diff --git a/published/20170414 5 projects for Raspberry Pi at home.md b/published/20170414 5 projects for Raspberry Pi at home.md new file mode 100644 index 0000000000..3d6f5b2382 --- /dev/null +++ b/published/20170414 5 projects for Raspberry Pi at home.md @@ -0,0 +1,149 @@ +[#]: collector: (lujun9972) +[#]: translator: (warmfrog) +[#]: reviewer: (wxy) +[#]: publisher: (wxy) +[#]: url: (https://linux.cn/article-10936-1.html) +[#]: subject: (5 projects for Raspberry Pi at home) +[#]: via: (https://opensource.com/article/17/4/5-projects-raspberry-pi-home) +[#]: author: (Ben Nuttall https://opensource.com/users/bennuttall) + +5 个可在家中使用的树莓派项目 +====================================== + +![5 projects for Raspberry Pi at home][1] + +[树莓派][2] 电脑可被用来进行多种设置用于不同的目的。显然它在教育市场帮助学生在教室和创客空间中学习编程与创客技巧方面占有一席之地,它在工作场所和工厂中有大量行业应用。我打算介绍五个你可能想要在你的家中构建的项目。 + +### 媒体中心 + +在家中人们常用树莓派作为媒体中心来服务多媒体文件。它很容易搭建,树莓派提供了大量的 GPU(图形处理单元)运算能力来在大屏电视上渲染你的高清电视节目和电影。将 [Kodi][3](从前的 XBMC)运行在树莓派上是一个很棒的方式,它可以播放你的硬盘或网络存储上的任何媒体。你同样可以安装一个插件来播放 YouTube 视频。 + +还有几个略微不同的选择,最常见的是 [OSMC][4](开源媒体中心)和 [LibreELEC][5],都是基于 Kodi 的。它们在放映媒体内容方面表现的都非常好,但是 OSMC 有一个更酷炫的用户界面,而 LibreElec 更轻量级。你要做的只是选择一个发行版,下载镜像并安装到一个 SD 卡中(或者仅仅使用 [NOOBS][6]),启动,然后就准备好了。 + +![LibreElec ][7] + +*LibreElec;树莓派基金会, CC BY-SA* + +![OSMC][8] + +*OSMC.tv, 版权所有, 授权使用* + +在往下走之前,你需要决定[使用哪种树莓派][9]。这些发行版在任何树莓派(1、2、3 或 Zero)上都能运行,视频播放在这些树莓派中的任何一个上都能胜任。除了 Pi 3(和 Zero W)有内置 Wi-Fi,唯一可察觉的不同是用户界面的反应速度,在 Pi 3 上更快。Pi 2 也不会慢太多,所以如果你不需要 Wi-Fi 它也是可以的,但是当切换菜单时,你会注意到 Pi 3 比 Pi 1 和 Zero 表现的更好。 + +### SSH 网关 + +如果你想从外部网络访问你的家庭局域网的电脑和设备,你必须打开这些设备的端口来允许外部访问。在互联网中开放这些端口有安全风险,意味着你总是你总是处于被攻击、滥用或者其他各种未授权访问的风险中。然而,如果你在你的网络中安装一个树莓派,并且设置端口映射来仅允许通过 SSH 访问树莓派,你可以这么用来作为一个安全的网关来跳到网络中的其他树莓派和 PC。 + +大多数路由允许你配置端口映射规则。你需要给你的树莓派一个固定的内网 IP 地址来设置你的路由器端口 22 映射到你的树莓派端口 22。如果你的网络服务提供商给你提供了一个静态 IP 地址,你能够通过 SSH 和主机的 IP 地址访问(例如,`ssh pi@123.45.56.78`)。如果你有一个域名,你可以配置一个子域名指向这个 IP 地址,所以你没必要记住它(例如,`ssh pi@home.mydomain.com`)。 + +![][11] + +然而,如果你不想将树莓派暴露在互联网上,你应该非常小心,不要让你的网络处于危险之中。如果你遵循一些简单的步骤来使它更安全: + +1. 大多数人建议你更换你的登录密码(有道理,默认密码 “raspberry” 是众所周知的),但是这不能阻挡暴力攻击。你可以改变你的密码并添加一个双重验证(所以你需要你的密码*和*一个手机生成的与时间相关的密码),这么做更安全。但是,我相信最好的方法阻止入侵者访问你的树莓派是在你的 SSH 配置中[禁止密码认证][12],这样只能通过 SSH 密匙进入。这意味着任何试图猜测你的密码尝试登录的人都不会成功。只有你的私有密匙可以访问。简单来说,很多人建议将 SSH 端口从默认的 22 换成其他的,但是通过简单的 [Nmap][13] 扫描你的 IP 地址,你信任的 SSH 端口就会暴露。 +2. 最好,不要在这个树莓派上运行其他的软件,这样你不会意外暴露其他东西。如果你想要运行其他软件,你最好在网络中的其他树莓派上运行,它们没有暴露在互联网上。确保你经常升级来保证你的包是最新的,尤其是 `openssh-server` 包,这样你的安全缺陷就被打补丁了。 +3. 安装 [sshblack][14] 或 [fail2ban][15] 来将任何表露出恶意的用户加入黑名单,例如试图暴力破解你的 SSH 密码。 + +使树莓派安全后,让它在线,你将可以在世界的任何地方登录你的网络。一旦你登录到你的树莓派,你可以用 SSH 访问本地网络上的局域网地址(例如,192.168.1.31)访问其他设备。如果你在这些设备上有密码,用密码就好了。如果它们同样只允许 SSH 密匙,你需要确保你的密匙通过 SSH 转发,使用 `-A` 参数:`ssh -A pi@123.45.67.89`。 + +### CCTV / 宠物相机 + +另一个很棒的家庭项目是安装一个相机模块来拍照和录视频,录制并保存文件,在内网或者外网中进行流式传输。你想这么做有很多原因,但两个常见的情况是一个家庭安防相机或监控你的宠物。 + +[树莓派相机模块][16] 是一个优秀的配件。它提供全高清的相片和视频,包括很多高级配置,很[容易编程][17]。[红外线相机][18]用于这种目的是非常理想的,通过一个红外线 LED(树莓派可以控制的),你就能够在黑暗中看见东西。 + +如果你想通过一定频率拍摄静态图片来留意某件事,你可以仅仅写一个简短的 [Python][19] 脚本或者使用命令行工具 [raspistill][20], 在 [Cron][21] 中规划它多次运行。你可能想将它们保存到 [Dropbox][22] 或另一个网络服务,上传到一个网络服务器,你甚至可以创建一个[web 应用][23]来显示他们。 + +如果你想要在内网或外网中流式传输视频,那也相当简单。在 [picamera 文档][24]中(在 “web streaming” 章节)有一个简单的 MJPEG(Motion JPEG)例子。简单下载或者拷贝代码到文件中,运行并访问树莓派的 IP 地址的 8000 端口,你会看见你的相机的直播输出。 + +有一个更高级的流式传输项目 [pistreaming][25] 也可以,它通过在网络服务器中用 [JSMpeg][26] (一个 JavaScript 视频播放器)和一个用于相机流的单独运行的 websocket。这种方法性能更好,并且和之前的例子一样简单,但是如果要在互联网中流式传输,则需要包含更多代码,并且需要你开放两个端口。 + +一旦你的网络流建立起来,你可以将你的相机放在你想要的地方。我用一个来观察我的宠物龟: + +![Tortoise ][27] + +*Ben Nuttall, CC BY-SA* + +如果你想控制相机位置,你可以用一个舵机。一个优雅的方案是用 Pimoroni 的 [Pan-Tilt HAT][28],它可以让你简单的在二维方向上移动相机。为了与 pistreaming 集成,可以看看该项目的 [pantilthat 分支][29]. + +![Pan-tilt][30] + +*Pimoroni.com, Copyright, 授权使用* + +如果你想将你的树莓派放到户外,你将需要一个防水的外围附件,并且需要一种给树莓派供电的方式。POE(通过以太网提供电力)电缆是一个不错的实现方式。 + +### 家庭自动化或物联网 + +现在是 2017 年(LCTT 译注:此文发表时间),到处都有很多物联网设备,尤其是家中。我们的电灯有 Wi-Fi,我们的面包烤箱比过去更智能,我们的茶壶处于俄国攻击的风险中,除非你确保你的设备安全,不然别将没有必要的设备连接到互联网,之后你可以在家中充分的利用物联网设备来完成自动化任务。 + +市场上有大量你可以购买或订阅的服务,像 Nest Thermostat 或 Philips Hue 电灯泡,允许你通过你的手机控制你的温度或者你的亮度,无论你是否在家。你可以用一个树莓派来催动这些设备的电源,通过一系列规则包括时间甚至是传感器来完成自动交互。用 Philips Hue,你做不到的当你进房间时打开灯光,但是有一个树莓派和一个运动传感器,你可以用 Python API 来打开灯光。类似地,当你在家的时候你可以通过配置你的 Nest 打开加热系统,但是如果你想在房间里至少有两个人时才打开呢?写一些 Python 代码来检查网络中有哪些手机,如果至少有两个,告诉 Nest 来打开加热器。 + +不用选择集成已存在的物联网设备,你可以用简单的组件来做的更多。一个自制的窃贼警报器,一个自动化的鸡笼门开关,一个夜灯,一个音乐盒,一个定时的加热灯,一个自动化的备份服务器,一个打印服务器,或者任何你能想到的。 + +### Tor 协议和屏蔽广告 + +Adafruit 的 [Onion Pi][31] 是一个 [Tor][32] 协议来使你的网络通讯匿名,允许你使用互联网而不用担心窥探者和各种形式的监视。跟随 Adafruit 的指南来设置 Onion Pi,你会找到一个舒服的匿名的浏览体验。 + +![Onion-Pi][33] + +*Onion-pi from Adafruit, Copyright, 授权使用* + +![Pi-hole][34] + +可以在你的网络中安装一个树莓派来拦截所有的网络交通并过滤所有广告。简单下载 [Pi-hole][35] 软件到 Pi 中,你的网络中的所有设备都将没有广告(甚至屏蔽你的移动设备应用内的广告)。 + +树莓派在家中有很多用法。你在家里用树莓派来干什么?你想用它干什么? + +在下方评论让我们知道。 + +-------------------------------------------------------------------------------- + +via: https://opensource.com/article/17/4/5-projects-raspberry-pi-home + +作者:[Ben Nuttall][a] +选题:[lujun9972][b] +译者:[warmfrog](https://github.com/warmfrog) +校对:[wxy](https://github.com/wxy) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]: https://opensource.com/users/bennuttall +[b]: https://github.com/lujun9972 +[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/raspberry_pi_home_automation.png?itok=2TnmJpD8 (5 projects for Raspberry Pi at home) +[2]: https://www.raspberrypi.org/ +[3]: https://kodi.tv/ +[4]: https://osmc.tv/ +[5]: https://libreelec.tv/ +[6]: https://www.raspberrypi.org/downloads/noobs/ +[7]: https://opensource.com/sites/default/files/libreelec_0.png (LibreElec ) +[8]: https://opensource.com/sites/default/files/osmc.png (OSMC) +[9]: https://opensource.com/life/16/10/which-raspberry-pi-should-you-choose-your-project +[10]: mailto:pi@home.mydomain.com +[11]: https://opensource.com/sites/default/files/resize/screenshot_from_2017-04-07_15-13-01-700x380.png +[12]: http://stackoverflow.com/questions/20898384/ssh-disable-password-authentication +[13]: https://nmap.org/ +[14]: http://www.pettingers.org/code/sshblack.html +[15]: https://www.fail2ban.org/wiki/index.php/Main_Page +[16]: https://www.raspberrypi.org/products/camera-module-v2/ +[17]: https://opensource.com/life/15/6/raspberry-pi-camera-projects +[18]: https://www.raspberrypi.org/products/pi-noir-camera-v2/ +[19]: http://picamera.readthedocs.io/ +[20]: https://www.raspberrypi.org/documentation/usage/camera/raspicam/raspistill.md +[21]: https://www.raspberrypi.org/documentation/linux/usage/cron.md +[22]: https://github.com/RZRZR/plant-cam +[23]: https://github.com/bennuttall/bett-bot +[24]: http://picamera.readthedocs.io/en/release-1.13/recipes2.html#web-streaming +[25]: https://github.com/waveform80/pistreaming +[26]: http://jsmpeg.com/ +[27]: https://opensource.com/sites/default/files/tortoise.jpg (Tortoise) +[28]: https://shop.pimoroni.com/products/pan-tilt-hat +[29]: https://github.com/waveform80/pistreaming/tree/pantilthat +[30]: https://opensource.com/sites/default/files/pan-tilt.gif (Pan-tilt) +[31]: https://learn.adafruit.com/onion-pi/overview +[32]: https://www.torproject.org/ +[33]: https://opensource.com/sites/default/files/onion-pi.jpg (Onion-Pi) +[34]: https://opensource.com/sites/default/files/resize/pi-hole-250x250.png (Pi-hole) +[35]: https://pi-hole.net/ + + + diff --git a/translated/tech/20190525 4 Ways to Run Linux Commands in Windows.md b/published/20190525 4 Ways to Run Linux Commands in Windows.md similarity index 75% rename from translated/tech/20190525 4 Ways to Run Linux Commands in Windows.md rename to published/20190525 4 Ways to Run Linux Commands in Windows.md index fa96f1794e..88944d79af 100644 --- a/translated/tech/20190525 4 Ways to Run Linux Commands in Windows.md +++ b/published/20190525 4 Ways to Run Linux Commands in Windows.md @@ -1,8 +1,8 @@ [#]: collector: (lujun9972) [#]: translator: (geekpi) -[#]: reviewer: ( ) -[#]: publisher: ( ) -[#]: url: ( ) +[#]: reviewer: (wxy) +[#]: publisher: (wxy) +[#]: url: (https://linux.cn/article-10935-1.html) [#]: subject: (4 Ways to Run Linux Commands in Windows) [#]: via: (https://itsfoss.com/run-linux-commands-in-windows/) [#]: author: (Abhishek Prakash https://itsfoss.com/author/abhishek/) @@ -10,13 +10,13 @@ 在 Windows 中运行 Linux 命令的 4 种方法 ====== -_ **简介:想要使用 Linux 命令,但又不想离开 Windows ?以下是在 Windows 中运行 Linux bash 命令的几种方法。** _ +> 想要使用 Linux 命令,但又不想离开 Windows ?以下是在 Windows 中运行 Linux bash 命令的几种方法。 -如果你在课程中正在学习 shell 脚本,那么需要使用 Linux 命令来练习命令和脚本。 +如果你正在课程中正在学习 shell 脚本,那么需要使用 Linux 命令来练习命令和脚本。 -你的学校实验室可能安装了 Linux,但是你个人没有 [Linux 的笔记本][1],而是像其他人一样的 Windows 计算机。你的作业需要运行 Linux 命令,你也想想知道如何在 Windows 上运行 Bash 命令和脚本。 +你的学校实验室可能安装了 Linux,但是你自己没有安装了 [Linux 的笔记本电脑][1],而是像其他人一样的 Windows 计算机。你的作业需要运行 Linux 命令,你或许想知道如何在 Windows 上运行 Bash 命令和脚本。 -你可以[在双启动模式下同时安装 Windows 和 Linux][2]。此方法能让你在启动计算机时选择 Linux 或 Windows。但是,为了运行 Linux 命令而单独使用分区的麻烦可能不适合所有人。 +你可以[在双启动模式下同时安装 Windows 和 Linux][2]。此方法能让你在启动计算机时选择 Linux 或 Windows。但是,为了运行 Linux 命令而使用单独分区的麻烦可能不适合所有人。 你也可以[使用在线 Linux 终端][3],但你的作业无法保存。 @@ -24,32 +24,31 @@ _ **简介:想要使用 Linux 命令,但又不想离开 Windows ?以下是 ### 在 Windows 中使用 Linux 命令 -![][4] +![](https://img.linux.net.cn/data/attachment/album/201906/04/093809hlz2tblfzt7mbwwl.jpg) 作为一个热心的 Linux 用户和推广者,我希望看到越来越多的人使用“真正的” Linux,但我知道有时候,这不是优先考虑的问题。如果你只是想练习 Linux 来通过考试,可以使用这些方法之一在 Windows 上运行 Bash 命令。 -#### 1\. 在 Windows 10 上使用 Linux Bash Shell +#### 1、在 Windows 10 上使用 Linux Bash Shell -你是否知道可以在 Windows 10 中运行 Linux 发行版? [Windows 的 Linux 子系统 (WSL)][5] 能让你在 Windows 中运行 Linux。即将推出的 WSL 版本将使用 Windows 内部的真正 Linux 内核。 +你是否知道可以在 Windows 10 中运行 Linux 发行版? [Windows 的 Linux 子系统 (WSL)][5] 能让你在 Windows 中运行 Linux。即将推出的 WSL 版本将在 Windows 内部使用真正 Linux 内核。 -此 WSL 在 Windows 上也称为 Bash,它作为一个常规的 Windows 应用运行,并提供了一个命令行模式的 Linux 发行版。不要害怕命令行模式,因为你的目的是运行 Linux 命令。这就是你所需要的。 +此 WSL 也称为 Bash on Windows,它作为一个常规的 Windows 应用运行,并提供了一个命令行模式的 Linux 发行版。不要害怕命令行模式,因为你的目的是运行 Linux 命令。这就是你所需要的。 ![Ubuntu Linux inside Windows][6] 你可以在 Windows 应用商店中找到一些流行的 Linux 发行版,如 Ubuntu、Kali Linux、openSUSE 等。你只需像任何其他 Windows 应用一样下载和安装它。安装后,你可以运行所需的所有 Linux 命令。 - ![Linux distributions in Windows 10 Store][8] 请参考教程:[在 Windows 上安装 Linux bash shell][9]。 -#### 2\. 使用 Git Bash 在 Windows 上运行 Bash 命令 +#### 2、使用 Git Bash 在 Windows 上运行 Bash 命令 -、你可能知道 [Git][10] 是什么。它是由 [Linux 创建者 Linus Torvalds][11] 开发的版本控制系统。 +你可能知道 [Git][10] 是什么。它是由 [Linux 创建者 Linus Torvalds][11] 开发的版本控制系统。 [Git for Windows][12] 是一组工具,能让你在命令行和图形界面中使用 Git。Git for Windows 中包含的工具之一是 Git Bash。 -Git Bash 为 Git 命令行提供了仿真层。除了 Git 命令,Git Bash 还支持许多 Bash 程序,如 ssh、scp、cat、find 等。 +Git Bash 为 Git 命令行提供了仿真层。除了 Git 命令,Git Bash 还支持许多 Bash 程序,如 `ssh`、`scp`、`cat`、`find` 等。 ![Git Bash][13] @@ -57,21 +56,21 @@ Git Bash 为 Git 命令行提供了仿真层。除了 Git 命令,Git Bash 还 你可以从其网站免费下载和安装 Git for Windows 工具来在 Windows 中安装 Git Bash。 -[下载 Git for Windows][12] +- [下载 Git for Windows][12] -#### 3\. 使用 Cygwin 在 Windows 中使用 Linux 命令 +#### 3、使用 Cygwin 在 Windows 中使用 Linux 命令 -如果要在 Windows 中运行 Linux 命令,那么 Cygwin 是一个推荐的工具。Cygwin 创建于 1995 年,旨在提供一个原生运行于 Windows 中的 POSIX 兼容环境。Cygwin 是由 Red Hat 员工和许多其他志愿者维护的免费开源软件。 +如果要在 Windows 中运行 Linux 命令,那么 Cygwin 是一个推荐的工具。Cygwin 创建于 1995 年,旨在提供一个原生运行于 Windows 中的 POSIX 兼容环境。Cygwin 是由 Red Hat 员工和许多其他志愿者维护的自由开源软件。 二十年来,Windows 用户使用 Cygwin 来运行和练习 Linux/Bash 命令。十多年前,我甚至用 Cygwin 来学习 Linux 命令。 -![Cygwin | Image Credit][14] +![Cygwin][14] 你可以从下面的官方网站下载 Cygwin。我还建议你参考这个 [Cygwin 备忘录][15]来开始使用。 -[下载 Cygwin][16] +- [下载 Cygwin][16] -#### 4\. 在虚拟机中使用 Linux +#### 4、在虚拟机中使用 Linux 另一种方法是使用虚拟化软件并在其中安装 Linux。这样,你可以在 Windows 中安装 Linux 发行版(带有图形界面)并像常规 Windows 应用一样运行它。 @@ -83,7 +82,7 @@ Git Bash 为 Git 命令行提供了仿真层。除了 Git 命令,Git Bash 还 你可以按照[本教程学习如何在 VirtualBox 中安装 Linux][20]。 -**总结** +### 总结 运行 Linux 命令的最佳方法是使用 Linux。当选择不安装 Linux 时,这些工具能让你在 Windows 上运行 Linux 命令。都试试看,看哪种适合你。 @@ -94,7 +93,7 @@ via: https://itsfoss.com/run-linux-commands-in-windows/ 作者:[Abhishek Prakash][a] 选题:[lujun9972][b] 译者:[geekpi](https://github.com/geekpi) -校对:[校对者ID](https://github.com/校对者ID) +校对:[wxy](https://github.com/wxy) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 diff --git a/sources/talk/20190520 When IoT systems fail- The risk of having bad IoT data.md b/sources/talk/20190520 When IoT systems fail- The risk of having bad IoT data.md index 0aeaa32a36..8b4d57d9a8 100644 --- a/sources/talk/20190520 When IoT systems fail- The risk of having bad IoT data.md +++ b/sources/talk/20190520 When IoT systems fail- The risk of having bad IoT data.md @@ -1,5 +1,5 @@ [#]: collector: (lujun9972) -[#]: translator: ( ) +[#]: translator: (chen-ni) [#]: reviewer: ( ) [#]: publisher: ( ) [#]: url: ( ) diff --git a/sources/talk/20190528 Managed WAN and the cloud-native SD-WAN.md b/sources/talk/20190528 Managed WAN and the cloud-native SD-WAN.md new file mode 100644 index 0000000000..026b5d8e81 --- /dev/null +++ b/sources/talk/20190528 Managed WAN and the cloud-native SD-WAN.md @@ -0,0 +1,121 @@ +[#]: collector: (lujun9972) +[#]: translator: ( ) +[#]: reviewer: ( ) +[#]: publisher: ( ) +[#]: url: ( ) +[#]: subject: (Managed WAN and the cloud-native SD-WAN) +[#]: via: (https://www.networkworld.com/article/3398476/managed-wan-and-the-cloud-native-sd-wan.html) +[#]: author: (Matt Conran https://www.networkworld.com/author/Matt-Conran/) + +Managed WAN and the cloud-native SD-WAN +====== +The motivation for WAN transformation is clear, today organizations require: improved internet access and last mile connectivity, additional bandwidth and a reduction in the WAN costs. +![Gerd Altmann \(CC0\)][1] + +In recent years, a significant number of organizations have transformed their wide area network (WAN). Many of these organizations have some kind of cloud-presence across on-premise data centers and remote site locations. + +The vast majority of organizations that I have consulted with have over 10 locations. And it is common to have headquarters in both the US and Europe, along with remote site locations spanning North America, Europe, and Asia. + +A WAN transformation project requires this diversity to be taken into consideration when choosing the best SD-WAN vendor to satisfy both; networking and security requirements. Fundamentally, SD-WAN is not just about physical connectivity, there are many more related aspects. + +**[ Related:[MPLS explained – What you need to know about multi-protocol label switching][2]** + +### Motivations for transforming the WAN + +The motivation for WAN transformation is clear: Today organizations prefer improved internet access and last mile connectivity, additional bandwidth along with a reduction in the WAN costs. Replacing Multiprotocol Label Switching (MPLS) with SD-WAN has of course been the main driver for the SD-WAN evolution, but it is only a single piece of the jigsaw puzzle. + +Many SD-WAN vendors are quickly brought to their knees when they try to address security and gain direct internet access from remote site locations. The problem is how to ensure optimized cloud access that is secure, has improved visibility and predictable performance without the high costs associated with MPLS? SD-WAN is not just about connecting locations. Primarily, it needs to combine many other important network and security elements into one seamless worldwide experience. + +According to a recent report from [Cato Networks][3] into enterprise IT managers, a staggering 85% will confront use cases in 2019 that are poorly addressed or outright ignored by SD-WAN. Examples includes providing secure, Internet access from any location (50%) and improving visibility into and control over mobile access to cloud applications, such as Office 365 (46%). + +### Issues with traditional SD-WAN vendors + +First and foremost, SD-WAN unable to address the security challenges that arise during the WAN transformation. Such security challenges include protection against malware, ransomware and implementing the necessary security policies. Besides, there is a lack of visibility that is required to police the mobile users and remote site locations accessing resources in the public cloud. + +To combat this, organizations have to purchase additional equipment. There has always been and will always be a high cost associated with buying such security appliances. Furthermore, the additional tools that are needed to protect the remote site locations increase the network complexity and reduce visibility. Let’s us not forget that the variety of physical appliances require talented engineers for design, deployment and maintenance. + +There will often be a single network-cowboy. This means the network and security configuration along with the design essentials are stored in the mind of the engineer, not in a central database from where the knowledge can be accessed if the engineer leaves his or her employment. + +The physical appliance approach to SD-WAN makes it hard, if not impossible, to accommodate for the future. If the current SD-WAN vendors continue to focus just on connecting the devices with the physical appliances, they will have limited ability to accommodate for example, with the future of network IoT devices. With these factors in mind what are the available options to overcome the SD-WAN shortcomings? + +One can opt for a do it yourself (DIY) solution, or a managed service, which can fall into the category of telcos, with the improvements of either co-managed or self-managed service categories. + +### Option 1: The DIY solution + +Firstly DIY, from the experience of trying to stitch together a global network, this is not only costly but also complex and is a very constrained approach to the network transformation. We started with physical appliances decades ago and it was sufficient to an extent. The reason it worked was that it suited the requirements of the time, but our environment has changed since then. Hence, we need to accommodate these changes with the current requirements. + +Even back in those days, we always had a breachable perimeter. The perimeter-approach to networking and security never really worked and it was just a matter of time before the bad actor would penetrate the guarded walls. + +Securing a global network involves more than just firewalling the devices. A solid security perimeter requires URL filtering, anti-malware and IPS to secure the internet traffic. If you try to deploy all these functions in a single device, such as, unified threat management (UTM), you will hit scaling problems. As a result, you will be left with appliance sprawl. + +Back in my early days as an engineer, I recall stitching together a global network with a mixture of security and network appliances from a variety of vendors. It was me and just two others who used to get the job done on time and for a production network, our uptime levels were superior to most. + +However, it involved too many late nights, daily flights to our PoPs and of course the major changes required a forklift. A lot of work had to be done at that time, which made me want to push some or most of the work to a 3rd party. + +### Option 2: The managed service solution + +Today, there is a growing need for the managed service approach to SD-WAN. Notably, it simplifies the network design, deployment and maintenance activities while offloading the complexity, in line with what most CIOs are talking about today. + +Managed service provides a number of benefits, such as the elimination of backhauling to centralized cloud connectors or VPN concentrators. Evidently, backhauling is never favored for a network architect. More than often it will result