcurtiswarfield/)
Set up two-factor authentication for SSH on Fedora
======
![](https://fedoramagazine.org/wp-content/uploads/2019/02/twofactor-auth-ssh-816x345.png)
Every day there seems to be a security breach reported in the news where our data is at risk. Despite the fact that SSH is a secure way to connect remotely to a system, you can still make it even more secure. This article will show you how.
Thats where two-factor authentication (2FA) comes in. Even if you disable passwords and only allow SSH connections using public and private keys, an unauthorized user could still gain access to your system if they steal your keys.
With two-factor authentication, you cant connect to a server with just your SSH keys. You also need to provide the randomly generated number displayed by an authenticator application on a mobile phone.
The Time-based One-time Password algorithm (TOTP) is the method shown in this article. [Google Authenticator][1] is used as the server application. Google Authenticator is available by default in Fedora.
For your mobile phone, you can use any two-way authentication application that is compatible with TOTP. There are numerous free applications for Android or IOS that work with TOTP and Google Authenticator. This article uses [FreeOTP][2] as an example.
### Install and set up Google Authenticator
First, install the Google Authenticator package on your server.
```
$ sudo dnf install -y google-authenticator
```
Run the application.
```
$ google-authenticator
```
The application presents you with a series of questions. The snippets below show you how to answer for a reasonably secure setup.
```
Do you want authentication tokens to be time-based (y/n) y
Do you want me to update your "/home/user/.google_authenticator" file (y/n)? y
```
The app provides you with a secret key, verification code, and recovery codes. Keep these in a secure, safe location. The recovery codes are the **only** way to access your server if you lose your mobile phone.
### Set up mobile phone authentication
Install the authenticator application (FreeOTP) on your mobile phone. You can find it in Google Play if you have an Android phone, or in the iTunes store for an Apple iPhone.
A QR code is displayed on the screen. Open up the FreeOTP app on your mobile phone. To add a new account, select the QR code shaped tool at the top on the app, and then scan the QR code. After the setup is complete, youll have to provide the random number generated by the authenticator application every time you connect to your server remotely.
### Finish configuration
The application asks further questions. The example below shows you how to answer to set up a reasonably secure configuration.
```
Do you want to disallow multiple uses of the same authentication token? This restricts you to one login about every 30s, but it increases your chances to notice or even prevent man-in-the-middle attacks (y/n) y
By default, tokens are good for 30 seconds. In order to compensate for possible time-skew between the client and the server, we allow an extra token before and after the current time. If you experience problems with poor time synchronization, you can increase the window from its default size of +-1min (window size of 3) to about +-4min (window size of 17 acceptable tokens).
Do you want to do so? (y/n) n
If the computer that you are logging into isn't hardened against brute-force login attempts, you can enable rate-limiting for the authentication module. By default, this limits attackers to no more than 3 login attempts every 30s.
Do you want to enable rate-limiting (y/n) y
```
Now you have to set up SSH to take advantage of the new two-way authentication.
### Configure SSH
Before completing this step, **make sure youve already established a working SSH connection** using public SSH keys, since well be disabling password connections. If there is a problem or mistake, having a connection will allow you to fix the problem.
On your server, use [sudo][3] to edit the /etc/pam.d/sshd file.
```
$ sudo vi /etc/pam.d/ssh
```
Comment out the auth substack password-auth line:
```
#auth       substack     password-auth
```
Add the following line to the bottom of the file.
```
auth sufficient pam_google_authenticator.so
```
Save and close the file. Next, edit the /etc/ssh/sshd_config file.
```
$ sudo vi /etc/ssh/sshd_config
```
Look for the ChallengeResponseAuthentication line and change it to yes.
```
ChallengeResponseAuthentication yes
```
Look for the PasswordAuthentication line and change it to no.
```
PasswordAuthentication no
```
Add the following line to the bottom of the file.
```
AuthenticationMethods publickey,password publickey,keyboard-interactive
```
Save and close the file, and then restart SSH.