in increased latency, congested links, internet chokepoints, and last-mile outages. + +Managed service can also authenticate mobile users at the local communication hub and not at a centralized point which would increase the latency. So what options are available when considering a managed service? + +### Telcos: An average service level + +Let’s be honest, telcos have a mixed track record and enterprises rely on them with caution. Essentially, you are building a network with 3rd party appliances and services that put the technical expertise outside of the organization. + +Secondly, the telco must orchestrate, monitor and manage numerous technical domains which are likely to introduce further complexity. As a result, troubleshooting requires close coordination with the suppliers which will have an impact on the customer experience. + +### Time equals money + +To resolve a query could easily take two or three attempts. It’s rare that you will get to the right person straight away. This eventually increases the time to resolve problems. Even for a minor feature change, you have to open tickets. Hence, with telcos, it increases the time required to solve a problem. + +In addition, it takes time to make major network changes such as opening new locations, which could take up to 45 days. In the same report mentioned above, 71% of the respondents are frustrated with the telco customer-service-time to resolve the problems, 73% indicated that deploying new locations requires at least 15 days and 47% claimed that “high bandwidth costs” is the biggest frustration while working with telcos. + +When it comes to lead times for projects, an engineer does not care. Does a project manager care if you have an optimum network design? No, many don’t, most just care about the timeframes. During my career, now spanning 18 years, I have never seen comments from any of my contacts saying “you must adhere to your project manager’s timelines”. + +However, out of the experience, the project managers have their ways and lead times do become a big part of your daily job. So as an engineer, 45-day lead time will certainly hit your brand hard, especially if you are an external consultant. + +There is also a problem with bandwidth costs. Telcos need to charge due to their complexity. There is always going to be a series of problems when working with them. Let’s face it, they offer an average service level. + +### Co-management and self-service management + +What is needed is a service that equips with the visibility and control of DIY to managed services. This, ultimately, opens the door to co-management and self-service management. + +Co-management allows both the telco and enterprise to make changes to the WAN. Then we have the self-service management of WAN that allows the enterprises to have sole access over the aspect of their network. + +However, these are just sticking plasters covering up the flaws. We need a managed service that not only connects locations but also synthesizes the site connectivity, along with security, mobile access, and cloud access. + +### Introducing the cloud-native approach to SD-WAN + +There should be a new style of managed services that combines the best of both worlds. It should offer the uptime, predictability and reach of the best telcos along with the cost structure and versatility of cloud providers. All such requirements can be met by what is known as the cloud-native carrier. + +Therefore, we should be looking for a platform that can connect and secure all the users and resources at scale, no matter where they are positioned. Eventually, such a platform will limit the costs and increase the velocity and agility. + +This is what a cloud-native carrier can offer you. You could say it’s a new kind of managed service, which is what enterprises are now looking for. A cloud-native carrier service brings the best of cloud services to the world of networking. This new style of managed service brings to SD-WAN the global reach, self-service, and agility of the cloud with the ability to easily migrate from MPLS. + +In summary, a cloud-native carrier service will improve global connectivity to on-premises and cloud applications, enable secure branch to internet access, and both securely and optimally integrate cloud datacenters. + +**This article is published as part of the IDG Contributor Network.[Want to Join?][4]** + +Join the Network World communities on [Facebook][5] and [LinkedIn][6] to comment on topics that are top of mind. + +-------------------------------------------------------------------------------- + +via: https://www.networkworld.com/article/3398476/managed-wan-and-the-cloud-native-sd-wan.html + +作者:[Matt Conran][a] +选题:[lujun9972][b] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]: https://www.networkworld.com/author/Matt-Conran/ +[b]: https://github.com/lujun9972 +[1]: https://images.techhive.com/images/article/2017/03/network-wan-100713693-large.jpg +[2]: https://www.networkworld.com/article/2297171/sd-wan/network-security-mpls-explained.html +[3]: https://www.catonetworks.com/news/digital-transformation-survey +[4]: /contributor-network/signup.html +[5]: https://www.facebook.com/NetworkWorld/ +[6]: https://www.linkedin.com/company/network-world diff --git a/sources/talk/20190528 Moving to the Cloud- SD-WAN Matters.md b/sources/talk/20190528 Moving to the Cloud- SD-WAN Matters.md new file mode 100644 index 0000000000..8f6f46b6f2 --- /dev/null +++ b/sources/talk/20190528 Moving to the Cloud- SD-WAN Matters.md @@ -0,0 +1,69 @@ +[#]: collector: (lujun9972) +[#]: translator: ( ) +[#]: reviewer: ( ) +[#]: publisher: ( ) +[#]: url: ( ) +[#]: subject: (Moving to the Cloud? SD-WAN Matters!) +[#]: via: (https://www.networkworld.com/article/3397921/moving-to-the-cloud-sd-wan-matters.html) +[#]: author: (Rami Rammaha https://www.networkworld.com/author/Rami-Rammaha/) + +Moving to the Cloud? SD-WAN Matters! +====== + +![istock][1] + +This is the first in a two-part blog series that will explore how enterprises can realize the full transformation promise of the cloud by shifting to a business first networking model powered by a business-driven [SD-WAN][2]. The focus for this installment will be on automating secure IPsec connectivity and intelligently steering traffic to cloud providers. + +Over the past several years we’ve seen a major shift in data center strategies where enterprise IT organizations are shifting applications and workloads to cloud, whether private or public. More and more, enterprises are leveraging software as-a-service (SaaS) applications and infrastructure as-a-service (IaaS) cloud services from leading providers like [Amazon AWS][3], [Google Cloud][4], [Microsoft Azure][5] and [Oracle Cloud Infrastructure][6]. This represents a dramatic shift in enterprise data traffic patterns as fewer and fewer applications are hosted within the walls of the traditional corporate data center. + +There are several drivers for the shift to IaaS cloud services and SaaS apps, but business agility tops the list for most enterprises. The traditional IT model for provisioning and deprovisioning applications is rigid and inflexible and is no longer able to keep pace with changing business needs. + +According to [LogicMonitor’s Cloud Vision 2020][7] study, more than 80 percent of enterprise workloads will run in the cloud by 2020 with more than 40 percent running on public cloud platforms. This major shift in the application consumption model is having a huge [impact on organizations and infrastructure][8]. A recent article entitled “[How Amazon Web Services is luring banks to the cloud][9],” published by CNBC, reported that some companies already have completely migrated all of their applications and IT workloads to public cloud infrastructures. An interesting fact is that while many enterprises must comply with stringent regulatory compliance mandates such as PCI-DSS or HIPAA, they still have made the move to the cloud. This tells us two things – the maturity of using public cloud services and the trust these organizations have in using them is at an all-time high. Again, it is all about speed and agility – without compromising performance, security and reliability. + +### **Is there a direct correlation between moving to the cloud and adopting SD-WAN?** + +As the cloud enables businesses to move faster, an SD-WAN architecture where top-down business intent is the driver is critical to ensuring success, especially when branch offices are geographically distributed across the globe. Traditional router-centric WAN architectures were never designed to support today’s cloud consumption model for applications in the most efficient way. With a conventional router-centric WAN approach, access to applications residing in the cloud means traversing unnecessary hops, resulting in wasted bandwidth, additional cost, added latency and potentially higher packet loss. In addition, under the existing, traditional WAN model where management tends to be rigid, complex network changes can be lengthy, whether setting up new branches or troubleshooting performance issues. This leads to inefficiencies and a costly operational model. Therefore, enterprises greatly benefit from taking a business-first WAN approach toward achieving greater agility in addition to realizing substantial CAPEX and OPEX savings. + +A business-driven SD-WAN platform is purpose-built to tackle the challenges inherent to the traditional router-centric model and more aptly support today’s cloud consumption model. This means application policies are defined based on business intent, connecting users securely and directly to applications where ever they reside without unnecessary extra hops or security compromises. For example, if the application is hosted in the cloud and is trusted, a business-driven SD-WAN can automatically connect users to it without backhauling traffic to a POP or HQ data center. Now, in general this traffic is usually going across an internet link which, on its own, may not be secure. However, the right SD-WAN platform will have a unified stateful firewall built-in for local internet breakout allowing only branch-initiated sessions to enter the branch and providing the ability to service chain traffic to a cloud-based security service if necessary, before forwarding it to its final destination. If the application is moved and becomes hosted by another provider or perhaps back to a company’s own data center, traffic must be intelligently redirected, wherever the application is being hosted. Without automation and embedded machine learning, dynamic and intelligent traffic steering is impossible. + +### **A closer look at how the Silver Peak EdgeConnect™ SD-WAN edge platform addresses these challenges: ** + +**Automate traffic steering and connectivity to cloud providers** + +An [EdgeConnect][10] virtual instance is easily spun up in any of the [leading cloud providers][11] through their respective marketplaces. For an SD-WAN to intelligently steer traffic to its destination, it requires insights into both HTTP and HTTPS traffic; it must be able to identify apps on the first packet received in order to steer traffic to the right destination in accordance with business intent. This is critical capability because once a TCP connection is NAT’d with a public IP address, it cannot be switched thus it can’t be re-routed once a connection is established. So, the ability of EdgeConnect to identify, classify and automatically steer traffic based on the first packet – and not the second or tenth packet – to the correct destination will assure application SLAs, minimize wasting expensive bandwidth and deliver the highest quality of experience. + +Another critical capability is automatic performance optimization. Irrespective of which link the traffic ends up traversing based on business intent and the unique requirements of the application, EdgeConnect automatically optimizes application performance without human intervention by correcting for out of order packets using Packet Order Correction (POC) or even under high latency conditions that can be related to distance or other issues. This is done using adaptive Forward Error Correction (FEC) and tunnel bonding where a virtual tunnel is created, resulting in a single logical overlay that traffic can be dynamically moved between the different paths as conditions change with each underlay WAN service. In this [lightboard video][12], Dinesh Fernando, a technical marketing engineer at Silver Peak, explains how EdgeConnect automates tunnel creation between sites and cloud providers, how it simplifies data transfers between multi-clouds, and how it improves application performance. + +If your business is global and increasingly dependent on the cloud, the business-driven EdgeConnect SD-WAN edge platform enables seamless multi-cloud connectivity, turning the network into a business accelerant. EdgeConnect delivers: + + 1. A consistent deployment from the branch to the cloud, extending the reach of the SD-WAN into virtual private cloud environments + 2. Multi-cloud flexibility, making it easier to initiate and distribute resources across multiple cloud providers + 3. Investment protection by confidently migrating on premise IT resources to any combination of the leading public cloud platforms, knowing their cloud-hosted instances will be fully supported by EdgeConnect + + + +-------------------------------------------------------------------------------- + +via: https://www.networkworld.com/article/3397921/moving-to-the-cloud-sd-wan-matters.html + +作者:[Rami Rammaha][a] +选题:[lujun9972][b] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]: https://www.networkworld.com/author/Rami-Rammaha/ +[b]: https://github.com/lujun9972 +[1]: https://images.idgesg.net/images/article/2019/05/istock-899678028-100797709-large.jpg +[2]: https://www.silver-peak.com/sd-wan/sd-wan-explained +[3]: https://www.silver-peak.com/company/tech-partners/cloud/aws +[4]: https://www.silver-peak.com/company/tech-partners/cloud/google-cloud +[5]: https://www.silver-peak.com/company/tech-partners/cloud/microsoft-azure +[6]: https://www.silver-peak.com/company/tech-partners/cloud/oracle-cloud +[7]: https://www.logicmonitor.com/resource/the-future-of-the-cloud-a-cloud-influencers-survey/?utm_medium=pr&utm_source=businesswire&utm_campaign=cloudsurvey +[8]: http://www.networkworld.com/article/3152024/lan-wan/in-the-age-of-digital-transformation-why-sd-wan-plays-a-key-role-in-the-transition.html +[9]: http://www.cnbc.com/2016/11/30/how-amazon-web-services-is-luring-banks-to-the-cloud.html?__source=yahoo%257cfinance%257cheadline%257cheadline%257cstory&par=yahoo&doc=104135637 +[10]: https://www.silver-peak.com/products/unity-edge-connect +[11]: https://www.silver-peak.com/company/tech-partners?strategic_partner_type=69 +[12]: https://www.silver-peak.com/resource-center/automate-connectivity-to-cloud-networking-with-sd-wan diff --git a/sources/talk/20190528 With Cray buy, HPE rules but does not own the supercomputing market.md b/sources/talk/20190528 With Cray buy, HPE rules but does not own the supercomputing market.md new file mode 100644 index 0000000000..07f9eea10c --- /dev/null +++ b/sources/talk/20190528 With Cray buy, HPE rules but does not own the supercomputing market.md @@ -0,0 +1,59 @@ +[#]: collector: (lujun9972) +[#]: translator: ( ) +[#]: reviewer: ( ) +[#]: publisher: ( ) +[#]: url: ( ) +[#]: subject: (With Cray buy, HPE rules but does not own the supercomputing market) +[#]: via: (https://www.networkworld.com/article/3397087/with-cray-buy-hpe-rules-but-does-not-own-the-supercomputing-market.html) +[#]: author: (Andy Patrizio https://www.networkworld.com/author/Andy-Patrizio/) + +With Cray buy, HPE rules but does not own the supercomputing market +====== +In buying supercomputer vendor Cray, HPE has strengthened its high-performance-computing technology, but serious competitors remain. +![Cray Inc.][1] + +Hewlett Packard Enterprise was already the leader in the high-performance computing (HPC) sector before its announced acquisition of supercomputer maker Cray earlier this month. Now it has a commanding lead, but there are still competitors to the giant. + +The news that HPE would shell out $1.3 billion to buy the company came just as Cray had announced plans to build three of the biggest systems yet — all exascale, and all with the same deployment time of 2021. + +Sales had been slowing for HPC systems, but our government, with its endless supply of money, came to the rescue, throwing hundreds of millions at Cray for systems to be built at Lawrence Berkeley National Laboratory, Argonne National Laboratory and Oak Ridge National Laboratory. + +**[ Read also:[How to plan a software-defined data-center network][2] ]** + +And HPE sees a big revenue opportunity in HPC, a market that was $2 billion in 1990 and now nearly $30 billion, according to Steve Conway, senior vice president with Hyperion Research, which follows the HPC market. HPE thinks the HPC market will grow to $35 billion by 2021, and it hopes to earn a big chunk of that pie. + +“They were solidly in the lead without Cray. They were already in a significant lead over the No. 2 company, Dell. This adds to their lead and gives them access to very high end of market, especially government supercomputers that sell for $300 million to $600 million each,” said Conway. + +He’s not exaggerating. Earlier this month the U.S. Department of Energy announced a contract with Cray to build Frontier, an exascale supercomputer at Oak Ridge National Laboratory, sometime in 2021, with a $600 million price tag. Frontier will be powered by AMD Epyc processors and Radeon GPUs, which must have them doing backflips at AMD. + +With Cray, HPE is sitting on a lot of technology for the supercomputing and even the high-end, non-HPC market. It had the ProLiant business, the bulk of server sales (and proof the Compaq acquisition wasn’t such a bad idea), Integrity NonStop mission-critical servers, the SGI business it acquired in in 2016, plus a variety running everything from Arm to Xeon Scalable processors. + +Conway thinks all of those technologies fit in different spaces, so he doubts HPE will try to consolidate any of it. All HPE has said so far is it will keep the supercomputer products it has now under the Cray business unit. + +But the company is still getting something it didn’t have. “It takes a certain kind of technical experience [to do HPC right] and only a few companies able to play at that level. Before this deal, HPE was not one of them,” said Conway. + +And in the process, HPE takes Cray away from its many competitors: IBM, Lenovo, Dell/EMC, Huawei (well, not so much now), Super Micro, NEC, Hitachi, Fujitsu, and Atos. + +“[The acquisition] doesn’t fundamentally change things because there’s still enough competitors that buyers can have competitive bids. But it’s gotten to be a much bigger market,” said Conway. + +Cray sells a lot to government, but Conway thinks there is a new opportunity in the ever-expanding AI race. “Because HPC is indispensable at the forefront of AI, there is a new area for expanding the market,” he said. + +Join the Network World communities on [Facebook][3] and [LinkedIn][4] to comment on topics that are top of mind. + +-------------------------------------------------------------------------------- + +via: https://www.networkworld.com/article/3397087/with-cray-buy-hpe-rules-but-does-not-own-the-supercomputing-market.html + +作者:[Andy Patrizio][a] +选题:[lujun9972][b] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]: https://www.networkworld.com/author/Andy-Patrizio/ +[b]: https://github.com/lujun9972 +[1]: https://images.idgesg.net/images/article/2018/06/the_cray_xc30_piz_daint_system_at_the_swiss_national_supercomputing_centre_via_cray_inc_3x2_978x652-100762113-large.jpg +[2]: https://www.networkworld.com/article/3284352/data-center/how-to-plan-a-software-defined-data-center-network.html +[3]: https://www.facebook.com/NetworkWorld/ +[4]: https://www.linkedin.com/company/network-world diff --git a/sources/talk/20190529 Cisco security spotlights Microsoft Office 365 e-mail phishing increase.md b/sources/talk/20190529 Cisco security spotlights Microsoft Office 365 e-mail phishing increase.md new file mode 100644 index 0000000000..c1e0493e63 --- /dev/null +++ b/sources/talk/20190529 Cisco security spotlights Microsoft Office 365 e-mail phishing increase.md @@ -0,0 +1,92 @@ +[#]: collector: (lujun9972) +[#]: translator: ( ) +[#]: reviewer: ( ) +[#]: publisher: ( ) +[#]: url: ( ) +[#]: subject: (Cisco security spotlights Microsoft Office 365 e-mail phishing increase) +[#]: via: (https://www.networkworld.com/article/3398925/cisco-security-spotlights-microsoft-office-365-e-mail-phishing-increase.html) +[#]: author: (Michael Cooney https://www.networkworld.com/author/Michael-Cooney/) + +Cisco security spotlights Microsoft Office 365 e-mail phishing increase +====== +Cisco blog follows DHS Cybersecurity and Infrastructure Security Agency (CISA) report detailing risks around Office 365 and other cloud services +![weerapatkiatdumrong / Getty Images][1] + +It’s no secret that if you have a cloud-based e-mail service, fighting off the barrage of security issues has become a maddening daily routine. + +The leading e-mail service – in [Microsoft’s Office 365][2] package – seems to be getting the most attention from those attackers hellbent on stealing enterprise data or your private information via phishing attacks. Amazon and Google see their share of phishing attempts in their cloud-based services as well. + +**[ Also see[What to consider when deploying a next generation firewall][3]. | Get regularly scheduled insights by [signing up for Network World newsletters][4]. ]** + +But attackers are crafting and launching phishing campaigns targeting Office 365 users, [wrote][5] Ben Nahorney, a Threat Intelligence Analyst focused on covering the threat landscape for Cisco Security in a blog focusing on the Office 365 phishing issue. + +Nahorney wrote of research from security vendor [Agari Data][6], that found over the last few quarters, there has been a steady increase in the number of phishing emails impersonating Microsoft. While Microsoft has long been the most commonly impersonated brand, it now accounts for more than half of all brand impersonations seen in the last quarter. + +Recently cloud security firm Avanan wrote in its [annual phishing report][7], one in every 99 emails is a phishing attack, using malicious links and attachments as the main vector. “Of the phishing attacks we analyzed, 25 percent bypassed Office 365 security, a number that is likely to increase as attackers design new obfuscation methods that take advantage of zero-day vulnerabilities on the platform,” Avanan wrote. + +The attackers attempt to steal a user’s login credentials with the goal of taking over accounts. If successful, attackers can often log into the compromised accounts, and perform a wide variety of malicious activity: Spread malware, spam and phishing emails from within the internal network; carry out tailored attacks such as spear phishing and [business email compromise][8] [a long-standing business scam that uses spear-phishing, social engineering, identity theft, e-mail spoofing], and target partners and customers, Nahorney wrote. + +Nahorney wrote that at first glance, this may not seem very different than external email-based attacks. However, there is one critical distinction: The malicious emails sent are now coming from legitimate accounts. + +**[[Prepare to become a Certified Information Security Systems Professional with this comprehensive online course from PluralSight. Now offering a 10-day free trial!][9] ]** + +“For the recipient, it’s often even someone that they know, eliciting trust in a way that would not necessarily be afforded to an unknown source. To make things more complicated, attackers often leverage ‘conversation hijacking,’ where they deliver their payload by replying to an email that’s already located in the compromised inbox,” Nahorney stated. + +The methods used by attackers to gain access to an Office 365 account are fairly straightforward, Nahorney wrote. + +“The phishing campaigns usually take the form of an email from Microsoft. The email contains a request to log in, claiming the user needs to reset their password, hasn’t logged in recently or that there’s a problem with the account that needs their attention. A URL is included, enticing the reader to click to remedy the issue,” Nahorney wrote. + +Once logged in, nefarious activities can go on unnoticed as the attacker has what look like authorized credentials. + +“This gives the attacker time for reconnaissance: a chance to observe and plan additional attacks. Nor will this type of attack set off a security alert in the same way something like a brute-force attack against a webmail client will, where the attacker guesses password after password until they get in or are detected,” Nahorney stated. + +Nahorney suggested the following steps customers can take to protect email: + + * Use multi-factor authentication. If a login attempt requires a secondary authorization before someone is allowed access to an inbox, this will stop many attackers, even with phished credentials. + * Deploy advanced anti-phishing technologies. Some machine-learning technologies can use local identity and relationship modeling alongside behavioral analytics to spot deception-based threats. + * Run regular phishing exercises. Regular, mandated phishing exercises across the entire organization will help to train employees to recognize phishing emails, so that they don’t click on malicious URLs, or enter their credentials into malicious website. + + + +### Homeland Security flags Office 365, other cloud email services + +The U.S. government, too, has been warning customers of Office 365 and other cloud-based email services that they should be on alert for security risks. The US Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) this month [issued a report targeting][10] Office 365 and other cloud services saying: + +“Organizations that used a third party have had a mix of configurations that lowered their overall security posture (e.g., mailbox auditing disabled, unified audit log disabled, multi-factor authentication disabled on admin accounts). In addition, the majority of these organizations did not have a dedicated IT security team to focus on their security in the cloud. These security oversights have led to user and mailbox compromises and vulnerabilities.” + +The agency also posted remediation suggestions including: + + * Enable unified audit logging in the Security and Compliance Center. + * Enable mailbox auditing for each user. + * Ensure Azure AD password sync is planned for and configured correctly, prior to migrating users. + * Disable legacy email protocols, if not required, or limit their use to specific users. + + + +Join the Network World communities on [Facebook][11] and [LinkedIn][12] to comment on topics that are top of mind. + +-------------------------------------------------------------------------------- + +via: https://www.networkworld.com/article/3398925/cisco-security-spotlights-microsoft-office-365-e-mail-phishing-increase.html + +作者:[Michael Cooney][a] +选题:[lujun9972][b] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]: https://www.networkworld.com/author/Michael-Cooney/ +[b]: https://github.com/lujun9972 +[1]: https://images.idgesg.net/images/article/2019/05/cso_phishing_social_engineering_security_threat_by_weerapatkiatdumrong_gettyimages-489433130_3x2_2400x1600-100796450-large.jpg +[2]: https://docs.microsoft.com/en-us/office365/securitycompliance/security-roadmap +[3]: https://www.networkworld.com/article/3236448/lan-wan/what-to-consider-when-deploying-a-next-generation-firewall.html +[4]: https://www.networkworld.com/newsletters/signup.html +[5]: https://blogs.cisco.com/security/office-365-phishing-threat-of-the-month +[6]: https://www.agari.com/ +[7]: https://www.avanan.com/hubfs/2019-Global-Phish-Report.pdf +[8]: https://www.networkworld.com/article/3195072/fbi-ic3-vile-5b-business-e-mail-scam-continues-to-breed.html +[9]: https://pluralsight.pxf.io/c/321564/424552/7490?u=https%3A%2F%2Fwww.pluralsight.com%2Fpaths%2Fcertified-information-systems-security-professional-cisspr +[10]: https://www.us-cert.gov/ncas/analysis-reports/AR19-133A +[11]: https://www.facebook.com/NetworkWorld/ +[12]: https://www.linkedin.com/company/network-world diff --git a/sources/talk/20190529 Nvidia launches edge computing platform for AI processing.md b/sources/talk/20190529 Nvidia launches edge computing platform for AI processing.md new file mode 100644 index 0000000000..f608db970c --- /dev/null +++ b/sources/talk/20190529 Nvidia launches edge computing platform for AI processing.md @@ -0,0 +1,53 @@ +[#]: collector: (lujun9972) +[#]: translator: ( ) +[#]: reviewer: ( ) +[#]: publisher: ( ) +[#]: url: ( ) +[#]: subject: (Nvidia launches edge computing platform for AI processing) +[#]: via: (https://www.networkworld.com/article/3397841/nvidia-launches-edge-computing-platform-for-ai-processing.html) +[#]: author: (Andy Patrizio https://www.networkworld.com/author/Andy-Patrizio/) + +Nvidia launches edge computing platform for AI processing +====== +EGX platform goes to the edge to do as much processing there as possible before sending data upstream to major data centers. +![Leo Wolfert / Getty Images][1] + +Nvidia is launching a new platform called EGX Platform designed to bring real-time artificial intelligence (AI) to edge networks. The idea is to put AI computing closer to where sensors collect data before it is sent to larger data centers. + +The edge serves as a buffer to data sent to data centers. It whittles down the data collected and only sends what is relevant up to major data centers for processing. This can mean discarding more than 90% of data collected, but the trick is knowing which data to keep and which to discard. + +“AI is required in this data-driven world,” said Justin Boitano, senior director for enterprise and edge computing at Nvidia, on a press call last Friday. “We analyze data near the source, capture anomalies and report anomalies back to the mothership for analysis.” + +**[ Now read[20 hot jobs ambitious IT pros should shoot for][2]. ]** + +Boitano said we are hitting crossover where there is more compute at edge than cloud because more work needs to be done there. + +EGX comes from 14 server vendors in a range of form factors, combining AI with network, security and storage from Mellanox. Boitano said that the racks will fit in any industry-standard rack, so they will fit into edge containers from the likes of Vapor IO and Schneider Electric. + +EGX uses Nvidia’s low-power Jetson Nano processor, but also all the way up to Nvidia T4 processors that can deliver more than 10,000 trillion operations per second (TOPS) for real-time speech recognition and other real-time AI tasks. + +Nvdia is working on software stack called Nvidia Edge Stack that can be updated constantly, and the software runs in containers, so no reboots are required, just a restart of the container. EGX runs enterprise-grade Kubernetes container platforms like Red Hat Openshift. + +Edge Stack is optimized software that includes Nvidia drivers, a CUDA Kubernetes plugin, a CUDA container runtime, CUDA-X libraries and containerized AI frameworks and applications, including TensorRT, TensorRT Inference Server and DeepStream. + +The company is boasting more than 40 early adopters, including BMW Group Logistics, which uses EGX and its own Isaac robotic platforms to handle increasingly complex logistics with real-time efficiency. + +Join the Network World communities on [Facebook][3] and [LinkedIn][4] to comment on topics that are top of mind. + +-------------------------------------------------------------------------------- + +via: https://www.networkworld.com/article/3397841/nvidia-launches-edge-computing-platform-for-ai-processing.html + +作者:[Andy Patrizio][a] +选题:[lujun9972][b] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]: https://www.networkworld.com/author/Andy-Patrizio/ +[b]: https://github.com/lujun9972 +[1]: https://images.idgesg.net/images/article/2019/02/industry_4-0_industrial_iot_smart_factory_by_leowolfert_gettyimages-689799380_2400x1600-100788464-large.jpg +[2]: https://www.networkworld.com/article/3276025/careers/20-hot-jobs-ambitious-it-pros-should-shoot-for.html +[3]: https://www.facebook.com/NetworkWorld/ +[4]: https://www.linkedin.com/company/network-world diff --git a/sources/talk/20190529 Satellite-based internet possible by year-end, says SpaceX.md b/sources/talk/20190529 Satellite-based internet possible by year-end, says SpaceX.md new file mode 100644 index 0000000000..383fac66ca --- /dev/null +++ b/sources/talk/20190529 Satellite-based internet possible by year-end, says SpaceX.md @@ -0,0 +1,63 @@ +[#]: collector: (lujun9972) +[#]: translator: ( ) +[#]: reviewer: ( ) +[#]: publisher: ( ) +[#]: url: ( ) +[#]: subject: (Satellite-based internet possible by year-end, says SpaceX) +[#]: via: (https://www.networkworld.com/article/3398940/space-internet-maybe-end-of-year-says-spacex.html) +[#]: author: (Patrick Nelson https://www.networkworld.com/author/Patrick-Nelson/) + +Satellite-based internet possible by year-end, says SpaceX +====== +Amazon, Tesla-associated SpaceX and OneWeb are emerging as just some of the potential suppliers of a new kind of data-friendly satellite internet service that could bring broadband IoT connectivity to most places on Earth. +![Getty Images][1] + +With SpaceX’s successful launch of an initial array of broadband-internet-carrying satellites last week, and Amazon’s surprising posting of numerous satellite engineering-related job openings on its [job board][2] this month, one might well be asking if the next-generation internet space race is finally getting going. (I first wrote about [OneWeb’s satellite internet plans][3] it was concocting with Airbus four years ago.) + +This new batch of satellite-driven internet systems, if they work and are eventually switched on, could provide broadband to most places, including previously internet-barren locations, such as rural areas. That would be good for high-bandwidth, low-latency remote-internet of things (IoT) and increasingly important edge-server connections for verticals like oil and gas and maritime. [Data could even end up getting stored in compliance-friendly outer space, too][4]. Leaky ground-based connections, also, perhaps a thing of the past. + +Of the principal new internet suppliers, SpaceX has gotten farthest along. That’s in part because it has commercial impetus. It needed to create payload for its numerous rocket projects. The Tesla electric-car-associated company (the two firms share materials science) has not only launched its first tranche of 60 satellites for its own internet constellation, called Starlink, but also successfully launched numerous batches (making up the full constellation of 75 satellites) for Iridium’s replacement, an upgraded constellation called Iridium NEXT. + +[The time of 5G is almost here][5] + +Potential competitor OneWeb launched its first six Airbus-built satellites in February. [It has plans for 900 more][6]. SpaceX has been approved for 4,365 more by the FCC, and Project Kuiper, as Amazon’s space internet project is known, wants to place 3,236 satellites in orbit, according to International Telecommunication Union filings [discovered by _GeekWire_][7] earlier this year. [Startup LeoSat, which I wrote about last year, aims to build an internet backbone constellation][8]. Facebook, too, is exploring [space-delivered internet][9]. + +### Why the move to space? + +Laser technical progress, where data is sent in open, free space, rather than via a restrictive, land-based cable or via traditional radio paths, is partly behind this space-internet rush. “Bits travel faster in free space than in glass-fiber cable,” LeoSat explained last year. Additionally, improving microprocessor tech is also part of the mix. + +One important difference from existing older-generation satellite constellations is that this new generation of internet satellites will be located in low Earth orbit (LEO). Initial Starlink satellites will be placed at about 350 miles above Earth, with later launches deployed at 710 miles. + +There’s an advantage to that. Traditional satellites in geostationary orbit, or GSO, have been deployed about 22,000 miles up. That extra distance versus LEO introduces latency and is one reason earlier generations of Internet satellites are plagued by slow round-trip times. Latency didn’t matter when GSO was introduced in 1964, and commercial satellites, traditionally, have been pitched as one-way video links, such as are used by sporting events for broadcast, and not for data. + +And when will we get to experience these new ISPs? “Starlink is targeted to offer service in the Northern U.S. and Canadian latitudes after six launches,” [SpaceX says on its website][10]. Each launch would deliver about 60 satellites. “SpaceX is targeting two to six launches by the end of this year.” + +Global penetration of the “populated world” could be obtained after 24 launches, it thinks. + +Join the Network World communities on [Facebook][11] and [LinkedIn][12] to comment on topics that are top of mind. + +-------------------------------------------------------------------------------- + +via: https://www.networkworld.com/article/3398940/space-internet-maybe-end-of-year-says-spacex.html + +作者:[Patrick Nelson][a] +选题:[lujun9972][b] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]: https://www.networkworld.com/author/Patrick-Nelson/ +[b]: https://github.com/lujun9972 +[1]: https://images.idgesg.net/images/article/2018/10/network_iot_world-map_us_globe_nodes_global-100777483-large.jpg +[2]: https://www.amazon.jobs/en/teams/projectkuiper +[3]: https://www.itworld.com/article/2938652/space-based-internet-starts-to-get-serious.html +[4]: https://www.networkworld.com/article/3200242/data-should-be-stored-data-in-space-firm-says.html +[5]: https://www.networkworld.com/article/3354477/mobile-world-congress-the-time-of-5g-is-almost-here.html +[6]: https://www.airbus.com/space/telecommunications-satellites/oneweb-satellites-connection-for-people-all-over-the-globe.html +[7]: https://www.geekwire.com/2019/amazon-lists-scores-jobs-bellevue-project-kuiper-broadband-satellite-operation/ +[8]: https://www.networkworld.com/article/3328645/space-data-backbone-gets-us-approval.html +[9]: https://www.networkworld.com/article/3338081/light-based-computers-to-be-5000-times-faster.html +[10]: https://www.starlink.com/ +[11]: https://www.facebook.com/NetworkWorld/ +[12]: https://www.linkedin.com/company/network-world diff --git a/sources/talk/20190529 Survey finds SD-WANs are hot, but satisfaction with telcos is not.md b/sources/talk/20190529 Survey finds SD-WANs are hot, but satisfaction with telcos is not.md new file mode 100644 index 0000000000..9b65a6c8dd --- /dev/null +++ b/sources/talk/20190529 Survey finds SD-WANs are hot, but satisfaction with telcos is not.md @@ -0,0 +1,69 @@ +[#]: collector: (lujun9972) +[#]: translator: ( ) +[#]: reviewer: ( ) +[#]: publisher: ( ) +[#]: url: ( ) +[#]: subject: (Survey finds SD-WANs are hot, but satisfaction with telcos is not) +[#]: via: (https://www.networkworld.com/article/3398478/survey-finds-sd-wans-are-hot-but-satisfaction-with-telcos-is-not.html) +[#]: author: (Zeus Kerravala https://www.networkworld.com/author/Zeus-Kerravala/) + +Survey finds SD-WANs are hot, but satisfaction with telcos is not +====== +A recent survey of over 400 IT executives by Cato Networks found that legacy telcos might be on the outside looking in for SD-WANs. +![istock][1] + +This week SD-WAN vendor Cato Networks announced the results of its [Telcos and the Future of the WAN in 2019 survey][2]. The study was a mix of companies of all sizes, with 42% being enterprise-class (over 2,500 employees). More than 70% had a network with more than 10 locations, and almost a quarter (24%) had over 100 sites. All of the respondents have a cloud presence, and almost 80% have at least two data centers. The survey had good geographic diversity, with 57% of respondents coming from the U.S. and 24% from Europe. + +Highlights of the survey include the following key findings: + +## **SD-WANs are hot but not a panacea to all networking challenges** + +The survey found that 44% of respondents have already deployed or will deploy an SD-WAN within the next 12 months. This number is up sharply from 25% when Cato ran the survey a year ago. Another 33% are considering SD-WAN but have no immediate plans to deploy. The primary drivers for the evolution of the WAN are improved internet access (46%), increased bandwidth (39%), improved last-mile availability (38%) and reduced WAN costs (37%). It’s good to see cost savings drop to fourth in motivation, since there is so much more to SD-WAN. + +[The time of 5G is almost here][3] + +It’s interesting that the majority of respondents believe SD-WAN alone can’t address all challenges facing the WAN. A whopping 85% stated they would be confronting issues not addressed by SD-WAN alone. This includes secure, local internet breakout, improved visibility, and control over mobile access to cloud apps. This indicates that customers are looking for SD-WAN to be the foundation of the WAN but understand that other technologies need to be deployed as well. + +## **Telco dissatisfaction is high** + +The traditional telco has been a point of frustration for network professionals for years, and the survey spelled that out loud and clear. Prior to being an analyst, I held a number of corporate IT positions and found telcos to be the single most frustrating group of companies to deal with. The problem was, there was no choice. If you need MPLS services, you need a telco. The same can’t be said for SD-WANs, though; businesses have more choices. + +Respondents to the survey ranked telco service as “average.” It’s been well documented that we are now in the customer-experience era and “good enough” service is no longer good enough. Regarding pricing, 54% gave telcos a failing grade. Although price isn’t everything, this will certainly open the door to competitive SD-WAN vendors. Respondents gave the highest marks for overall experience to SaaS providers, followed by cloud computing suppliers. Global telcos scored the lowest of all vendor types. + +A look deeper explains the frustration level. The network is now mission-critical for companies, but 48% stated they are able to reach the support personnel with the right expertise to solve a problem only on a second attempt. No retailer, airline, hotel or other type of company could survive this, but telco customers had no other options for years. + +**[[Prepare to become a Certified Information Security Systems Professional with this comprehensive online course from PluralSight. Now offering a 10-day free trial!][4] ]** + +Another interesting set of data points is the speed at which telcos address customer needs. Digital businesses compete on speed, but telco process is the antithesis of fast. Moves, adds and changes take at least one business day for half of the respondents. Also, 70% indicated that opening a new location takes 15 days, and 38% stated it requires 45 days or more. + +## **Security is now part of SD-WAN** + +The use of broadband, cloud access and other trends raise the bar on security for SD-WAN, and the survey confirmed that respondents are skeptical that SD-WANs could address these issues. Seventy percent believe SD-WANs can’t address malware/ransomware, and 49% don’t think SD-WAN helps with enforcing company policies on mobile users. Because of this, network professionals are forced to buy additional security tools from other vendors, but that can drive up complexity. SD-WAN vendors that have intrinsic security capabilities can use that as a point of differentiation. + +## **Managed services are critical to the growth of SD-WANs** + +The survey found that 75% of respondents are using some kind of managed service provider, versus only 25% using an appliance vendor. This latter number was 32% last year. I’m not surprised by this shift and expect it to continue. Legacy WANs were inefficient but straightforward to deploy. D-WANs are highly agile and more cost-effective, but complexity has gone through the roof. Network engineers need to factor in cloud connectivity, distributed security, application performance, broadband connectivity and other issues. Managed services can help businesses enjoy the benefits of SD-WAN while masking the complexity. + +Despite the desire to use an MSP, respondents don’t want to give up total control. Eighty percent stated they preferred self-service or co-managed models. This further explains the shift away from telcos, since they typically work with fully managed models. + +Join the Network World communities on [Facebook][5] and [LinkedIn][6] to comment on topics that are top of mind. + +-------------------------------------------------------------------------------- + +via: https://www.networkworld.com/article/3398478/survey-finds-sd-wans-are-hot-but-satisfaction-with-telcos-is-not.html + +作者:[Zeus Kerravala][a] +选题:[lujun9972][b] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]: https://www.networkworld.com/author/Zeus-Kerravala/ +[b]: https://github.com/lujun9972 +[1]: https://images.idgesg.net/images/article/2018/02/istock-465661573-100750447-large.jpg +[2]: https://www.catonetworks.com/news/digital-transformation-survey/ +[3]: https://www.networkworld.com/article/3354477/mobile-world-congress-the-time-of-5g-is-almost-here.html +[4]: https://pluralsight.pxf.io/c/321564/424552/7490?u=https%3A%2F%2Fwww.pluralsight.com%2Fpaths%2Fcertified-information-systems-security-professional-cisspr +[5]: https://www.facebook.com/NetworkWorld/ +[6]: https://www.linkedin.com/company/network-world diff --git a/sources/talk/20190602 IoT Roundup- New research on IoT security, Microsoft leans into IoT.md b/sources/talk/20190602 IoT Roundup- New research on IoT security, Microsoft leans into IoT.md new file mode 100644 index 0000000000..6d955c6485 --- /dev/null +++ b/sources/talk/20190602 IoT Roundup- New research on IoT security, Microsoft leans into IoT.md @@ -0,0 +1,71 @@ +[#]: collector: (lujun9972) +[#]: translator: ( ) +[#]: reviewer: ( ) +[#]: publisher: ( ) +[#]: url: ( ) +[#]: subject: (IoT Roundup: New research on IoT security, Microsoft leans into IoT) +[#]: via: (https://www.networkworld.com/article/3398607/iot-roundup-new-research-on-iot-security-microsoft-leans-into-iot.html) +[#]: author: (Jon Gold https://www.networkworld.com/author/Jon-Gold/) + +IoT Roundup: New research on IoT security, Microsoft leans into IoT +====== +Verizon sets up widely available narrow-band IoT service, while most Americans think IoT manufacturers should ensure their products protect personal information. +As with any technology whose use is expanding at such speed, it can be tough to track exactly what’s going on in the [IoT][1] world – everything from basic usage numbers to customer attitudes to more in-depth slices of the market is constantly changing. Fortunately, the month of May brought several new pieces of research to light, which should help provide at least a partial outline of what’s really happening in IoT. + +### Internet of things polls + +Not all of the news is good. An IPSOS Mori poll performed on behalf of the Internet Society and Consumers International (respectively, an umbrella organization for open development and Internet use and a broad-based consumer advocacy group) found that, despite the skyrocketing numbers of smart devices in circulation around the world, more than half of users in large parts of the western world don’t trust those devices to safeguard their privacy. + +**More on IoT:** + + * [What is the IoT? How the internet of things works][2] + * [What is edge computing and how it’s changing the network][3] + * [Most powerful Internet of Things companies][4] + * [10 Hot IoT startups to watch][5] + * [The 6 ways to make money in IoT][6] + * [What is digital twin technology? [and why it matters]][7] + * [Blockchain, service-centric networking key to IoT success][8] + * [Getting grounded in IoT networking and security][9] + * [Building IoT-ready networks must become a priority][10] + * [What is the Industrial IoT? [And why the stakes are so high]][11] + + + +While almost 70 percent of respondents owned connected devices, 55 percent said they didn’t feel their personal information was adequately protected by manufacturers. A further 28 percent said they had avoided using connected devices – smart home, fitness tracking and similar consumer gadgetry – primarily because they were concerned over privacy issues, and a whopping 85 percent of Americans agreed with the argument that manufacturers had a responsibility to produce devices that protected personal information. + +Those concerns are understandable, according to data from the Ponemon Institute, a tech-research organization. Its survey of corporate risk and security personnel, released in early May, found that there have been few concerted efforts to limit exposure to IoT-based security threats, and that those threats are sharply on the rise when compared to past years, with the percentage of organizations that had experienced a data breach related to unsecured IoT devices rising from 15 percent in fiscal 2017 to 26 percent in fiscal 2019. + +Beyond a lack of organizational wherewithal to address those threats, part of the problem in some verticals is technical. Security vendor Forescout said earlier this month that its research showed 40 percent of all healthcare IT environments had more than 20 different operating systems, and more than 30 percent had more than 100 – hardly an ideal situation for smooth patching and updating. + +To continue reading this article register now + +[Get Free Access][12] + +[Learn More][13] Existing Users [Sign In][12] + +-------------------------------------------------------------------------------- + +via: https://www.networkworld.com/article/3398607/iot-roundup-new-research-on-iot-security-microsoft-leans-into-iot.html + +作者:[Jon Gold][a] +选题:[lujun9972][b] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]: https://www.networkworld.com/author/Jon-Gold/ +[b]: https://github.com/lujun9972 +[1]: https://www.networkworld.com/article/3207535/what-is-iot-how-the-internet-of-things-works.html +[2]: https://www.networkworld.com/article/3207535/internet-of-things/what-is-the-iot-how-the-internet-of-things-works.html +[3]: https://www.networkworld.com/article/3224893/internet-of-things/what-is-edge-computing-and-how-it-s-changing-the-network.html +[4]: https://www.networkworld.com/article/2287045/internet-of-things/wireless-153629-10-most-powerful-internet-of-things-companies.html +[5]: https://www.networkworld.com/article/3270961/internet-of-things/10-hot-iot-startups-to-watch.html +[6]: https://www.networkworld.com/article/3279346/internet-of-things/the-6-ways-to-make-money-in-iot.html +[7]: https://www.networkworld.com/article/3280225/internet-of-things/what-is-digital-twin-technology-and-why-it-matters.html +[8]: https://www.networkworld.com/article/3276313/internet-of-things/blockchain-service-centric-networking-key-to-iot-success.html +[9]: https://www.networkworld.com/article/3269736/internet-of-things/getting-grounded-in-iot-networking-and-security.html +[10]: https://www.networkworld.com/article/3276304/internet-of-things/building-iot-ready-networks-must-become-a-priority.html +[11]: https://www.networkworld.com/article/3243928/internet-of-things/what-is-the-industrial-iot-and-why-the-stakes-are-so-high.html +[12]: javascript:// +[13]: /learn-about-insider/ diff --git a/sources/talk/20190603 It-s time for the IoT to -optimize for trust.md b/sources/talk/20190603 It-s time for the IoT to -optimize for trust.md new file mode 100644 index 0000000000..cc5aa9db7c --- /dev/null +++ b/sources/talk/20190603 It-s time for the IoT to -optimize for trust.md @@ -0,0 +1,102 @@ +[#]: collector: (lujun9972) +[#]: translator: ( ) +[#]: reviewer: ( ) +[#]: publisher: ( ) +[#]: url: ( ) +[#]: subject: (It’s time for the IoT to 'optimize for trust') +[#]: via: (https://www.networkworld.com/article/3399817/its-time-for-the-iot-to-optimize-for-trust.html) +[#]: author: (Fredric Paul https://www.networkworld.com/author/Fredric-Paul/) + +It’s time for the IoT to 'optimize for trust' +====== +If we can't trust the internet of things (IoT) to gather accurate data and use it appropriately, IoT adoption and innovation are likely to suffer. +![Bose][1] + +One of the strengths of internet of things (IoT) technology is that it can do so many things well. From smart toothbrushes to predictive maintenance on jetliners, the IoT has more use cases than you can count. The result is that various IoT uses cases require optimization for particular characteristics, from cost to speed to long life, as well as myriad others. + +But in a recent post, "[How the internet of things will change advertising][2]" (which you should definitely read), the always-insightful Stacy Higginbotham tossed in a line that I can’t stop thinking about: “It's crucial that the IoT optimizes for trust." + +**[ Read also: Network World's[corporate guide to addressing IoT security][3] ]** + +### Trust is the IoT's most important attribute + +Higginbotham was talking about optimizing for trust as opposed to clicks, but really, trust is more important than just about any other value in the IoT. It’s more important than bandwidth usage, more important than power usage, more important than cost, more important than reliability, and even more important than security and privacy (though they are obviously related). In fact, trust is the critical factor in almost every aspect of the IoT. + +Don’t believe me? Let’s take a quick look at some recent developments in the field: + +For one thing, IoT devices often don’t take good care of the data they collect from you. Over 90% of data transactions on IoT devices are not fully encrypted, according to a new [study from security company Zscaler][4]. The [problem][5], apparently, is that many companies have large numbers of consumer-grade IoT devices on their networks. In addition, many IoT devices are attached to the companies’ general networks, and if that network is breached, the IoT devices and data may also be compromised. + +In some cases, ownership of IoT data can raise surprisingly serious trust concerns. According to [Kaiser Health News][6], smartphone sleep apps, as well as smart beds and smart mattress pads, gather amazingly personal information: “It knows when you go to sleep. It knows when you toss and turn. It may even be able to tell when you’re having sex.” And while companies such as Sleep Number say they don’t share the data they gather, their written privacy policies clearly state that they _can_. + +### **Lack of trust may lead to new laws** + +In California, meanwhile, "lawmakers are pushing for new privacy rules affecting smart speakers” such as the Amazon Echo. According to the _[LA Times][7]_ , the idea is “to ensure that the devices don’t record private conversations without permission,” requiring a specific opt-in process. Why is this an issue? Because consumers—and their elected representatives—don’t trust that Amazon, or any IoT vendor, will do the right thing with the data it collects from the IoT devices it sells—perhaps because it turns out that thousands of [Amazon employees have been listening in on what Alexa users are][8] saying to their Echo devices. + +The trust issues get even trickier when you consider that Amazon reportedly considered letting Alexa listen to users even without a wake word like “Alexa” or “computer,” and is reportedly working on [wearable devices designed to read human emotions][9] from listening to your voice. + +“The trust has been breached,” said California Assemblyman Jordan Cunningham (R-Templeton) to the _LA Times_. + +As critics of the bill ([AB 1395][10]) point out, the restrictions matter because voice assistants require this data to improve their ability to correctly understand and respond to requests. + +### **Some first steps toward increasing trust** + +Perhaps recognizing that the IoT needs to be optimized for trust so that we are comfortable letting it do its job, Amazon recently introduced a new Alexa voice command: “[Delete what I said today][11].” + +Moves like that, while welcome, will likely not be enough. + +For example, a [new United Nations report][12] suggests that “voice assistants reinforce harmful gender stereotypes” when using female-sounding voices and names like Alexa and Siri. Put simply, “Siri’s ‘female’ obsequiousness—and the servility expressed by so many other digital assistants projected as young women—provides a powerful illustration of gender biases coded into technology products, pervasive in the technology sector and apparent in digital skills education.” I'm not sure IoT vendors are eager—or equipped—to tackle issues like that. + +**More on IoT:** + + * [What is the IoT? How the internet of things works][13] + * [What is edge computing and how it’s changing the network][14] + * [Most powerful Internet of Things companies][15] + * [10 Hot IoT startups to watch][16] + * [The 6 ways to make money in IoT][17] + * [What is digital twin technology? [and why it matters]][18] + * [Blockchain, service-centric networking key to IoT success][19] + * [Getting grounded in IoT networking and security][20] + * [Building IoT-ready networks must become a priority][21] + * [What is the Industrial IoT? [And why the stakes are so high]][22] + + + +Join the Network World communities