```
$ sudo systemctl restart sshd
```
### Testing your two-factor authentication
When you attempt to connect to your server youre now prompted for a verification code.
```
[user@client ~]$ ssh user@example.com
Verification code:
```
The verification code is randomly generated by your authenticator application on your mobile phone. Since this number changes every few seconds, you need to enter it before it changes.
![][4]
If you do not enter the verification code, you wont be able to access the system, and youll get a permission denied error:
```
[user@client ~]$ ssh user@example.com
Verification code:
Verification code:
Verification code:
Permission denied (keyboard-interactive).
[user@client ~]$
```
### Conclusion
By adding this simple two-way authentication, youve now made it much more difficult for an unauthorized user to gain access to your server.
--------------------------------------------------------------------------------
via: https://fedoramagazine.org/two-factor-authentication-ssh-fedora/
作者:[Curt Warfield][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://fedoramagazine.org/author/rcurtiswarfield/
[b]: https://github.com/lujun9972
[1]: https://en.wikipedia.org/wiki/Google_Authenticator
[2]: https://freeotp.github.io/
[3]: https://fedoramagazine.org/howto-use-sudo/
[4]: https://fedoramagazine.org/wp-content/uploads/2019/02/freeotp-1.png

200
translated/tech/20180826 Be productive with Org-mode.md
View File

@ -1,200 +0,0 @@
[#]: collector: (lujun9972)
[#]: translator: (lujun9972)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: subject: (Be productive with Org-mode)
[#]: via: (https://www.badykov.com/emacs/2018/08/26/be-productive-with-org-mode/)
[#]: author: (Ayrat Badykov https://www.badykov.com)
高效使用 Org-mode
======
![org-mode-collage][1]
### 简介
在我 [前篇关于 Emacs 的文章中 ][2] 我提到了 [Org-mode][3],一个笔记管理工具和组织工具。文本,我将会描述一下我日常的 Org-mode 使用案例。
### 笔记和代办列表
首先而且最重要的是Org-mode 是一个管理笔记和待办列表的工具Org-mode 的所有工具都聚焦于使用纯文本文件记录笔记。我使用 Org-mode 管理多种笔记。
#### 一般性笔记
Org-mode 最基本的应用场景就是以笔记的形式记录下你想记住的事情。比如,下面是我正在学习的笔记内容:
```
* Learn
** Emacs LISP
*** Plan
- [ ] Read best practices
- [ ] Finish reading Emacs Manual
- [ ] Finish Exercism Exercises
- [ ] Write a couple of simple plugins
- Notification plugin
*** Resources
https://www.gnu.org/software/emacs/manual/html_node/elisp/index.html
http://exercism.io/languages/elisp/about
[[http://batsov.com/articles/2011/11/30/the-ultimate-collection-of-emacs-resources/][The Ultimate Collection of Emacs Resources]]
** Rust gamedev
*** Study [[https://github.com/SergiusIW/gate][gate]] 2d game engine with web assembly support
*** [[ggez][https://github.com/ggez/ggez]]
*** [[https://www.amethyst.rs/blog/release-0-8/][Amethyst 0.8 Relesed]]
** Upgrade Elixir/Erlang Skills
*** Read Erlang in Anger
```
借助 [org-bullets][4] 它看起来是这样的:
![notes][5]
在这个简单的例子中,你能看到 Org-mode 的一些功能:
- 笔记允许嵌套
- 链接
- 带复选框的列表
#### 项目待办
我在工作时时常会发现一些能够改进或修复的事情。我并不会在代码文件中留下 TODO 注释 (坏味道),相反我使用 [org-projectile][6] 来在另一个文件中记录一个 TODO 事项,并留下一个快捷方式。下面是一个该文件的例子:
```
* [[elisp:(org-projectile-open-project%20"mana")][mana]] [3/9]
:PROPERTIES:
:CATEGORY: mana
:END:
** DONE [[file:~/Development/mana/apps/blockchain/lib/blockchain/contract/create_contract.ex::insufficient_gas_before_homestead%20=][fix this check using evm.configuration]]
CLOSED: [2018-08-08 Ср 09:14]
[[https://github.com/ethereum/EIPs/blob/master/EIPS/eip-2.md][eip2]]:
If contract creation does not have enough gas to pay for the final gas fee for
adding the contract code to the state, the contract creation fails (i.e. goes out-of-gas)
rather than leaving an empty contract.