on [Facebook][23] and [LinkedIn][24] to comment on topics that are top of mind. + +-------------------------------------------------------------------------------- + +via: https://www.networkworld.com/article/3399817/its-time-for-the-iot-to-optimize-for-trust.html + +作者:[Fredric Paul][a] +选题:[lujun9972][b] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]: https://www.networkworld.com/author/Fredric-Paul/ +[b]: https://github.com/lujun9972 +[1]: https://images.idgesg.net/images/article/2018/09/bose-sleepbuds-2-100771579-large.jpg +[2]: https://mailchi.mp/iotpodcast/stacey-on-iot-how-iot-changes-advertising?e=6bf9beb394 +[3]: https://www.networkworld.com/article/3269165/internet-of-things/a-corporate-guide-to-addressing-iot-security-concerns.html +[4]: https://www.zscaler.com/blogs/research/iot-traffic-enterprise-rising-so-are-threats +[5]: https://www.csoonline.com/article/3397044/over-90-of-data-transactions-on-iot-devices-are-unencrypted.html +[6]: https://khn.org/news/a-wake-up-call-on-data-collecting-smart-beds-and-sleep-apps/ +[7]: https://www.latimes.com/politics/la-pol-ca-alexa-google-home-privacy-rules-california-20190528-story.html +[8]: https://www.usatoday.com/story/tech/2019/04/11/amazon-employees-listening-alexa-customers/3434732002/ +[9]: https://www.bloomberg.com/news/articles/2019-05-23/amazon-is-working-on-a-wearable-device-that-reads-human-emotions +[10]: https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=201920200AB1395 +[11]: https://venturebeat.com/2019/05/29/amazon-launches-alexa-delete-what-i-said-today-voice-command/ +[12]: https://unesdoc.unesco.org/ark:/48223/pf0000367416.page=1 +[13]: https://www.networkworld.com/article/3207535/internet-of-things/what-is-the-iot-how-the-internet-of-things-works.html +[14]: https://www.networkworld.com/article/3224893/internet-of-things/what-is-edge-computing-and-how-it-s-changing-the-network.html +[15]: https://www.networkworld.com/article/2287045/internet-of-things/wireless-153629-10-most-powerful-internet-of-things-companies.html +[16]: https://www.networkworld.com/article/3270961/internet-of-things/10-hot-iot-startups-to-watch.html +[17]: https://www.networkworld.com/article/3279346/internet-of-things/the-6-ways-to-make-money-in-iot.html +[18]: https://www.networkworld.com/article/3280225/internet-of-things/what-is-digital-twin-technology-and-why-it-matters.html +[19]: https://www.networkworld.com/article/3276313/internet-of-things/blockchain-service-centric-networking-key-to-iot-success.html +[20]: https://www.networkworld.com/article/3269736/internet-of-things/getting-grounded-in-iot-networking-and-security.html +[21]: https://www.networkworld.com/article/3276304/internet-of-things/building-iot-ready-networks-must-become-a-priority.html +[22]: https://www.networkworld.com/article/3243928/internet-of-things/what-is-the-industrial-iot-and-why-the-stakes-are-so-high.html +[23]: https://www.facebook.com/NetworkWorld/ +[24]: https://www.linkedin.com/company/network-world diff --git a/sources/tech/20190517 Using Testinfra with Ansible to verify server state.md b/sources/tech/20190517 Using Testinfra with Ansible to verify server state.md index c14652a7f4..e845b15e59 100644 --- a/sources/tech/20190517 Using Testinfra with Ansible to verify server state.md +++ b/sources/tech/20190517 Using Testinfra with Ansible to verify server state.md @@ -1,5 +1,5 @@ [#]: collector: (lujun9972) -[#]: translator: ( ) +[#]: translator: (geekpi) [#]: reviewer: ( ) [#]: publisher: ( ) [#]: url: ( ) diff --git a/sources/tech/20190523 Run your blog on GitHub Pages with Python.md b/sources/tech/20190523 Run your blog on GitHub Pages with Python.md index 1e3634a327..4763e5e215 100644 --- a/sources/tech/20190523 Run your blog on GitHub Pages with Python.md +++ b/sources/tech/20190523 Run your blog on GitHub Pages with Python.md @@ -1,5 +1,5 @@ [#]: collector: (lujun9972) -[#]: translator: ( ) +[#]: translator: (QiaoN) [#]: reviewer: ( ) [#]: publisher: ( ) [#]: url: ( ) @@ -213,7 +213,7 @@ via: https://opensource.com/article/19/5/run-your-blog-github-pages-python 作者:[Erik O'Shaughnessy][a] 选题:[lujun9972][b] -译者:[译者ID](https://github.com/译者ID) +译者:[QiaoN](https://github.com/QiaoN) 校对:[校对者ID](https://github.com/校对者ID) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 diff --git a/sources/tech/20190527 A deeper dive into Linux permissions.md b/sources/tech/20190527 A deeper dive into Linux permissions.md new file mode 100644 index 0000000000..26a132fdf9 --- /dev/null +++ b/sources/tech/20190527 A deeper dive into Linux permissions.md @@ -0,0 +1,172 @@ +[#]: collector: (lujun9972) +[#]: translator: ( ) +[#]: reviewer: ( ) +[#]: publisher: ( ) +[#]: url: ( ) +[#]: subject: (A deeper dive into Linux permissions) +[#]: via: (https://www.networkworld.com/article/3397790/a-deeper-dive-into-linux-permissions.html) +[#]: author: (Sandra Henry-Stocker https://www.networkworld.com/author/Sandra-Henry_Stocker/) + +A deeper dive into Linux permissions +====== +Sometimes you see more than just the ordinary r, w, x and - designations when looking at file permissions on Linux. How can you get a clearer view of what the uncommon charactrers are trying to tell you and how do these permissions work? +![Sandra Henry-Stocker][1] + +Sometimes you see more than just the ordinary **r** , **w** , **x** and **-** designations when looking at file permissions on Linux. Instead of **rwx** for the owner, group and other fields in the permissions string, you might see an **s** or **t** , as in this example: + +``` +drwxrwsrwt +``` + +One way to get a little more clarity on this is to look at the permissions with the **stat** command. The fourth line of stat’s output displays the file permissions both in octal and string format: + +``` +$ stat /var/mail + File: /var/mail + Size: 4096 Blocks: 8 IO Block: 4096 directory +Device: 801h/2049d Inode: 1048833 Links: 2 +Access: (3777/drwxrwsrwt) Uid: ( 0/ root) Gid: ( 8/ mail) +Access: 2019-05-21 19:23:15.769746004 -0400 +Modify: 2019-05-21 19:03:48.226656344 -0400 +Change: 2019-05-21 19:03:48.226656344 -0400 + Birth: - +``` + +This output reminds us that there are more than nine bits assigned to file permissions. In fact, there are 12. And those extra three bits provide a way to assign permissions beyond the usual read, write and execute — 3777 (binary 011111111111), for example, indicates that two extra settings are in use. + +The first **1** (second bit) in this particular value represents the SGID (set group ID) and assigns temporary permission to run the file or use the directory with the permissions of the associated group. + +``` +011111111111 + ^ +``` + +**SGID** gives temporary permissions to the person using the file to act as a member of that group. + +The second **1** (third bit) is the “sticky” bit. It ensures that _only_ the owner of the file is able to delete or rename the file or directory. + +``` +011111111111 + ^ +``` + +Had the permissions been 7777 rather than 3777, we’d have known that the SUID (set UID) field had also been set. + +``` +111111111111 +^ +``` + +**SUID** gives temporary permissions to the user using the file to act as the file owner. + +As for the /var/mail directory which we looked at above, all users require some access so some special values are required to provide it. + +But now let’s take this a step further. + +One of the common uses of the special permission bits is with commands like the **passwd** command. If you look at the /usr/bin/passwd file, you’ll notice that the SUID bit is set, allowing you to change your password (and, thus, the contents of the /etc/shadow file) even when you’re running as an ordinary (not a privileged) user and have no read or write access to this file. Of course, the passwd command is clever enough not to allow you to change other people's passwords unless you are actually running as root or using sudo. + +``` +$ ls -l /usr/bin/passwd +-rwsr-xr-x 1 root root 63736 Mar 22 14:32 /usr/bin/passwd +$ ls -l /etc/shadow +-rw-r----- 1 root shadow 2195 Apr 22 10:46 /etc/shadow +``` + +Now, let’s look at what you can do with the these special permissions. + +### How to assign special file permissions + +As with many things on the Linux command line, you have some choices on how you make your requests. The **chmod** command allows you to change permissions numerically or using character expressions. + +To change file permissions numerically, you might use a command like this to set the setuid and setgid bits: + +``` +$ chmod 6775 tryme +``` + +Or you might use a command like this: + +``` +$ chmod ug+s tryme <== for SUID and SGID permissions +``` + +If the file that you are adding special permissions to is a script, you might be surprised that it doesn’t comply with your expectations. Here’s a very simple example: + +``` +$ cat tryme +#!/bin/bash + +echo I am $USER +``` + +Even with the SUID and SGID bits set and the file root-owned file, running a script like this won’t yield the “I am root” response you might expect. Why? Because Linux ignores the set-user-ID and set-group-ID bits on scripts. + +``` +$ ls -l tryme +-rwsrwsrwt 1 root root 29 May 26 12:22 tryme +$ ./tryme +I am jdoe +``` + +If you try something similar using a compiled program, on the other hand, as with this simple C program, you’ll see a different effect. In this example program, we prompt the user to enter a file and create it for them, giving the file write permission. + +``` +#include + +int main() +{ + FILE *fp; /* file pointer*/ + char fName[20]; + + printf("Enter the name of file to be created: "); + scanf("%s",fName); + + /* create the file with write permission */ + fp=fopen(fName,"w"); + /* check if file was created */ + if(fp==NULL) + { + printf("File not created"); + exit(0); + } + + printf("File created successfully\n"); + return 0; +} +``` + +Once you compile the program and run the commands for both making root the owner and setting the needed permissions, you’ll see that it runs with root authority as expected — leaving a newly created root-owned file. Of course, you must have sudo privileges to run some of the required commands. + +``` +$ cc -o mkfile mkfile.c <== compile the program +$ sudo chown root:root mkfile <== change owner and group to “root” +$ sudo chmod ug+s mkfile <== add SUID and SGID permissions +$ ./mkfile <== run the program +Enter name of file to be create: empty +File created successfully +$ ls -l empty +-rw-rw-r-- 1 root root 0 May 26 13:15 empty +``` + +Notice that the file is owned by root — something that wouldn’t have happened if the program hadn’t run with root authority. + +The positions of the uncommon settings in the permissions string (e.g., rw **s** rw **s** rw **t** ) can help remind us what each bit means. At least the first "s" (SUID) is in the owner-permissions area and the second (SGID) is in the group-permissions area. Why the sticky bit is a "t" instead of an "s" is beyond me. Maybe the founders imagined referring to it as the "tacky bit" and changed their minds due to less flattering second definition of the word. In any case, the extra permissions settings provide a lot of additional functionality to Linux and other Unix systems. + +Join the Network World communities on [Facebook][2] and [LinkedIn][3] to comment on topics that are top of mind. + +-------------------------------------------------------------------------------- + +via: https://www.networkworld.com/article/3397790/a-deeper-dive-into-linux-permissions.html + +作者:[Sandra Henry-Stocker][a] +选题:[lujun9972][b] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]: https://www.networkworld.com/author/Sandra-Henry_Stocker/ +[b]: https://github.com/lujun9972 +[1]: https://images.idgesg.net/images/article/2019/05/shs_rwsr-100797564-large.jpg +[2]: https://www.facebook.com/NetworkWorld/ +[3]: https://www.linkedin.com/company/network-world diff --git a/sources/tech/20190527 How to write a good C main function.md b/sources/tech/20190527 How to write a good C main function.md deleted file mode 100644 index 6193f4a04a..0000000000 --- a/sources/tech/20190527 How to write a good C main function.md +++ /dev/null @@ -1,490 +0,0 @@ -[#]: collector: (lujun9972) -[#]: translator: (MjSeven) -[#]: reviewer: ( ) -[#]: publisher: ( ) -[#]: url: ( ) -[#]: subject: (How to write a good C main function) -[#]: via: (https://opensource.com/article/19/5/how-write-good-c-main-function) -[#]: author: (Erik O'Shaughnessy https://opensource.com/users/jnyjny) - -How to write a good C main function -====== -Learn how to structure a C file and write a C main function that handles -command line arguments like a champ. -![Hand drawing out the word "code"][1] - -I know, Python and JavaScript are what the kids are writing all their crazy "apps" with these days. But don't be so quick to dismiss C—it's a capable and concise language that has a lot to offer. If you need speed, writing in C could be your answer. If you are looking for job security and the opportunity to learn how to hunt down [null pointer dereferences][2], C could also be your answer! In this article, I'll explain how to structure a C file and write a C main function that handles command line arguments like a champ. - -**Me** : a crusty Unix system programmer. -**You** : someone with an editor, a C compiler, and some time to kill. - -_Let's do this._ - -### A boring but correct C program - -![Parody O'Reilly book cover, "Hating Other People's Code"][3] - -A C program starts with a **main()** function, usually kept in a file named **main.c**. - - -``` -/* main.c */ -int main(int argc, char *argv[]) { - -} -``` - -This program _compiles_ but doesn't _do_ anything. - - -``` -$ gcc main.c -$ ./a.out -o foo -vv -$ -``` - -Correct and boring. - -### Main functions are unique - -The **main()** function is the first function in your program that is executed when it begins executing, but it's not the first function executed. The _first_ function is **_start()** , which is typically provided by the C runtime library, linked in automatically when your program is compiled. The details are highly dependent on the operating system and compiler toolchain, so I'm going to pretend I didn't mention it. - -The **main()** function has two arguments that traditionally are called **argc** and **argv** and return a signed integer. Most Unix environments expect programs to return **0** (zero) on success and **-1** (negative one) on failure. - -Argument | Name | Description ----|---|--- -argc | Argument count | Length of the argument vector -argv | Argument vector | Array of character pointers - -The argument vector, **argv** , is a tokenized representation of the command line that invoked your program. In the example above, **argv** would be a list of the following strings: - - -``` -`argv = [ "/path/to/a.out", "-o", "foo", "-vv" ];` -``` - -The argument vector is guaranteed to always have at least one string in the first index, **argv[0]** , which is the full path to the program executed. - -### Anatomy of a main.c file - -When I write a **main.c** from scratch, it's usually structured like this: - - -``` -/* main.c */ -/* 0 copyright/licensing */ -/* 1 includes */ -/* 2 defines */ -/* 3 external declarations */ -/* 4 typedefs */ -/* 5 global variable declarations */ -/* 6 function prototypes */ - -int main(int argc, char *argv[]) { -/* 7 command-line parsing */ -} - -/* 8 function declarations */ -``` - -I'll talk about each of these numbered sections, except for zero, below. If you have to put copyright or licensing text in your source, put it there. - -Another thing I won't talk about adding to your program is comments. - - -``` -"Comments lie." -\- A cynical but smart and good looking programmer. -``` - -Instead of comments, use meaningful function and variable names. - -Appealing to the inherent laziness of programmers, once you add comments, you've doubled your maintenance load. If you change or refactor the code, you need to update or expand the comments. Over time, the code mutates away from anything resembling what the comments describe. - -If you have to write comments, do not write about _what_ the code is doing. Instead, write about _why_ the code is doing what it's doing. Write comments that you would want to read five years from now when you've forgotten everything about this code. And the fate of the world is depending on you. _No pressure_. - -#### 1\. Includes - -The first things I add to a **main.c** file are includes to make a multitude of standard C library functions and variables available to my program. The standard C library does lots of things; explore header files in **/usr/include** to find out what it can do for you. - -The **#include** string is a [C preprocessor][4] (cpp) directive that causes the inclusion of the referenced file, in its entirety, in the current file. Header files in C are usually named with a **.h** extension and should not contain any executable code; only macros, defines, typedefs, and external variable and function prototypes. The string **< header.h>** tells cpp to look for a file called **header.h** in the system-defined header path, usually **/usr/include**. - - -``` -/* main.c */ -#include -#include -#include -#include -#include -#include -#include -#include -``` - -This is the minimum set of global includes that I'll include by default for the following stuff: - -#include File | Stuff It Provides ----|--- -stdio | Supplies FILE, stdin, stdout, stderr, and the fprint() family of functions -stdlib | Supplies malloc(), calloc(), and realloc() -unistd | Supplies EXIT_FAILURE, EXIT_SUCCESS -libgen | Supplies the basename() function -errno | Defines the external errno variable and all the values it can take on -string | Supplies memcpy(), memset(), and the strlen() family of functions -getopt | Supplies external optarg, opterr, optind, and getopt() function -sys/types | Typedef shortcuts like uint32_t and uint64_t - -#### 2\. Defines - - -``` -/* main.c */ -<...> - -#define OPTSTR "vi⭕f:h" -#define USAGE_FMT "%s [-v] [-f hexflag] [-i inputfile] [-o outputfile] [-h]" -#define ERR_FOPEN_INPUT "fopen(input, r)" -#define ERR_FOPEN_OUTPUT "fopen(output, w)" -#define ERR_DO_THE_NEEDFUL "do_the_needful blew up" -#define DEFAULT_PROGNAME "george" -``` - -This doesn't make a lot of sense right now, but the **OPTSTR** define is where I will state what command line switches the program will recommend. Consult the [**getopt(3)**][5] man page to learn how **OPTSTR** will affect **getopt()** 's behavior. - -The **USAGE_FMT** define is a **printf()** -style format string that is referenced in the **usage()** function. - -I also like to gather string constants as **#defines** in this part of the file. Collecting them makes it easier to fix spelling, reuse messages, and internationalize messages, if required. - -Finally, use all capital letters when naming a **#define** to distinguish it from variable and function names. You can run the words together if you want or separate words with an underscore; just make sure they're all upper case. - -#### 3\. External declarations - - -``` -/* main.c */ -<...