** DONE Upgrade Elixir to 1.7.
CLOSED: [2018-08-08 Ср 09:14]
** TODO [#A] Difficulty tests
** TODO [#C] Upgrage to OTP 21
** DONE [#A] EIP150
CLOSED: [2018-08-14 Вт 21:25]
*** DONE operation cost changes
CLOSED: [2018-08-08 Ср 20:31]
*** DONE 1/64th for a call and create
CLOSED: [2018-08-14 Вт 21:25]
** TODO [#C] Refactor interfaces
** TODO [#B] Caching for storage during execution
** TODO [#B] Removing old merkle trees
** TODO do not calculate cost twice
* [[elisp:(org-projectile-open-project%20".emacs.d")][.emacs.d]] [1/3]
:PROPERTIES:
:CATEGORY: .emacs.d
:END:
** TODO fix flycheck issues (emacs config)
** TODO use-package for fetching dependencies
** DONE clean configuration
CLOSED: [2018-08-26 Вс 11:48]
```
它看起来是这样的:
![project-todos][7]
本例中你能看到更多的 Org mode 功能:
- todo 列表具有 `TODO``DONE` 两个状态。你还可以定义自己的状态 (`WAITING` 等)
- 关闭的事项有 `CLOSED` 时间戳
- 有些事项有优先级 - ABC。
- 链接可以指向文件内部 (`[[file:~/。..]`)
#### 捕获模板
正如 Org-mode 的文档中所描述的capture 可以在不怎么干扰你工作流的情况下让你快速存储笔记。
我配置了许多捕获模板,可以帮我快速记录想要记住的事情。
```
(setq org-capture-templates
'(("t" "Todo" entry (file+headline "~/Dropbox/org/todo.org" "Todo soon")
"* TODO %? \n %^t")
("i" "Idea" entry (file+headline "~/Dropbox/org/ideas.org" "Ideas")
"* %? \n %U")
("e" "Tweak" entry (file+headline "~/Dropbox/org/tweaks.org" "Tweaks")
"* %? \n %U")
("l" "Learn" entry (file+headline "~/Dropbox/org/learn.org" "Learn")
"* %? \n")
("w" "Work note" entry (file+headline "~/Dropbox/org/work.org" "Work")
"* %? \n")
("m" "Check movie" entry (file+headline "~/Dropbox/org/check.org" "Movies")
"* %? %^g")
("n" "Check book" entry (file+headline "~/Dropbox/org/check.org" "Books")
"* %^{book name} by %^{author} %^g")))
```
做书本记录时我需要记下它的名字和作者,做电影记录时我需要记下标签,等等。
### 规划
Org-mode 的另一个超棒的功能是你可以用它来作日常规划。让我们来看一个例子:
![schedule][8]
我没有挖空心思虚构一个例子,这就是我现在真实文件的样子。它看起来内容并不多,但它有助于你花时间在在重要的事情上并且帮你对抗拖延症。
#### 习惯
根据 Org mode 的文档Org 能够跟踪一种特殊的代办事情,称为 “习惯”。当我想养成新的习惯时,我会将该功能与日常规划功能一起连用:
![habits][9]
你可以看到,目前我在尝试每天早期并且每两天锻炼一次。另外,它也有助于让我每天阅读书籍。
#### 议事日程视图
最后,我还使用议事日程视图功能。待办事项可能分散在不同文件中(比如我就是日常规划和习惯分散在不同文件中),议事日程视图可以提供所有待办事项的总览:
![agenda][10]
### 更多 Org mode 功能
+ 手机应用 ([Android][https://play.google.com/store/apps/detailsid=com.orgzly&hl=en][ios][https://itunes.apple.com/app/id1238649962])
+ [将 Org mode 文档导出为其他格式 ][https://orgmode.org/manual/Exporting.html](htmlmarkdownpdflatex etc)
+ 使用 [ledger][https://github.com/ledger/ledger-mode] [追踪财务状况 ][https://orgmode.org/worg/org-tutorials/weaving-a-budget.html]
### 总结
本文我描述了 Org-mode 广泛功能中的一小部分,我每天都用它来提高工作效率,把时间花在重要的事情上。
--------------------------------------------------------------------------------
via: https://www.badykov.com/emacs/2018/08/26/be-productive-with-org-mode/
作者:[Ayrat Badykov][a]
选题:[lujun9972][b]
译者:[lujun9972](https://github.com/lujun9972)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://www.badykov.com
[b]: https://github.com/lujun9972
[1]: https://i.imgur.com/hgqCyen.jpg
[2]: http://www.badykov.com/emacs/2018/07/31/why-emacs-is-a-great-editor/
[3]: https://orgmode.org/
[4]: https://github.com/sabof/org-bullets
[5]: https://i.imgur.com/lGi60Uw.png
[6]: https://github.com/IvanMalison/org-projectile
[7]: https://i.imgur.com/Hbu8ilX.png
[8]: https://i.imgur.com/z5HpuB0.png
[9]: https://i.imgur.com/YJIp3d0.png
[10]: https://i.imgur.com/CKX9BL9.png

157
translated/tech/20190220 Set up two-factor authentication for SSH on Fedora.md Normal file
View File

@ -0,0 +1,157 @@
[#]: collector: (lujun9972)
[#]: translator: (MjSeven)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: subject: (Set up two-factor authentication for SSH on Fedora)
[#]: via: (https://fedoramagazine.org/two-factor-authentication-ssh-fedora/)
[#]: author: (Curt Warfield https://fedoramagazine.org/author/rcurtiswarfield/)
在 Fedora 上为 SSH 设置双因素验证
======
![](https://fedoramagazine.org/wp-content/uploads/2019/02/twofactor-auth-ssh-816x345.png)
每天似乎都有一个安全漏洞的新闻报道,说我们的数据会因此而存在风险。尽管 SSH 是一种远程连接系统的安全方式,但你仍然可以使它更安全。本文将向你展示如何做到这一点。
此时双因素验证2FA就有用武之地了。即使你禁用密码并只允许使用公钥和私钥进行 SSH 连接,但如果未经授权的用户偷窃了你的密钥,他仍然可以借此访问系统。
使用双因素验证,你不能仅使用 SSH 密钥连接到服务器,你还需要提供手机上验证器应用程序随机生成的数字。
本文展示的方法是基于时间的一次性密码算法TOTP。[Google Authenticator][1] 用作服务器应用程序。默认情况下Google Authenticator 在 Fedora 中是可用的。
至于手机,你可以使用与 TOTP 兼容的任何可以双向验证的应用程序。Andorid 或 IOS 有许多可以与 TOTP 和 Google Authenticator 配合使用的免费应用程序。本文与 [FreeOTP][2] 为例。
### 安装并设置 Google Authenticator
首先,在你的服务器上安装 Google Authenticator。
```
$ sudo dnf install -y google-authenticator
```
运行应用程序:
```
$ google-authenticator
```
该应用程序提供了一系列问题。下面的片段展示了如何进行合理的安全设置:
```
Do you want authentication tokens to be time-based (y/n) y
Do you want me to update your "/home/user/.google_authenticator" file (y/n)? y
```
这个应用程序为你提供一个密钥,验证码和恢复码。把它们放在安全的地方。如果你丢失了手机,恢复码是访问服务器的**唯一**方式。
### 设置手机验证
在你的手机上安装 authenticator 应用程序FreeOTP。如果你有一台安卓手机那么你可以在 Google Play 中找到它,也可以在苹果 iPhone 的 iTunes 商店中找到它。
Google Authenticator 会在屏幕上显示一个二维码。打开手机上的 FreeOTP 应用程序,选择添加新账户,在应用程序顶部选择二维码形状工具,然后扫描二维码即可。设置完成后,在每次远程连接服务器时,你必须提供 authenticator 应用程序生成的随机数。
### 完成配置
应用程序会向你询问更多的问题。下面示例展示了如何设置合理的安全配置。
```
Do you want to disallow multiple uses of the same authentication token? This restricts you to one login about every 30s, but it increases your chances to notice or even prevent man-in-the-middle attacks (y/n) y
By default, tokens are good for 30 seconds. In order to compensate for possible time-skew between the client and the server, we allow an extra token before and after the current time. If you experience problems with poor time synchronization, you can increase the window from its default size of +-1min (window size of 3) to about +-4min (window size of 17 acceptable tokens).