> - -extern int errno; -extern char *optarg; -extern int opterr, optind; -``` - -An **extern** declaration brings that name into the namespace of the current compilation unit (aka "file") and allows the program to access that variable. Here we've brought in the definitions for three integer variables and a character pointer. The **opt** prefaced variables are used by the **getopt()** function, and **errno** is used as an out-of-band communication channel by the standard C library to communicate why a function might have failed. - -#### 4\. Typedefs - - -``` -/* main.c */ -<...> - -typedef struct { -int verbose; -uint32_t flags; -FILE *input; -FILE *output; -} options_t; -``` - -After external declarations, I like to declare **typedefs** for structures, unions, and enumerations. Naming a **typedef** is a religion all to itself; I strongly prefer a **_t** suffix to indicate that the name is a type. In this example, I've declared **options_t** as a **struct** with four members. C is a whitespace-neutral programming language, so I use whitespace to line up field names in the same column. I just like the way it looks. For the pointer declarations, I prepend the asterisk to the name to make it clear that it's a pointer. - -#### 5\. Global variable declarations - - -``` -/* main.c */ -<...> - -int dumb_global_variable = -11; -``` - -Global variables are a bad idea and you should never use them. But if you have to use a global variable, declare them here and be sure to give them a default value. Seriously, _don't use global variables_. - -#### 6\. Function prototypes - - -``` -/* main.c */ -<...> - -void usage(char *progname, int opt); -int do_the_needful(options_t *options); -``` - -As you write functions, adding them after the **main()** function and not before, include the function prototypes here. Early C compilers used a single-pass strategy, which meant that every symbol (variable or function name) you used in your program had to be declared before you used it. Modern compilers are nearly all multi-pass compilers that build a complete symbol table before generating code, so using function prototypes is not strictly required. However, you sometimes don't get to choose what compiler is used on your code, so write the function prototypes and drive on. - -As a matter of course, I always include a **usage()** function that **main()** calls when it doesn't understand something you passed in from the command line. - -#### 7\. Command line parsing - - -``` -/* main.c */ -<...> - -int main(int argc, char *argv[]) { -int opt; -options_t options = { 0, 0x0, stdin, stdout }; - -opterr = 0; - -while ((opt = getopt(argc, argv, OPTSTR)) != EOF) -switch(opt) { -case 'i': -if (!(options.input = [fopen][6](optarg, "r")) ){ -[perror][7](ERR_FOPEN_INPUT); -[exit][8](EXIT_FAILURE); -/* NOTREACHED */ -} -break; - -case 'o': -if (!(options.output = [fopen][6](optarg, "w")) ){ -[perror][7](ERR_FOPEN_OUTPUT); -[exit][8](EXIT_FAILURE); -/* NOTREACHED */ -} -break; - -case 'f': -options.flags = (uint32_t )[strtoul][9](optarg, NULL, 16); -break; - -case 'v': -options.verbose += 1; -break; - -case 'h': -default: -usage(basename(argv[0]), opt); -/* NOTREACHED */ -break; -} - -if (do_the_needful(&options) != EXIT_SUCCESS) { -[perror][7](ERR_DO_THE_NEEDFUL); -[exit][8](EXIT_FAILURE); -/* NOTREACHED */ -} - -return EXIT_SUCCESS; -} -``` - -OK, that's a lot. The purpose of the **main()** function is to collect the arguments that the user provides, perform minimal input validation, and then pass the collected arguments to functions that will use them. This example declares an **options** variable initialized with default values and parse the command line, updating **options** as necessary. - -The guts of this **main()** function is a **while** loop that uses **getopt()** to step through **argv** looking for command line options and their arguments (if any). The **OPTSTR** **#define** earlier in the file is the template that drives **getopt()** 's behavior. The **opt** variable takes on the character value of any command line options found by **getopt()** , and the program's response to the detection of the command line option happens in the **switch** statement. - -Those of you paying attention will now be questioning why **opt** is declared as a 32-bit **int** but is expected to take on an 8-bit **char**? It turns out that **getopt()** returns an **int** that takes on a negative value when it gets to the end of **argv** , which I check against **EOF** (the _End of File_ marker). A **char** is a signed quantity, but I like matching variables to their function return values. - -When a known command line option is detected, option-specific behavior happens. Some options have an argument, specified in **OPTSTR** with a trailing colon. When an option has an argument, the next string in **argv** is available to the program via the externally defined variable **optarg**. I use **optarg** to open files for reading and writing or converting a command line argument from a string to an integer value. - -There are a couple of points for style here: - - * Initialize **opterr** to 0, which disables **getopt** from emiting a **?**. - * Use **exit(EXIT_FAILURE);** or **exit(EXIT_SUCCESS);** in the middle of **main()**. - * **/* NOTREACHED */** is a lint directive that I like. - * Use **return EXIT_SUCCESS;** at the end of functions that return **int**. - * Explicitly cast implicit type conversions. - - - -The command line signature for this program, if it were compiled, would look something like this: - - -``` -$ ./a.out -h -a.out [-v] [-f hexflag] [-i inputfile] [-o outputfile] [-h] -``` - -In fact, that's what **usage()** will emit to **stderr** once compiled. - -#### 8\. Function declarations - - -``` -/* main.c */ -<...> - -void usage(char *progname, int opt) { -[fprintf][10](stderr, USAGE_FMT, progname?progname:DEFAULT_PROGNAME); -[exit][8](EXIT_FAILURE); -/* NOTREACHED */ -} - -int do_the_needful(options_t *options) { - -if (!options) { -errno = EINVAL; -return EXIT_FAILURE; -} - -if (!options->input || !options->output) { -errno = ENOENT; -return EXIT_FAILURE; -} - -/* XXX do needful stuff */ - -return EXIT_SUCCESS; -} -``` - -Finally, I write functions that aren't boilerplate. In this example, function **do_the_needful()** accepts a pointer to an **options_t** structure. I validate that the **options** pointer is not **NULL** and then go on to validate the **input** and **output** structure members. **EXIT_FAILURE** returns if either test fails and, by setting the external global variable **errno** to a conventional error code, I signal to the caller a general reason. The convenience function **perror()** can be used by the caller to emit human-readable-ish error messages based on the value of **errno**. - -Functions should almost always validate their input in some way. If full validation is expensive, try to do it once and treat the validated data as immutable. The **usage()** function validates the **progname** argument using a conditional assignment in the **fprintf()** call. The **usage()** function is going to exit anyway, so I don't bother setting **errno** or making a big stink about using a correct program name. - -The big class of errors I am trying to avoid here is de-referencing a **NULL** pointer. This will cause the operating system to send a special signal to my process called **SYSSEGV** , which results in unavoidable death. The last thing users want to see is a crash due to **SYSSEGV**. It's much better to catch a **NULL** pointer in order to emit better error messages and shut down the program gracefully. - -Some people complain about having multiple **return** statements in a function body. They make arguments about "continuity of control flow" and other stuff. Honestly, if something goes wrong in the middle of a function, it's a good time to return an error condition. Writing a ton of nested **if** statements to just have one return is never a "good idea."™ - -Finally, if you write a function that takes four or more arguments, consider bundling them in a structure and passing a pointer to the structure. This makes the function signatures simpler, making them easier to remember and not screw up when they're called later. It also makes calling the function slightly faster, since fewer things need to be copied into the function's stack frame. In practice, this will only become a consideration if the function is called millions or billions of times. Don't worry about it if that doesn't make sense. - -### Wait, you said no comments!?!! - -In the **do_the_needful()** function, I wrote a specific type of comment that is designed to be a placeholder rather than documenting the code: - - -``` -`/* XXX do needful stuff */` -``` - -When you are in the zone, sometimes you don't want to stop and write some particularly gnarly bit of code. You'll come back and do it later, just not now. That's where I'll leave myself a little breadcrumb. I insert a comment with a **XXX** prefix and a short remark describing what needs to be done. Later on, when I have more time, I'll grep through source looking for **XXX**. It doesn't matter what you use, just make sure it's not likely to show up in your codebase in another context, as a function name or variable, for instance. - -### Putting it all together - -OK, this program _still_ does almost nothing when you compile and run it. But now you have a solid skeleton to build your own command line parsing C programs. - - -``` -/* main.c - the complete listing */ - -#include -#include -#include -#include -#include -#include -#include - -#define OPTSTR "vi⭕f:h" -#define USAGE_FMT "%s [-v] [-f hexflag] [-i inputfile] [-o outputfile] [-h]" -#define ERR_FOPEN_INPUT "fopen(input, r)" -#define ERR_FOPEN_OUTPUT "fopen(output, w)" -#define ERR_DO_THE_NEEDFUL "do_the_needful blew up" -#define DEFAULT_PROGNAME "george" - -extern int errno; -extern char *optarg; -extern int opterr, optind; - -typedef struct { -int verbose; -uint32_t flags; -FILE *input; -FILE *output; -} options_t; - -int dumb_global_variable = -11; - -void usage(char *progname, int opt); -int do_the_needful(options_t *options); - -int main(int argc, char *argv[]) { -int opt; -options_t options = { 0, 0x0, stdin, stdout }; - -opterr = 0; - -while ((opt = getopt(argc, argv, OPTSTR)) != EOF) -switch(opt) { -case 'i': -if (!(options.input = [fopen][6](optarg, "r")) ){ -[perror][7](ERR_FOPEN_INPUT); -[exit][8](EXIT_FAILURE); -/* NOTREACHED */ -} -break; - -case 'o': -if (!(options.output = [fopen][6](optarg, "w")) ){ -[perror][7](ERR_FOPEN_OUTPUT); -[exit][8](EXIT_FAILURE); -/* NOTREACHED */ -} -break; - -case 'f': -options.flags = (uint32_t )[strtoul][9](optarg, NULL, 16); -break; - -case 'v': -options.verbose += 1; -break; - -case 'h': -default: -usage(basename(argv[0]), opt); -/* NOTREACHED */ -break; -} - -if (do_the_needful(&options) != EXIT_SUCCESS) { -[perror][7](ERR_DO_THE_NEEDFUL); -[exit][8](EXIT_FAILURE); -/* NOTREACHED */ -} - -return EXIT_SUCCESS; -} - -void usage(char *progname, int opt) { -[fprintf][10](stderr, USAGE_FMT, progname?progname:DEFAULT_PROGNAME); -[exit][8](EXIT_FAILURE); -/* NOTREACHED */ -} - -int do_the_needful(options_t *options) { - -if (!options) { -errno = EINVAL; -return EXIT_FAILURE; -} - -if (!options->input || !options->output) { -errno = ENOENT; -return EXIT_FAILURE; -} - -/* XXX do needful stuff */ - -return EXIT_SUCCESS; -} -``` - -Now you're ready to write C that will be easier to maintain. If you have any questions or feedback, please share them in the comments. - --------------------------------------------------------------------------------- - -via: https://opensource.com/article/19/5/how-write-good-c-main-function - -作者:[Erik O'Shaughnessy][a] -选题:[lujun9972][b] -译者:[MjSeven](https://github.com/MjSeven) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]: https://opensource.com/users/jnyjny -[b]: https://github.com/lujun9972 -[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/code_hand_draw.png?itok=dpAf--Db (Hand drawing out the word "code") -[2]: https://www.owasp.org/index.php/Null_Dereference -[3]: https://opensource.com/sites/default/files/uploads/hatingotherpeoplescode-big.png (Parody O'Reilly book cover, "Hating Other People's Code") -[4]: https://en.wikipedia.org/wiki/C_preprocessor -[5]: https://linux.die.net/man/3/getopt -[6]: http://www.opengroup.org/onlinepubs/009695399/functions/fopen.html -[7]: http://www.opengroup.org/onlinepubs/009695399/functions/perror.html -[8]: http://www.opengroup.org/onlinepubs/009695399/functions/exit.html -[9]: http://www.opengroup.org/onlinepubs/009695399/functions/strtoul.html -[10]: http://www.opengroup.org/onlinepubs/009695399/functions/fprintf.html diff --git a/sources/tech/20190529 NVMe on Linux.md b/sources/tech/20190529 NVMe on Linux.md new file mode 100644 index 0000000000..788fe9c3fd --- /dev/null +++ b/sources/tech/20190529 NVMe on Linux.md @@ -0,0 +1,70 @@ +[#]: collector: (lujun9972) +[#]: translator: ( ) +[#]: reviewer: ( ) +[#]: publisher: ( ) +[#]: url: ( ) +[#]: subject: (NVMe on Linux) +[#]: via: (https://www.networkworld.com/article/3397006/nvme-on-linux.html) +[#]: author: (Sandra Henry-Stocker https://www.networkworld.com/author/Sandra-Henry_Stocker/) + +NVMe on Linux +====== +In case you haven't yet noticed, some incredibly fast solid-state disk technology is as available for Linux as it is for other operating systems. +![Sandra Henry-Stocker][1] + +NVMe stands for “non-volatile memory express” and is a host controller interface and storage protocol that was created to accelerate the transfer of data between enterprise and client systems and solid-state drives (SSD). It works over a computer's high-speed Peripheral Component Interconnect Express (PCIe) bus. What I see when I look at this string of letters, however, is “envy me.” And the reason for the envy is significant. + +Using NVMe, data transfer happens _much_ faster than it does with rotating drives. In fact, NVMe drives can move data seven times faster than SATA SSDs. That’s seven times faster than the SSDs that many of us are using today. This means that your systems could boot blindingly fast when an NVMe drive is serving as its boot drive. In fact, these days anyone buying a new system should probably not consider one that doesn’t come with NVMe built-in — whether a server or a PC. + +### Does NVMe work with Linux? + +Yes! NVMe has been supported in the Linux kernel since 3.3. Upgrading a system, however, generally requires that both an NVMe controller and an NVMe disk be available. Some external drives are available but need more than the typical USB port for attaching to the system. + +[MORE ON NETWORK WORLD: Linux: Best desktop distros for newbies][2] + +To check your kernel release, use a command like this: + +``` +$ uname -r +5.0.0-15-generic +``` + +If your system is NVMe-ready, you should see a device (e.g., /dev/nvme0), but only if you have an NVMe controller installed. If you don’t have an NVMe controller, you can still get some information on your NVMe-readiness using this command: + +``` +$ modinfo nvme | head -6 +filename: /lib/modules/5.0.0-15-generic/kernel/drivers/nvme/host/nvme.ko +version: 1.0 +license: GPL +author: Matthew Wilcox +srcversion: AA383008D5D5895C2E60523 +alias: pci:v0000106Bd00002003sv*sd*bc*sc*i* +``` + +### Learn more + +More details on what you need to know about the insanely fast NVMe storage option are available on _[PCWorld][3]._ + +Specs, white papers and other resources are available at [NVMexpress.org][4]. + +Join the Network World communities on [Facebook][5] and [LinkedIn][6] to comment on topics that are top of mind. + +-------------------------------------------------------------------------------- + +via: https://www.networkworld.com/article/3397006/nvme-on-linux.html + +作者:[Sandra Henry-Stocker][a] +选题:[lujun9972][b] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]: https://www.networkworld.com/author/Sandra-Henry_Stocker/ +[b]: https://github.com/lujun9972 +[1]: https://images.idgesg.net/images/article/2019/05/nvme-100797708-large.jpg +[2]: https://www.networkworld.com/slideshow/153439/linux-best-desktop-distros-for-newbies.html#tk.nww-infsb +[3]: https://www.pcworld.com/article/2899351/everything-you-need-to-know-about-nvme.html +[4]: https://nvmexpress.org/ +[5]: https://www.facebook.com/NetworkWorld/ +[6]: https://www.linkedin.com/company/network-world diff --git a/sources/tech/20190603 How to set up virtual environments for Python on MacOS.md b/sources/tech/20190603 How to set up virtual environments for Python on MacOS.md new file mode 100644 index 0000000000..8c54e5a6ac --- /dev/null +++ b/sources/tech/20190603 How to set up virtual environments for Python on MacOS.md @@ -0,0 +1,214 @@ +[#]: collector: (lujun9972) +[#]: translator: ( ) +[#]: reviewer: ( ) +[#]: publisher: ( ) +[#]: url: ( ) +[#]: subject: (How to set up virtual environments for Python on MacOS) +[#]: via: (https://opensource.com/article/19/6/virtual-environments-python-macos) +[#]: author: (Matthew Broberg https://opensource.com/users/mbbroberg/users/moshez/users/mbbroberg/users/moshez) + +How to set up virtual environments for Python on MacOS +====== +Save yourself a lot of confusion by managing your virtual environments +with pyenv and virtualwrapper. +![][1] + +If you're a Python developer and a MacOS user, one of your first tasks upon getting a new computer is to set up your Python development environment. Here is the best way to do it (although we have written about [other ways to manage Python environments on MacOS][2]). + +### Preparation + +First, open a terminal and enter **xcode-select --install** at its cold, uncaring prompt. Click to confirm, and you'll be all set with a basic development environment. This step is required on MacOS to set up local development utilities, including "many commonly used tools, utilities, and compilers, including make, GCC, clang, perl, svn, git, size, strip, strings, libtool, cpp, what, and many other useful commands that are usually found in default Linux installations," according to [OS X Daily][3]. + +Next, install [Homebrew][4] by executing the following Ruby script from the internet: + + +``` +`ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"` +``` + +If you, like me, have trust issues with arbitrarily running scripts from the internet, click on the script above and take a longer look to see what it does. + +Once this is done, congratulations, you have an excellent package management tool in Homebrew. Naively, you might think that you next **brew install python** or something. No, haha. Homebrew will give you a version of Python, but the version you get will be out of your control if you let the tool manage your environment for you. You want [pyenv][5], "a tool for simple Python version management," that can be installed on [many operating systems][6]. Run: + + +``` +`$ brew install pyenv` +``` + +You want pyenv to run every time you open your prompt, so include the following in your configuration files (by default on MacOS, this is **.bash_profile** in your home directory): + + +``` +$ cd ~/ +$ echo 'eval "$(pyenv init -)"' >> .bash_profile +``` + +By adding this line, every new terminal will initiate pyenv to manage the **PATH** environment variable in your terminal and insert the version of Python you want to run (as opposed to the first one that shows up in the environment. For more information, read "[How to set your $PATH variable in Linux][7].") Open a new terminal for the updated **.bash_profile** to take effect. + +Before