Do you want to do so? (y/n) n
If the computer that you are logging into isn't hardened against brute-force login attempts, you can enable rate-limiting for the authentication module. By default, this limits attackers to no more than 3 login attempts every 30s.
Do you want to enable rate-limiting (y/n) y
```
现在,你必须设置 SSH 来利用新的双向验证。
### 配置 SSH
在完成此步骤之前,**确保你已使用公钥建立了一个可用的 SSH 连接**,因为我们将禁用密码连接。如果出现问题或错误,一个已经建立的连接将允许你修复问题。
在你的服务器上,使用 [sudo][3] 编辑 /etc/pam.d/sshd 文件。
```
$ sudo vi /etc/pam.d/ssh
```
注释掉 auth substack password-auth 这一行:
```
#auth       substack     password-auth
```
将以下行添加到文件底部。
```
auth sufficient pam_google_authenticator.so
```
保存并关闭文件。然后编辑 /etc/ssh/sshd_config 文件。
```
$ sudo vi /etc/ssh/sshd_config
```
找到 ChallengeResponseAuthentication 这一行并将其更改为 yes。
```
ChallengeResponseAuthentication yes
```
找到 PasswordAuthentication 这一行并将其更改为 no。
```
PasswordAuthentication no
```
将以下行添加到文件底部。
```
AuthenticationMethods publickey,password publickey,keyboard-interactive
```
保存并关闭文件,然后重新启动 SSH。
```
$ sudo systemctl restart sshd
```
### 测试双因素验证
当你尝试连接到服务器时,系统会提示你输入验证码:
```
[user@client ~]$ ssh user@example.com
Verification code:
```
验证码由你手机上的 authenticator 应用程序随机生成。由于这个数字每隔几秒就会发生变化,因此你需要在它变化之前输入它。
![][4]
如果你不输入验证码,你将无法访问系统,你会收到一个权限被拒绝的错误:
```
[user@client ~]$ ssh user@example.com
Verification code:
Verification code:
Verification code:
Permission denied (keyboard-interactive).
[user@client ~]$
```
### 结论
通过添加这种简单的双向验证,现在未经授权的用户访问你的服务器将变得更加困难。
--------------------------------------------------------------------------------
via: https://fedoramagazine.org/two-factor-authentication-ssh-fedora/
作者:[Curt Warfield][a]
选题:[lujun9972][b]
译者:[MjSeven](https://github.com/MjSeven)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://fedoramagazine.org/author/rcurtiswarfield/
[b]: https://github.com/lujun9972
[1]: https://en.wikipedia.org/wiki/Google_Authenticator
[2]: https://freeotp.github.io/
[3]: https://fedoramagazine.org/howto-use-sudo/
[4]: https://fedoramagazine.org/wp-content/uploads/2019/02/freeotp-1.png