installing your favorite version of Python, you'll want to install a couple of helpful tools: + + +``` +`$ brew install zlib sqlite` +``` + +The [zlib][8] compression algorithm and the [SQLite][9] database are dependencies for pyenv and often [cause build problems][10] when not configured correctly. Add these exports to your current terminal window to ensure the installation completes: + + +``` +$ export LDFLAGS="-L/usr/local/opt/zlib/lib -L/usr/local/opt/sqlite/lib" +$ export CPPFLAGS="-I/usr/local/opt/zlib/include -I/usr/local/opt/sqlite/include" +``` + +Now that the preliminaries are done, it's time to install a version of Python that is fit for a modern person in the modern age: + + +``` +`$ pyenv install 3.7.3` +``` + +Go have a cup of coffee. From beans you hand-roast. After you pick them. What I'm saying here is it's going to take some time. + +### Adding virtual environments + +Once it's finished, it's time to make your virtual environments pleasant to use. Without this next step, you will effectively be sharing one Python development environment for every project you work on. Using virtual environments to isolate dependency management on a per-project basis will give us more certainty and reproducibility than Python offers out of the box. For these reasons, install **virtualenvwrapper** into the Python environment: + + +``` +$ pyenv global 3.7.3 +# Be sure to keep the $() syntax in this command so it can evaluate +$ $(pyenv which python3) -m pip install virtualenvwrapper +``` + +Open your **.bash_profile** again and add the following to be sure it works each time you open a new terminal: + + +``` +# We want to regularly go to our virtual environment directory +$ echo 'export WORKON_HOME=~/.virtualenvs' >> .bash_profile +# If in a given virtual environment, make a virtual environment directory +# If one does not already exist +$ echo 'mkdir -p $WORKON_HOME' >> .bash_profile +# Activate the new virtual environment by calling this script +# Note that $USER will substitute for your current user +$ echo '. ~/.pyenv/versions/3.7.3/bin/virtualenvwrapper.sh' >> .bash_profile +``` + +Close the terminal and open a new one (or run **exec /bin/bash -l** to refresh the current terminal session), and you'll see **virtualenvwrapper** initializing the environment: + + +``` +$ exec /bin/bash -l +virtualenvwrapper.user_scripts creating /Users/moshe/.virtualenvs/premkproject +virtualenvwrapper.user_scripts creating /Users/moshe/.virtualenvs/postmkproject +virtualenvwrapper.user_scripts creating /Users/moshe/.virtualenvs/initialize +virtualenvwrapper.user_scripts creating /Users/moshe/.virtualenvs/premkvirtualenv +virtualenvwrapper.user_scripts creating /Users/moshe/.virtualenvs/postmkvirtualenv +virtualenvwrapper.user_scripts creating /Users/moshe/.virtualenvs/prermvirtualenv +virtualenvwrapper.user_scripts creating /Users/moshe/.virtualenvs/postrmvirtualenv +virtualenvwrapper.user_scripts creating /Users/moshe/.virtualenvs/predeactivate +virtualenvwrapper.user_scripts creating /Users/moshe/.virtualenvs/postdeactivate +virtualenvwrapper.user_scripts creating /Users/moshe/.virtualenvs/preactivate +virtualenvwrapper.user_scripts creating /Users/moshe/.virtualenvs/postactivate +virtualenvwrapper.user_scripts creating /Users/moshe/.virtualenvs/get_env_details +``` + +From now on, all your work should be in a virtual environment, allowing you to use temporary environments to play around with development safely. With this toolchain, you can set up multiple projects and switch between them, depending upon what you're working on at that moment: + + +``` +$ mkvirtualenv test1 +Using base prefix '/Users/moshe/.pyenv/versions/3.7.3' +New python executable in /Users/moshe/.virtualenvs/test1/bin/python3 +Also creating executable in /Users/moshe/.virtualenvs/test1/bin/python +Installing setuptools, pip, wheel... +done. +virtualenvwrapper.user_scripts creating /Users/moshe/.virtualenvs/test1/bin/predeactivate +virtualenvwrapper.user_scripts creating /Users/moshe/.virtualenvs/test1/bin/postdeactivate +virtualenvwrapper.user_scripts creating /Users/moshe/.virtualenvs/test1/bin/preactivate +virtualenvwrapper.user_scripts creating /Users/moshe/.virtualenvs/test1/bin/postactivate +virtualenvwrapper.user_scripts creating /Users/moshe/.virtualenvs/test1/bin/get_env_details +(test1)$ mkvirtualenv test2 +Using base prefix '/Users/moshe/.pyenv/versions/3.7.3' +New python executable in /Users/moshe/.virtualenvs/test2/bin/python3 +Also creating executable in /Users/moshe/.virtualenvs/test2/bin/python +Installing setuptools, pip, wheel... +done. +virtualenvwrapper.user_scripts creating /Users/moshe/.virtualenvs/test2/bin/predeactivate +virtualenvwrapper.user_scripts creating /Users/moshe/.virtualenvs/test2/bin/postdeactivate +virtualenvwrapper.user_scripts creating /Users/moshe/.virtualenvs/test2/bin/preactivate +virtualenvwrapper.user_scripts creating /Users/moshe/.virtualenvs/test2/bin/postactivate +virtualenvwrapper.user_scripts creating /Users/moshe/.virtualenvs/test2/bin/get_env_details +(test2)$ ls $WORKON_HOME +get_env_details postmkvirtualenv premkvirtualenv +initialize postrmvirtualenv prermvirtualenv +postactivate preactivate test1 +postdeactivate predeactivate test2 +postmkproject premkproject +(test2)$ workon test1 +(test1)$ +``` + +The **deactivate** command exits you from the current environment. + +### Recommended practices + +You may already set up your long-term projects in a directory like **~/src**. When you start working on a new project, go into this directory, add a subdirectory for the project, then use the power of Bash interpretation to name the virtual environment based on your directory name. For example, for a project named "pyfun": + + +``` +$ mkdir -p ~/src/pyfun && cd ~/src/pyfun +$ mkvirtualenv $(basename $(pwd)) +# we will see the environment initialize +(pyfun)$ workon +pyfun +test1 +test2 +(pyfun)$ deactivate +$ +``` + +Whenever you want to work on this project, go back to that directory and reconnect to the virtual environment by entering: + + +``` +$ cd ~/src/pyfun +(pyfun)$ workon . +``` + +Since initializing a virtual environment means taking a point-in-time copy of your Python version and the modules that are loaded, you will occasionally want to refresh the project's virtual environment, as dependencies can change dramatically. You can do this safely by deleting the virtual environment because the source code will remain unscathed: + + +``` +$ cd ~/src/pyfun +$ rmvirtualenv $(basename $(pwd)) +$ mkvirtualenv $(basename $(pwd)) +``` + +This method of managing virtual environments with pyenv and virtualwrapper will save you from uncertainty about which version of Python you are running as you develop code locally. This is the simplest way to avoid confusion—especially when you're working with a larger team. + +If you are just beginning to configure your Python environment, read up on how to use [Python 3 on MacOS][2]. Do you have other beginner or intermediate Python questions? Leave a comment and we will consider them for the next article. + +-------------------------------------------------------------------------------- + +via: https://opensource.com/article/19/6/virtual-environments-python-macos + +作者:[Matthew Broberg][a] +选题:[lujun9972][b] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]: https://opensource.com/users/mbbroberg/users/moshez/users/mbbroberg/users/moshez +[b]: https://github.com/lujun9972 +[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/python_snake_file_box.jpg?itok=UuDVFLX- +[2]: https://opensource.com/article/19/5/python-3-default-macos +[3]: http://osxdaily.com/2014/02/12/install-command-line-tools-mac-os-x/ +[4]: https://brew.sh/ +[5]: https://github.com/pyenv/pyenv +[6]: https://github.com/pyenv/pyenv/wiki +[7]: https://opensource.com/article/17/6/set-path-linux +[8]: https://zlib.net/ +[9]: https://www.sqlite.org/index.html +[10]: https://github.com/pyenv/pyenv/wiki/common-build-problems#build-failed-error-the-python-zlib-extension-was-not-compiled-missing-the-zlib diff --git a/sources/tech/20190603 How to stream music with GNOME Internet Radio.md b/sources/tech/20190603 How to stream music with GNOME Internet Radio.md new file mode 100644 index 0000000000..fc21d82d0b --- /dev/null +++ b/sources/tech/20190603 How to stream music with GNOME Internet Radio.md @@ -0,0 +1,59 @@ +[#]: collector: (lujun9972) +[#]: translator: ( ) +[#]: reviewer: ( ) +[#]: publisher: ( ) +[#]: url: ( ) +[#]: subject: (How to stream music with GNOME Internet Radio) +[#]: via: (https://opensource.com/article/19/6/gnome-internet-radio) +[#]: author: (Alan Formy-Duval https://opensource.com/users/alanfdoss/users/r3bl) + +How to stream music with GNOME Internet Radio +====== +If you're looking for a simple, straightforward interface that gets your +streams playing, try GNOME's Internet Radio plugin. +![video editing dashboard][1] + +Internet radio is a great way to listen to stations from all over the world. Like many developers, I like to turn on a station as I code. You can listen to internet radio with a media player for the terminal like [MPlayer][2] or [mpv][3], which is what I use to listen via the Linux command line. However, if you prefer using a graphical user interface (GUI), you may want to try [GNOME Internet Radio][4], a nifty plugin for the GNOME desktop. You can find it in the package manager. + +![GNOME Internet Radio plugin][5] + +Listening to internet radio with a graphical desktop operating system generally requires you to launch an application such as [Audacious][6] or [Rhythmbox][7]. They have nice interfaces, plenty of options, and cool audio visualizers. But if you want a simple, straightforward interface that gets your streams playing, GNOME Internet Radio is for you. + +After installing it, a small icon appears in your toolbar, which is where you do all your configuration and management. + +![GNOME Internet Radio icons][8] + +The first thing I did was go to the Settings menu. I enabled the following two options: show title notifications and show volume adjustment. + +![GNOME Internet Radio Settings][9] + +GNOME Internet Radio includes a few pre-configured stations, and it is really easy to add others. Just click the ( **+** ) sign. You'll need to enter a channel name, which can be anything you prefer (including the station name), and the station address. For example, I like to listen to Synthetic FM. I enter the name, e.g., "Synthetic FM," and the stream address, i.e., . + +Then click the star next to the stream to add it to your menu. + +However you listen to music and whatever genre you choose, it is obvious—coders need their music! The GNOME Internet Radio plugin makes it simple to get your favorite internet radio station queued up. + +In honor of the Gnome desktop's 18th birthday on August 15, we've rounded up 18 reasons to toast... + +-------------------------------------------------------------------------------- + +via: https://opensource.com/article/19/6/gnome-internet-radio + +作者:[Alan Formy-Duval][a] +选题:[lujun9972][b] +译者:[译者ID](https://github.com/译者ID) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]: https://opensource.com/users/alanfdoss/users/r3bl +[b]: https://github.com/lujun9972 +[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/video_editing_folder_music_wave_play.png?itok=-J9rs-My (video editing dashboard) +[2]: https://opensource.com/article/18/12/linux-toy-mplayer +[3]: https://mpv.io/ +[4]: https://extensions.gnome.org/extension/836/internet-radio/ +[5]: https://opensource.com/sites/default/files/uploads/packagemanager_s.png (GNOME Internet Radio plugin) +[6]: https://audacious-media-player.org/ +[7]: https://help.gnome.org/users/rhythmbox/stable/ +[8]: https://opensource.com/sites/default/files/uploads/titlebaricons.png (GNOME Internet Radio icons) +[9]: https://opensource.com/sites/default/files/uploads/gnomeinternetradio_settings.png (GNOME Internet Radio Settings) diff --git a/translated/tech/20170414 5 projects for Raspberry Pi at home.md b/translated/tech/20170414 5 projects for Raspberry Pi at home.md deleted file mode 100644 index fabc841426..0000000000 --- a/translated/tech/20170414 5 projects for Raspberry Pi at home.md +++ /dev/null @@ -1,149 +0,0 @@ -[#]: collector: (lujun9972) -[#]: translator: (warmfrog) -[#]: reviewer: ( ) -[#]: publisher: ( ) -[#]: url: ( ) -[#]: subject: (5 projects for Raspberry Pi at home) -[#]: via: (https://opensource.com/article/17/4/5-projects-raspberry-pi-home) -[#]: author: (Ben Nuttall https://opensource.com/users/bennuttall) - -5 个可在家中使用的与 Raspberry Pi 相关的项目 -====================================== - -![5 projects for Raspberry Pi at home][1] - -[Raspberry Pi][2] 电脑可被用来进行多种设置用于不同的目的。明显它在教育市场帮助学生在教室中学习编程与创客技巧和创客空间方面占有一席之地,它在工作场所和工厂中有大量应用。我打算介绍五个你可能想要在你的家中构建的项目。 - -### 媒体中心 - -在人们家中人们常用 Raspberry Pi 作为媒体中心来服务多媒体文件。它很容易建立,Raspberry Pi 提供了大量的 GPU(图形处理单元)运算能力来渲染你的大屏电视上的高清电视节目和电影。将 [Kodi][3](从前的 XBMC)运行在 Raspberry Pi 上是一个很棒的方式来播放你的硬盘或网络存储上的任何媒体。你同样可以安装一个包来播放 YouTube 视频。 - -也有一些少量不同的选项,显然是 [OSMC][4](开源媒体中心)和 [LibreELEC][5],都是基于 Kodi 的。它们在放映媒体内容方面表现的都非常好,但是 OSMC 有一个更酷炫的用户界面,而 LibreElec 更轻量级。你要做的只是选择一个发行版,下载镜像并安装到一个 SD 卡中(或者仅仅使用 [NOOBS][6]),启动,然后你就准备好了。 - -![LibreElec ][7] - -LibreElec; Raspberry Pi 基金会, CC BY-SA - -![OSMC][8] - -OSMC.tv, Copyright, 凭权限使用 - -在往下走之前,你需要决定[使用哪种 Raspberry Pi 开发板][9]。这些发行版在任何 Pi(1, 2, 3, or Zero)上都能运行,视频播放在这些开发板中的任何一个上都能胜任。除了 Pi 3(和 Zero W)有内置 Wi-Fi,可察觉的不同是用户界面的反应速度,在 Pi 3 上更快。一个 Pi 2 不会慢太多,所以如果你不需要 Wi-Fi 是可以的,但是当切换菜单时,你会注意到 Pi 3 比 Pi 1 和 Zero 表现的更好。 - -### SSH 网关 - -如果你想从广域网访问你的家庭局域网的电脑和设备,你必须打开这些设备的端口来允许外部访问。在互联网中开放这些端口有安全风险,意味着你总是你总是处于被攻击、滥用或者其他各种未授权访问的风险中。然而,如果你在你的网络中安装一个 Raspberry Pi,并且设置端口映射到仅通过 SSH 访问 Pi 的端口,你可以这么用来作为一个安全的网关来跳到网络中的其他 Pi 和 PC。 - -大多数路由允许你配置端口映射规则。你需要给你的 Pi 一个固定的内网 IP 地址来设置你的路由器端口 22 映射到你的 Raspberry Pi 端口 22。如果你的网络服务提供商给你提供了一个静态 IP 地址,你能够通过 SSH 和主机的 IP 地址访问(例如,**ssh pi@123.45.56.78** )。如果你有一个域名,你可以配置一个子域名指向这个 IP 地址,所以你没必要记住它(例如,**ssh[pi@home.mydomain.com][10]**)。 - -![][11] - -然而,如果你不想将 Raspberry Pi 暴露在互联网上,你应该非常小心,不要让你的网络处于危险之中。如果你遵循一些简单的步骤来使它更安全: - -1\. 大多数人建议你更换你的登录密码(有道理,默认密码 “raspberry” 是众所周知的),但是这不能阻挡暴力攻击。你可以改变你的密码并添加一个双重验证(所以你需要你的密码_和_一个手机生成的与时间无关的密码),这么做更安全。但是,我相信最好的方法阻止入侵者访问你的 Raspberry Pi 是在你的 SSH 配置中[禁止][12][密码认证][12],这样只能通过 SSH 密匙进入。这意味着任何试图猜测你的密码尝试登录的人都不会成功。只有你的私有密匙可以访问。简单来说,很多人建议将 SSH 端口从默认的 22 换成其他的,但是通过简单的 [Nmap][13] 扫描你的 IP 地址,你信任的 SSH 端口就会暴露。 - -2\. 最好,不要在这个 Pi 上运行其他的软件,这样你不会意外暴露其他东西。如果你想要运行其他软件,你最好在网络中的其他 Pi 上运行,它们没有暴露在互联网上。确保你经常升级来保证你的包是最新的,尤其是 **openssh-server** 包,这样你的安全缺陷就被打补丁了。 - -3\. 安装 [sshblack][14] 或 [fail2ban][15] 来将任何表露出恶意的用户加入黑名单,例如试图暴力破解你的 SSH 密码。 - -一旦你是 Raspberry Pi 安全后,让它在线,你将在世界的任何地方登录你的网络。一旦你登录到你的树莓派,你可以用 SSH 访问本地网络上的局域网地址(例如,192.168.1.31)访问其他设备。如果你在这些设备上有密码,用密码就好了。如果它们同样只允许 SSH 密匙,你需要确保你的密匙通过 SSH 传播,使用 **-A** 参数:**ssh -A pi@123.45.67.89**。 - -### CCTV / 宠物相机 - -另一个很棒的家庭项目是建立一个相机模块来拍照和录视频,录制并保存文件,在内网或者外网中进行流式传输。你想这么做有很多原因,但两个常见的情况是一个家庭安防相机或监控你的宠物。 - -[Raspberry Pi 相机模块][16] 是一个优秀的配件。它提供全高清的相片和视频,包括很多高级配置,很[容易][17][编程][17]。[红外线相机][18]用于这种目的是非常理想的,通过一个红外线 LED(Pi 可以控制的),你就能够在黑暗中看见东西。 - -如果你想通过一定频率拍摄静态图片来留意某件事,你可以仅仅写一个短的 [Python][19] 脚本或者使用命令行工具 [raspistill][20], 在 [Cron][21] 中规划它多次运行。你可能想将它们保存到 [Dropbox][22] 或另一个网络服务,上传到一个网络服务器,你甚至可以创建一个[网络应用][23]来显示他们。 - -如果你想要在内网或外网中流式传输视频,那也相当简单。在 [picamera 文档][24]中(在 “web streaming” 章节)有一个简单的 MJPEG(运动的 JPEG)例子。简单下载或者拷贝代码到文件中,运行并访问 Pi 的 IP 地址的 8000 端口,你会看见你的相机的直播输出。 - -有一个更高级的流式传输项目 [pistreaming][25] 可获得,它通过在网络服务器中用 [JSMpeg][26] (一个 JavaScript 视频播放器)和一个用于相机流的单独运行的 websocket。这种方法性能更好,并且和之前的例子一样简单,但是如果要在互联网中流式传输,则需要包含更多代码,并且需要你开放两个端口。 - -一旦你的网络流建立起来,你可以将你的相机放在你想要的地方。我用一个来观察我的宠物龟: - -![Tortoise ][27] - -Ben Nuttall, CC BY-SA - -如果你想控制相机位置,你可以用一个舵机。一个优雅的方案是用 Pimoroni 的 [Pan-Tilt HAT][28],它可以让你简单的在二维方向上移动相机。为了与 pistreaming 集成,看项目的 [pantilthat 分支][29]. - -![Pan-tilt][30] - -Pimoroni.com, Copyright, Used with permission - -如果你想将你的 Pi 放到户外,你将需要一个防水的外围附件,并且需要一种给 Pi 供电的方式。POE(通过以太网提供电力)电缆是一个不错的实现方式。 - -### 家庭自动化或物联网 - -现在是 2017 年,到处都有很多物联网设备,尤其是家中。我们的电灯有 Wi-Fi,我们的面包烤箱比过去更智能,我们的茶壶处于俄国攻击的风险中,除非你确保你的设备安全,不然别将没有必要的设备连接到互联网,之后你可以在家中充分的利用物联网设备来完成自动化任务。 - -市场上有大量你可以购买或订阅的服务,像 Nest Thermostat 或 Philips Hue 电灯泡,允许你通过你的手机控制你的温度或者你的亮度,无论你是否在家。你可以用一个树莓派来催动这些设备的电源,通过一系列规则包括时间甚至是传感器来完成自动交互。用 Philips Hue ,有一件事你不能做的是当你进房间是打开灯光,但是有一个树莓派和一个运动传感器,你可以用 Python API 来打开灯光。类似,当你在家的时候你可以通过配置你的 Nest 打开加热系统,但是如果你想在房间里至少有两个人时才打开呢?写一些 Python 代码来检查网络中有哪些手机,如果至少有两个,告诉 Nest 来打开加热器。 - -不选择集成已存在的物联网设备,你可以用简单的组件来做的更多。一个自制的窃贼警报器,一个自动化的鸡笼门开关,一个夜灯,一个音乐盒,一个定时的加热灯,一个自动化的备份服务器,一个打印服务器,或者任何你能想到的。 - -### Tor 协议和屏蔽广告 - -Adafruit 的 [Onion Pi][31] 是一个 [Tor][32] 协议来使你的网络交通匿名,允许你使用互联网,而不用担心窥探者和各种形式的监视。跟随 Adafruit 的指南来设置 Onion Pi,你会找到一个舒服的匿名的浏览体验。 - -![Onion-Pi][33] - -Onion-pi from Adafruit, Copyright, Used with permission - -![Pi-hole][34] 你可以在你的网络中安装一个树莓派来拦截所有的网络交通并过滤所有广告。简单下载 [Pi-hole][35] 软件到 Pi 中,你的网络中的所有设备都将没有广告(甚至屏蔽你的移动设备应用内的广告)。 - -Raspberry Pi 在家中有很多用法。你在家里用树莓派来干什么?你想用它干什么? - -在下方评论让我们知道。 - --------------------------------------------------------------------------------- - -via: https://opensource.com/article/17/4/5-projects-raspberry-pi-home - -作者:[Ben Nuttall][a] -选题:[lujun9972][b] -译者:[warmfrog](https://github.com/warmfrog) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]: https://opensource.com/users/bennuttall -[b]: https://github.com/lujun9972 -[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/raspberry_pi_home_automation.png?itok=2TnmJpD8 (5 projects for Raspberry Pi at home) -[2]: https://www.raspberrypi.org/ -[3]: https://kodi.tv/ -[4]: https://osmc.tv/ -[5]: https://libreelec.tv/ -[6]: https://www.raspberrypi.org/downloads/noobs/ -[7]: https://opensource.com/sites/default/files/libreelec_0.png (LibreElec ) -[8]: https://opensource.com/sites/default/files/osmc.png (OSMC) -[9]: https://opensource.com/life/16/10/which-raspberry-pi-should-you-choose-your-project -[10]: mailto:pi@home.mydomain.com -[11]: https://opensource.com/sites/default/files/resize/screenshot_from_2017-04-07_15-13-01-700x380.png -[12]: http://stackoverflow.com/questions/20898384/ssh-disable-password-authentication -[13]: https://nmap.org/ -[14]: http://www.pettingers.org/code/sshblack.html -[15]: https://www.fail2ban.org/wiki/index.php/Main_Page -[16]: https://www.raspberrypi.org/products/camera-module-v2/ -[17]: https://opensource.com/life/15/6/raspberry-pi-camera-projects -[18]: https://www.raspberrypi.org/products/pi-noir-camera-v2/ -[19]: http://picamera.readthedocs.io/ -[20]: https://www.raspberrypi.org/documentation/usage/camera/raspicam/raspistill.md -[21]: https://www.raspberrypi.org/documentation/linux/usage/cron.md -[22]: https://github.com/RZRZR/plant-cam -[23]: https://github.com/bennuttall/bett-bot -[24]: http://picamera.readthedocs.io/en/release-1.13/recipes2.html#web-streaming -[25]: https://github.com/waveform80/pistreaming -[26]: http://jsmpeg.com/ -[27]: https://opensource.com/sites/default/files/tortoise.jpg (Tortoise) -[28]: https://shop.pimoroni.com/products/pan-tilt-hat -[29]: https://github.com/waveform80/pistreaming/tree/pantilthat -[30]: https://opensource.com/sites/default/files/pan-tilt.gif (Pan-tilt) -[31]: https://learn.adafruit.com/onion-pi/overview -[32]: https://www.torproject.org/ -[33]: https://opensource.com/sites/default/files/onion-pi.jpg (Onion-Pi) -[34]: https://opensource.com/sites/default/files/resize/pi-hole-250x250.png (Pi-hole) -[35]: https://pi-hole.net/ - - - diff --git a/sources/tech/20190522 Securing telnet connections with stunnel.md b/translated/tech/20190522 Securing telnet connections with stunnel.md similarity index 51% rename from sources/tech/20190522 Securing telnet connections with stunnel.md rename to translated/tech/20190522 Securing telnet connections with stunnel.md index 526d72109e..cc637cc495 100644 --- a/sources/tech/20190522 Securing telnet connections with stunnel.md +++ b/translated/tech/20190522 Securing telnet connections with stunnel.md @@ -7,38 +7,38 @@ [#]: via: (https://fedoramagazine.org/securing-telnet-connections-with-stunnel/) [#]: author: (Curt Warfield https://fedoramagazine.org/author/rcurtiswarfield/) -Securing telnet connections with stunnel +使用 stunnel 保护 telnet 连接 ====== ![][1] -Telnet is a client-server protocol that connects to a remote server through TCP over port 23. Telnet does not encrypt data and is considered insecure and passwords can be easily sniffed because data is sent in the clear. However there are still legacy systems that need to use it. This is where **stunnel** comes to the rescue. +Telnet 是一种客户端-服务端协议,通过 TCP 的 23 端口连接到远程服务器。Telnet 并不加密数据,被认为是不安全的,因为数据是以明文形式发送的,所以密码很容易被嗅探。但是,仍有老旧系统需要使用它。这就是用到 **stunnel** 的地方。 -Stunnel is designed to add SSL encryption to programs that have insecure connection protocols. This article shows you how to use it, with telnet as an example. +stunnel 旨在为使用不安全连接协议的程序增加 SSL 加密。本文将以 telnet 为例介绍如何使用它。 -### Server Installation +### 服务端安装 -Install stunnel along with the telnet server and client [using sudo][2]: +[使用 sudo][2] 安装 stunnel 以及 telnet 的服务端和客户端: ``` sudo dnf -y install stunnel telnet-server telnet ``` -Add a firewall rule, entering your password when prompted: +添加防火墙规则,在提示时输入你的密码: ``` firewall-cmd --add-service=telnet --perm firewall-cmd --reload ``` -Next, generate an RSA private key and an SSL certificate: +接下来,生成 RSA 私钥和 SSL 证书: ``` openssl genrsa 2048 > stunnel.key openssl req -new -key stunnel.key -x509 -days 90 -out stunnel.crt ``` -You will be prompted for the following information one line at a time. When asked for _Common Name_ you must enter the correct host name or IP address, but everything else you can skip through by hitting the **Enter** key. +系统将一次提示你输入以下信息。当询问 _Common Name_ 时,你必须输入正确的主机名或 IP 地址,但是你可以按**回车**键跳过其他所有内容。 ``` You are about to be asked to enter information that will be @@ -57,14 +57,14 @@ Common Name (eg, your name or your server's hostname) []: Email Address [] ``` -Merge the RSA key and SSL certificate into a single _.pem_ file, and copy that to the SSL certificate directory: +将 RSA 密钥和 SSL 证书合并到单个 _.pem_ 文件中,并将其复制到 SSL 证书目录: ``` cat stunnel.crt stunnel.key > stunnel.pem sudo cp stunnel.pem /etc/pki/tls/certs/ ``` -Now it’s time to define the service and the ports to use for encrypting your connection. Choose a port that is not already in use. This example uses port 450 for tunneling telnet. Edit or create the _/etc/stunnel/telnet.conf_ file: +现在可以定义服务和用于加密连接的端口了。选择尚未使用的端口。此例使用 450 端口进行隧道传输 telnet。编辑或创建 _/etc/stunnel/telnet.conf_ : ``` cert = /etc/pki/tls/certs/stunnel.pem @@ -80,15 +80,15 @@ accept = 450 connect = 23 ``` -The **accept** option is the port the server will listen to for incoming telnet requests. The **connect** option is the internal port the telnet server listens to. +**accept** 选项是服务器将监听传入 **accept** 请求的接口。**connect** 选项是 telnet 服务器的内部监听接口。 -Next, make a copy of the systemd unit file that allows you to override the packaged version: +接下来,创建一个 systemd 单元文件的副本来覆盖原来的版本: ``` sudo cp /usr/lib/systemd/system/stunnel.service /etc/systemd/system ``` -Edit the _/etc/systemd/system/stunnel.service_ file to add two lines. These lines create a chroot jail for the service when it starts. +编辑 _/etc/systemd/system/stunnel.service_ 来添加两行。这些行在启动时为服务创建 chroot 监狱。 ``` [Unit] @@ -106,49 +106,49 @@ ExecStartPre=/usr/bin/chown -R nobody:nobody /var/run/stunnel WantedBy=multi-user.target ``` -Next, configure SELinux to listen to telnet on the new port you just specified: +接下来,配置 SELinux 以在你刚刚指定的新端口上监听 telnet: ``` sudo semanage port -a -t telnetd_port_t -p tcp 450 ``` -Finally, add a new firewall rule: +最后,添加新的防火墙规则: ``` firewall-cmd --add-port=450/tcp --perm firewall-cmd --reload ``` -Now you can enable and start telnet and stunnel. +现在你可以启用并启动 telnet 和 stunnel。 ``` systemctl enable telnet.socket stunnel@telnet.service --now ``` -A note on the _systemctl_ command is in order. Systemd and the stunnel package provide an additional [template unit file][3] by default. The template lets you drop multiple configuration files for stunnel into _/etc/stunnel_ , and use the filename to start the service. For instance, if you had a _foobar.conf_ file, you could start that instance of stunnel with _systemctl start[stunnel@foobar.service][4]_ , without having to write any unit files yourself. +要注意 _systemctl_ 命令是有序的。systemd 和 stunnel 包默认提供额外的[模板单元文件][3]。该模板允许你将 stunnel 的多个配置文件放到 _/etc/stunnel_ 中,并使用文件名启动该服务。例如,如果你有一个 _foobar.conf_ 文件,那么可以使用 _systemctl start stunnel@foobar.service_ 启动该 stunnel 实例,而无需自己编写任何单元文件。 -If you want, you can set this stunnel template service to start on boot: +如果需要,可以将此 stunnel 模板服务设置为在启动时启动: ``` systemctl enable stunnel@telnet.service ``` -### Client Installation +### 客户端安装 -This part of the article assumes you are logged in as a normal user ([with sudo privileges][2]) on the client system. Install stunnel and the telnet client: +本文的这部分假设你在客户端系统上以普通用户([拥有 sudo 权限][2])身份登录。安装 stunnel 和 telnet 客户端: ``` dnf -y install stunnel telnet ``` -Copy the _stunnel.pem_ file from the remote server to your client _/etc/pki/tls/certs_ directory. In this example, the IP address of the remote telnet server is 192.168.1.143. +将 _stunnel.pem_ 从远程服务器复制到客户端的 _/etc/pki/tls/certs_ 目录。在此例中,远程 telnet 服务器的 IP 地址为 192.168.1.143。 ``` sudo scp myuser@192.168.1.143:/etc/pki/tls/certs/stunnel.pem /etc/pki/tls/certs/ ``` -Create the _/etc/stunnel/telnet.conf_ file: +创建 _/etc/stunnel/telnet.conf_: ``` cert = /etc/pki/tls/certs/stunnel.pem @@ -158,15 +158,15 @@ accept=450 connect=192.168.1.143:450 ``` -The **accept** option is the port that will be used for telnet sessions. The **connect** option is the IP address of your remote server and the port it’s listening on. +**accept** 选项是用于 telnet 会话的端口。**connect** 选项是你远程服务器的 IP 地址以及监听的端口。 -Next, enable and start stunnel: +接下来,启用并启动 stunnel: ``` systemctl enable stunnel@telnet.service --now ``` -Test your connection. Since you have a connection established, you will telnet to _localhost_ instead of the hostname or IP address of the remote telnet server: +测试你的连接。由于有一条已建立的连接,你会 telnet 到 _localhost_ 而不是远程 telnet 服务器的主机名或者 IP 地址。 ``` [user@client ~]$ telnet localhost 450 @@ -189,7 +189,7 @@ via: https://fedoramagazine.org/securing-telnet-connections-with-stunnel/ 作者:[Curt Warfield][a] 选题:[lujun9972][b] -译者:[译者ID](https://github.com/译者ID) +译者:[geekpi](https://github.com/geekpi) 校对:[校对者ID](https://github.com/校对者ID) 本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 @@ -199,4 +199,3 @@ via: https://fedoramagazine.org/securing-telnet-connections-with-stunnel/ [1]: https://fedoramagazine.org/wp-content/uploads/2019/05/stunnel-816x345.jpg [2]: https://fedoramagazine.org/howto-use-sudo/ [3]: https://fedoramagazine.org/systemd-template-unit-files/ -[4]: mailto:stunnel@foobar.service diff --git a/translated/tech/20190527 How to write a good C main function.md b/translated/tech/20190527 How to write a good C main function.md new file mode 100644 index 0000000000..8cce949bfc --- /dev/null +++ b/translated/tech/20190527 How to write a good C main function.md @@ -0,0 +1,479 @@ +[#]: collector: (lujun9972) +[#]: translator: (MjSeven) +[#]: reviewer: ( ) +[#]: publisher: ( ) +[#]: url: ( ) +[#]: subject: (How to write a good C main function) +[#]: via: (https://opensource.com/article/19/5/how-write-good-c-main-function) +[#]: author: (Erik O'Shaughnessy https://opensource.com/users/jnyjny) + +如何写好 C main 函数 +====== +学习如何构造一个 C 文件并编写一个 C main 函数来处理命令行参数,像 champ 一样。 +(to 校正:champ 是一个命令行程序吗?但我并没有找到,这里按一个程序来解释了) +![Hand drawing out the word "code"][1] + +我知道,现在孩子们用 Python 和 JavaScript 编写他们疯狂的“应用程序”。但是不要这么快就否定 C 语言-- 它能够提供很多东西,并且简洁。如果你需要速度,用 C 语言编写可能就是你的答案。如果你正在寻找工作保障或者学习如何捕获[空指针解引用][2],C 语言也可能是你的答案!在本文中,我将解释如何构造一个 C 文件并编写一个 C main 函数来处理像 champ 这样的命令行参数。 + +**我**:一个顽固的 Unix 系统程序员。 +**你**:一个有编辑器,C 编译器,并有时间打发的人。 + +_让我们开工吧。_ + +### 一个无聊但正确的 C 程序 + +![Parody O'Reilly book cover, "Hating Other People's Code"][3] + +一个 C 程序以 **main()** 函数开头,通常保存在名为 **main.c** 的文件中。 + +``` +/* main.c */ +int main(int argc, char *argv[]) { + +} +``` + +这个程序会 _编译_ 但不 _执行_ 任何操作。 + +``` +$ gcc main.c +$ ./a.out -o foo -vv +$ +``` + +正确但无聊。 + +### main 函数是唯一的。 + +**main()** 函数是程序开始执行时执行的第一个函数,但不是第一个执行的函数。_第一个_ 函数是 **_start()**,它通常由 C 运行库提供,在编译程序时自动链接。此细节高度依赖于操作系统和编译器工具链,所以我假装没有提到它。 + +**main()** 函数有两个参数,通常称为 **argc** 和 **argv**,并返回一个有符号整数。大多数 Unix 环境都希望程序在成功时返回 **0**(零),失败时返回 **-1**(负一)。 + +参数 | 名称 | 描述 +---|---|--- +argc | 参数个数 | 参数向量的个数 +argv | 参数向量 | 字符指针数组 + +参数向量 **argv** 是调用程序的命令行的标记化表示形式。在上面的例子中,**argv** 将是以下字符串的列表: + + +``` +`argv = [ "/path/to/a.out", "-o", "foo", "-vv" ];` +``` + +参数向量保证在第一个索引中始终至少有一个字符串 **argv[0]**,这是执行程序的完整路径。 + +### main.c 文件的剖析 + +当我从头开始编写 **main.c** 时,它的结构通常如下: + +``` +/* main.c */ +/* 0 copyright/licensing */ +/* 1 includes */ +/* 2 defines */ +/* 3 external declarations */ +/* 4 typedefs */ +/* 5 全局变量声明 */ +/* 6 函数原型 */ + +int main(int argc, char *argv[]) { +/* 7 命令行解析 */ +} + +/* 8 函数声明 */ +``` + +下面我将讨论这些编号的各个部分,除了编号为 0 的那部分。如果你必须把版权或许可文本放在源代码中,那就放在那里。 + +另一件我不想谈论的事情是注释。 + +``` +"Comments lie." +\- A cynical but smart and good looking programmer. +``` + +使用有意义的函数名和变量名而不是注释。 + +为了迎合程序员固有的惰性,一旦添加了注释,维护负荷就会增加一倍。如果更改或重构代码,则需要更新或扩展注释。随着时间的推移,代码会发生变化,与注释所描述的内容完全不同。 + +如果你必须写注释,不要写关于代码正在做 _什么_,相反,写下 _为什么_ 代码需要这样写。写一些你想在五年后读到的注释,那时你已经将这段代码忘得一干二净。世界的命运取决于你。_不要有压力。_ + +#### 1\. Includes + +我添加到 **main.c** 文件的第一个东西是 include 文件,它们为程序提供大量标准 C 标准库函数和变量。C 标准库做了很多事情。浏览 **/usr/include** 中的头文件,了解它们可以为你做些什么。 + +**#include** 字符串是 [C 预处理程序][4](cpp)指令,它会将引用的文件完整地包含在当前文件中。C 中的头文件通常以 **.h** 扩展名命名,且不应包含任何可执行代码。它只有宏、定义、typedef、外部变量和函数原型。字符串 **** 告诉 cpp 在系统定义的头文件路径中查找名为 **header.h** 的文件,通常在 **/usr/include** 目录中。 + + +``` +/* main.c */ +#include +#include +#include +#include +#include +#include +#include +#include +``` + +以下内容是我默认会包含的最小全局 include 集合: + +#include 文件 | 提供的东西 +---|--- +stdio | 提供 FILE, stdin, stdout, stderr 和 fprint() 函数系列 +stdlib | 提供 malloc(), calloc() 和 realloc() +unistd | 提供 EXIT_FAILURE, EXIT_SUCCESS +libgen | 提供 basename() 函数 +errno | 定义外部 errno 变量及其可以接受的所有值 +string | 提供 memcpy(), memset() 和 strlen() 函数系列 +getopt | 提供 外部 optarg, opterr, optind 和 getopt() 函数 +sys/types | 类型定义快捷方式,如 uint32_t 和 uint64_t + +#### 2\. Defines + +``` +/* main.c */ +<...> + +#define OPTSTR "vi⭕f:h" +#define USAGE_FMT "%s [-v] [-f hexflag] [-i inputfile] [-o outputfile] [-h]" +#define ERR_FOPEN_INPUT "fopen(input, r)" +#define ERR_FOPEN_OUTPUT "fopen(output, w)" +#define ERR_DO_THE_NEEDFUL "do_the_needful blew up" +#define DEFAULT_PROGNAME "george" +``` + +这在现在没有多大意义,但 **OPTSTR** 定义是我说明程序将推荐的命令行切换。参考 [**getopt(3)**][5] man 页面,了解 **OPTSTR** 将如何影响 **getopt()** 的行为。 + +**USAGE_FMT** 定义了一个 **printf()** 风格形式的格式字符串,在 **usage()** 函数中被引用。 + +我还喜欢将字符串常量放在文件的这一部分作为 **#defines**。如果需要,收集它们可以更容易地修复拼写、重用消息和国际化消息。 + +最后,在命名 **#define** 时使用全部大写字母,以区别变量和函数名。如果需要,可以将单词放在一起或使用下划线分隔,只要确保它们都是大写的就行。 + +#### 3\. 外部声明 + + +``` +/* main.c */ +<...> + +extern int errno; +extern char *optarg; +extern int opterr, optind; +``` + +**extern** 声明将该名称带入当前编译单元的命名空间(也称为 "file"),并允许程序访问该变量。这里我们引入了三个整数变量和一个字符指针的定义。**getopt()** 函数使用 **opt** 前缀变量,C 标准库使用 **errno** 作为带外通信通道来传达函数可能的失败原因。 + +#### 4\. Typedefs + + +``` +/* main.c */ +<...> + +typedef struct { +int verbose; +uint32_t flags; +FILE *input; +FILE *output; +} options_t; +``` + +在外部声明之后,我喜欢为结构、联合和枚举声明 **typedefs**。命名 **typedef** 本身就是一种传统行为。我非常喜欢 **_t** 后缀来表示该名称是一种类型。在这个例子中,我将 **options_t** 声明为一个包含 4 个成员的 **struct**。C 是一种与空格无关的编程语言,因此我使用空格将字段名排列在同一列中。我只是喜欢它的样子。对于指针声明,我在名称前面加上星号,以明确它是一个指针。 + +#### 5\. 全局变量声明 + + +``` +/* main.c */ +<...> + +int dumb_global_variable = -11; +``` + +全局变量是一个坏主意,你永远不应该使用它们。但如果你必须使用全局变量,请在这里声明并确保给它们一个默认值。说真的,_不要使用全局变量_。 + +#### 6\. 函数原型 + + +``` +/* main.c */ +<...> + +void usage(char *progname, int opt); +int do_the_needful(options_t *options); +``` + +在编写函数时,将它们添加到 **main()** 函数之后而不是之前,这里放函数原型。早期的 C 编译器使用单遍策略,这意味着你在程序中使用的每个符号(变量或函数名称)必须在使用之前声明。现代编译器几乎都是多遍编译器,它们在生成代码之前构建一个完整的符号表,因此并不严格要求使用函数原型。但是,有时你无法选择代码中使用的编译器,所以请编写函数原型并继续。 + +当然,我总是包含一个 **usage()** 函数,当 **main()** 函数不理解你从命令行传入的内容时,它会调用这个函数。 + +#### 7\. 命令行解析 + + +``` +/* main.c */ +<...> + +int main(int argc, char *argv[]) { +int opt; +options_t options = { 0, 0x0, stdin, stdout }; + +opterr = 0; + +while ((opt = getopt(argc, argv, OPTSTR)) != EOF) +switch(opt) { +case 'i': +if (!(options.input = [fopen][6](optarg, "r")) ){ +[perror][7](ERR_FOPEN_INPUT); +[exit][8](EXIT_FAILURE); +/* NOTREACHED */ +} +break; + +case 'o': +if (!(options.output = [fopen][6](optarg, "w")) ){ +[perror][7](ERR_FOPEN_OUTPUT); +[exit][8](EXIT_FAILURE); +/* NOTREACHED */ +} +break; + +case 'f': +options.flags = (uint32_t )[strtoul][9](optarg, NULL, 16); +break; + +case 'v': +options.verbose += 1; +break; + +case 'h': +default: +usage(basename(argv[0]), opt); +/* NOTREACHED */ +break; +} + +if (do_the_needful(&options) != EXIT_SUCCESS) { +[perror][7](ERR_DO_THE_NEEDFUL); +[exit][8](EXIT_FAILURE); +/* NOTREACHED */ +} + +return EXIT_SUCCESS; +} +``` + +好吧,代码有点多。**main()** 函数的目的是收集用户提供的参数,执行最小的输入验证,然后将收集的参数传递给使用它们的函数。这个示例声明使用默认值初始化的 **options** 变量,并解析命令行,根据需要更新 **options**。 + +**main()** 函数的核心是一个 **while** 循环,它使用 **getopt()** 来遍历 **argv**,寻找命令行选项及其参数(如果有的话)。文件前面的 **OPTSTR** **#define** 是驱动 **getopt()** 行为的模板。**opt** 变量接受 **getopt()** 找到的任何命令行选项的字符值,程序对检测命令行选项的响应发生在 **switch** 语句中。 + +现在你注意到了可能会问,为什么 **opt** 被声明为 32 位 **int**,但是预期是 8 位 **char**?事实上 **getopt()** 返回一个 **int**,当它到达 **argv** 末尾时取负值,我会使用 **EOF**(_文件末尾_ 标记)匹配。**char** 是有符号的,但我喜欢将变量匹配到它们的函数返回值。 + +当检测到一个已知的命令行选项时,会发生特定的行为。有些选项有一个参数,在 **OPTSTR** 中指定了一个以冒号结尾的参数。当一个选项有一个参数时,**argv** 中的下一个字符串可以通过外部定义的变量 **optarg** 提供给程序。我使用 **optarg** 打开文件进行读写,或者将命令行参数从字符串转换为整数值。 + +这里有几个关于风格的要点: + + * 将 **opterr** 初始化为 0,禁止 **getopt** 发出 **?**。 + * 在 **main()** 的中间使用 **exit(EXIT_FAILURE);** 或 **exit(EXIT_SUCCESS);**。 + * **/* NOTREACHED */** 是我喜欢的一个 lint 指令。 + * 在函数末尾使用 **return EXIT_SUCCESS;** 返回一个 int 类型。 + * 显示强制转换隐式类型。 + +这个程序的命令行签名经过编译如下所示: +``` +$ ./a.out -h +a.out [-v] [-f hexflag] [-i inputfile] [-o outputfile] [-h] +``` + +事实上,**usage()** 在编译后就会向 **stderr** 发出这样的命令。 + +#### 8\. 函数声明 + +``` +/* main.c */ +<...> + +void usage(char *progname, int opt) { +[fprintf][10](stderr, USAGE_FMT, progname?progname:DEFAULT_PROGNAME); +[exit][8](EXIT_FAILURE); +/* NOTREACHED */ +} + +int do_the_needful(options_t *options) { + +if (!options) { +errno = EINVAL; +return EXIT_FAILURE; +} + +if (!options->input || !options->output) { +errno = ENOENT; +return EXIT_FAILURE; +} + +/* XXX do needful stuff */ + +return EXIT_SUCCESS; +} +``` + +最后,我编写的函数不是样板函数。在本例中,函数 **do_the_needful()** 接受指向 **options_t** 结构的指针。我验证 **options** 指针不为 **NULL**,然后继续验证 **input** 和 **output** 结构成员。如果其中一个测试失败,返回 **EXIT_FAILURE**,并且通过将外部全局变量 **errno** 设置为常规错误代码,我向调用者发出一个原因的信号。调用者可以使用便捷函数 **perror()** 来根据 **errno** 的值发出人类可读的错误消息。 + +函数几乎总是以某种方式验证它们的输入。如果完全验证代价很大,那么尝试执行一次并将验证后的数据视为不可变。**usage()** 函数使用 **fprintf()** 调用中的条件赋值验证 **progname** 参数。**usage()** 函数无论如何都要退出,所以我不需要设置 **errno** 或为使用正确的程序名大吵一场。 + +在这里,我要避免的最大错误是取消引用 **NULL** 指针。这将导致操作系统向我的进程发送一个名为 **SYSSEGV** 的特殊信号,导致不可避免的死亡。用户希望看到的是由 **SYSSEGV** 引起的崩溃。为了发出更好的错误消息并优雅地关闭程序,捕获 **NULL** 指针要好得多。 + +有些人抱怨在函数体中有多个 **return** 语句,他们争论“控制流的连续性”和其他东西。老实说,如果函数中间出现错误,那么这个时候是返回错误条件的好时机。写一大堆嵌套的 **if** 语句只有一个 return 绝不是一个“好主意。”™ + +最后,如果您编写的函数接受四个或更多参数,请考虑将它们绑定到一个结构中,并传递一个指向该结构的指针。这使得函数签名更简单,更容易记住,并且在以后调用时不会出错。它还使调用函数速度稍微快一些,因为需要复制到函数堆栈中的东西更少。在实践中,只有在函数被调用数百万或数十亿次时,才会考虑这个问题。如果认为这没有意义,那么不要担心。 + +### 等等,你说没有注释 !?!! + +在 **do_the_needful()** 函数中,我写了一种特殊类型的注释,它被设计为占位符而不是记录代码: + + +``` +`/* XXX do needful stuff */` +``` + +当你在该区域时,有时你不想停下来编写一些特别复杂的代码,你会之后再写,而不是现在。那就是我留给自己一点面包屑的地方。我插入一个带有 **XXX** 前缀的注释和一个描述需要做什么的简短注释。之后,当我有更多时间的时候,我会在源代码中寻找 **XXX**。使用什么并不重要,只要确保它不太可能在另一个上下文中以函数名或变量形式显示在代码库中。 + +### 把它们放在一起 + +好吧,当你编译这个程序后,它 _仍_ 仍几乎没有任何作用。但是现在你有了一个坚实的骨架来构建你自己的命令行解析 C 程序。 + +``` +/* main.c - the complete listing */ + +#include +#include +#include +#include +#include +#include +#include + +#define OPTSTR "vi⭕f:h" +#define USAGE_FMT "%s [-v] [-f hexflag] [-i inputfile] [-o outputfile] [-h]" +#define ERR_FOPEN_INPUT "fopen(input, r)" +#define ERR_FOPEN_OUTPUT "fopen(output, w)" +#define ERR_DO_THE_NEEDFUL "do_the_needful blew up" +#define DEFAULT_PROGNAME "george" + +extern int errno; +extern char *optarg; +extern int opterr, optind; + +typedef struct { +int verbose; +uint32_t flags; +FILE *input; +FILE *output; +} options_t; + +int dumb_global_variable = -11; + +void usage(char *progname, int opt); +int do_the_needful(options_t *options); + +int main(int argc, char *argv[]) { +int opt; +options_t options = { 0, 0x0, stdin, stdout }; + +opterr = 0; + +while ((opt = getopt(argc, argv, OPTSTR)) != EOF) +switch(opt) { +case 'i': +if (!(options.input = [fopen][6](optarg, "r")) ){ +[perror][7](ERR_FOPEN_INPUT); +[exit][8](EXIT_FAILURE); +/* NOTREACHED */ +} +break; + +case 'o': +if (!(options.output = [fopen][6](optarg, "w")) ){ +[perror][7](ERR_FOPEN_OUTPUT); +[exit][8](EXIT_FAILURE); +/* NOTREACHED */ +} +break; + +case 'f': +options.flags = (uint32_t )[strtoul][9](optarg, NULL, 16); +break; + +case 'v': +options.verbose += 1; +break; + +case 'h': +default: +usage(basename(argv[0]), opt); +/* NOTREACHED */ +break; +} + +if (do_the_needful(&options) != EXIT_SUCCESS) { +[perror][7](ERR_DO_THE_NEEDFUL); +[exit][8](EXIT_FAILURE); +/* NOTREACHED */ +} + +return EXIT_SUCCESS; +} + +void usage(char *progname, int opt) { +[fprintf][10](stderr, USAGE_FMT, progname?progname:DEFAULT_PROGNAME); +[exit][8](EXIT_FAILURE); +/* NOTREACHED */ +} + +int do_the_needful(options_t *options) { + +if (!options) { +errno = EINVAL; +return EXIT_FAILURE; +} + +if (!options->input || !options->output) { +errno = ENOENT; +return EXIT_FAILURE; +} + +/* XXX do needful stuff */ + +return EXIT_SUCCESS; +} +``` + +现在,你已经准备好编写更易于维护的 C 语言。如果你有任何问题或反馈,请在评论中分享。 + +-------------------------------------------------------------------------------- + +via: https://opensource.com/article/19/5/how-write-good-c-main-function + +作者:[Erik O'Shaughnessy][a] +选题:[lujun9972][b] +译者:[MjSeven](https://github.com/MjSeven) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]: https://opensource.com/users/jnyjny +[b]: https://github.com/lujun9972 +[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/code_hand_draw.png?itok=dpAf--Db (Hand drawing out the word "code") +[2]: https://www.owasp.org/index.php/Null_Dereference +[3]: https://opensource.com/sites/default/files/uploads/hatingotherpeoplescode-big.png (Parody O'Reilly book cover, "Hating Other People's Code") +[4]: https://en.wikipedia.org/wiki/C_preprocessor +[5]: https://linux.die.net/man/3/getopt +[6]: http://www.opengroup.org/onlinepubs/009695399/functions/fopen.html +[7]: http://www.opengroup.org/onlinepubs/009695399/functions/perror.html +[8]: http://www.opengroup.org/onlinepubs/009695399/functions/exit.html +[9]: http://www.opengroup.org/onlinepubs/009695399/functions/strtoul.html +[10]: http://www.opengroup.org/onlinepubs/009695399/functions/fprintf.html